oh, I don't understand this<br><br><br>what you mean is, for example, when browsing webpages<br><br>browser application                sock                        Tor                            Ethernet interface<br>        <br>
         send   packet ---------->    forward -------------> encrypt and   -----------------> send to the entry node<br>                                                                         make tor cells<br><br>
<br>         receive packet<---------   forward<-------------- decrypt tor cells <---------------  receive from the entry node<br><br>                                                                                                  tcpdump -i eth0(this is my capturing)<br>
<br> but you mean I can capture between the browser application and the sock£¿<br><br><br><br>so I used tcpdump on the ethernet interface<br>the packets are  encrypted<br>you mean I can capture the packets before <br><br><div class="gmail_quote">
2012/10/31 Damian Johnson <span dir="ltr"><<a href="mailto:atagar@torproject.org" target="_blank">atagar@torproject.org</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">> OK, thank you very much!<br>
> besides,  is it possible to get the cypher key for decoding the tcpdump<br>
> captured packets on the TOR client??<br>
<br>
</div>I don't follow, do you mean the traffic between tor and the first hop?<br>
Why not just intercept the communication with the socks port?<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
tor-dev mailing list<br>
<a href="mailto:tor-dev@lists.torproject.org">tor-dev@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a><br>
</div></div></blockquote></div><br>