Hi, I am fairly new to Tor and have been running a relay for a couple of weeks. I have configured a RelayBandwithRate of only 100 KB and so only see a few active connections at any one time. Recently I have been noticing, in netstat output, a high level of established but idle TCP connections to other tor-hosts. (Out of 96 ESTABLISHED connections there are 90 with Recv-Q & Send-Q of 0.) Is this part of the rolling connection set of this host or something else? Eg: #netstat -e Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode ... tcp 0 0 my.ip:55528 digi00299.digicube:9001 ESTABLISHED tor 449100 tcp 0 0 my.ip:56308 tor01.spacedump.ne:9001 ESTABLISHED tor 440912 tcp 0 0 my.ip:57934 torsrvo.snydernet:https ESTABLISHED tor 443309 tcp 0 0 my.ip:9001 tor18.anonymizer.:57588 TIME_WAIT root 0 tcp 0 0 my.ip:46943 tor.parad0x.org:https ESTABLISHED tor 449313 tcp 0 0 my.ip:9001 vodka.projekt16.b:51520 ESTABLISHED tor 449337 tcp 0 0 my.ip:9001 gamma.rueckgr.at:39215 ESTABLISHED tor 449218 tcp 0 0 my.ip:44622 dannenberg.ccc.de:https ESTABLISHED tor 431598 tcp 0 0 my.ip:39656 torsrvn.snydernet:https ESTABLISHED tor 446435 tcp 0 0 my.ip:9001 76.72.169.90:40606 TIME_WAIT root 0 tcp 0 93 my.ip:9001 torproxy10.teamcy:58154 ESTABLISHED tor 449452 tcp 0 0 my.ip:60081 v-603-kalfa-23-10:https ESTABLISHED tor 448047 tcp 0 1846 my.ip:35776 tor5.anonymizer.c:https ESTABLISHED tor 440943 . Cheers, Gus
On Thu, 13 Dec 2012 16:22:09 +0000, Angus Gardner wrote: ...
Recently I have been noticing, in netstat output, a high level of established but idle TCP connections to other tor-hosts.
(Out of 96 ESTABLISHED connections there are 90 with Recv-Q & Send-Q of 0.)
That pretty normal. Recv-Q get drained as fast as the tor process can read it (I don't see any nonzero on my relay), and Send-Q only takes the time of the TCP ACK from the other side to go back to zero, so with casual surfing over the circuits you don't see many nonzero Q values - only a dozen of the hundreds of connections on my relay. Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800
Hi Gus. If you're trying to make sense of tor's netstat output then you might find arm to be useful. Its connection panel was made for that... http://www.atagar.com/arm/ http://www.atagar.com/arm/images/screenshot_page2_full.png
Hi, Just thought I would follow up on this. Arm is a neat tool which allows 'top'-like output on a tor relay, current bandwith, cpu utilization, connections to other relays etc. This dose require the control-port to be enabled in your torrc file. eg: ## The port on which Tor will listen for local connections from Tor ## controller applications, as documented in control-spec.txt. ControlPort 9051 And one of: ## If you enable the controlport, be sure to enable one of these ## authentication methods, to prevent attackers from accessing it. #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C or #CookieAuthentication 1 Tor will now listen on port 9051 for control information, this includes instructions to shut down (and stuff which may hurt your install) or even list connections (which may hurt the anonymity of the Tor network.) I also have had success in using the following: ControlListenAddress 127.0.0.1:9051 Which binds the control port to 127.0.0.1 (localhost) and is thus not visible to the outside world. (Including the people on the internet port scan you just for running a Tor node.) Once that is set up running arm is a piece of cake. Hope this helps someone. Cheers, Gus -----Original Message----- From: tor-dev-bounces@lists.torproject.org [mailto:tor-dev-bounces@lists.torproject.org] On Behalf Of Damian Johnson Sent: Friday, December 14, 2012 2:59 AM To: tor-dev@lists.torproject.org Subject: Re: [tor-dev] Idle connections in netstat Hi Gus. If you're trying to make sense of tor's netstat output then you might find arm to be useful. Its connection panel was made for that... http://www.atagar.com/arm/ http://www.atagar.com/arm/images/screenshot_page2_full.png _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
I also have had success in using the following: ControlListenAddress 127.0.0.1:9051 Which binds the control port to 127.0.0.1 (localhost) and is thus not visible to the outside world. (Including the people on the internet port scan you just for running a Tor node.)
Or set 'ControlPort 9051' - binding to localhost is the default. This is all discussed in the README... https://gitweb.torproject.org/arm.git/blob/HEAD:/README Patches welcome if you have improvements for it. -Damian
participants (3)
-
Andreas Krey -
Angus Gardner -
Damian Johnson