On Wed, 17 Aug 2022, lists@for-privacy.net wrote:
On Dienstag, 16. August 2022 16:36:52 CEST Tom Yates wrote:
i've been grumbled at in a way that makes me want to validate my exit policy before dismissing the grumble.
I don't know exactly what you want to test there. You can see what you have open on tor metrics.
That pretty much sums up the problem. I know what my config says I'm doing; I want independent confirmation that the daemon is behaving as advertised.
Spoiler alert: unsurprisingly, it is.
Should anyone else want to do this, the right way (it seems) is to run an instance of tor on a random test box, point that at the exit node to be tested, and use a socks-aware client (on random test box) to generate test traffic via the SOCKS interface on tor whilst using tcpdump (on the exit node) to verify whether packets flow.
On random test client, let's call it "client", force the selection of your exit node in your local torrc, in this case by IP address:
ExitNodes 178.17.171.102
and start tor. On the exit node, let's call it "angband", start tcpdump, looking for traffic to a random test server (let's call it "testserv.example.com"):
angband% sudo tcpdump host testserv.example.com
Then generate test traffic. This is test traffic that ought to be allowed to exit my exit node:
client% nc --proxy 127.0.0.1:9050 --proxy-type socks5 testserv.example.com 80
and here's the tcpdump traffic:
08:28:47.111528 IP angband.teaparty.net.45438 > testserv.example.com.http: Flags [S], seq 1395500093, win 42340, options [mss 1460,sackOK,TS val 3055761411 ecr 0,nop,wscale 12], length 0 08:28:47.173259 IP testserv.example.com.http > angband.teaparty.net.45438: Flags [S.], seq 879943484, ack 1395500094, win 28960, options [mss 1460,sackOK,TS val 4141468305 ecr 3055761411,nop,wscale 7], length 0 08:28:47.173293 IP angband.teaparty.net.45438 > testserv.example.com.http: Flags [.], ack 1, win 11, options [nop,nop,TS val 3055761473 ecr 4141468305], length 0 [...]
Here's test traffic that ought NOT to be allowed to exit my exit node:
client% nc --proxy 127.0.0.1:9050 --proxy-type socks5 testserv.example.com 25
and tcpdump confirms nothing leaves.
Many thanks to those who helped off-list (you know who you are); I'm grateful to everyone that responded.