Hi Folks,
I am trying to figure out how the packet flows over a Tor network.. There is a mix of information.. Some claim that the ISP is not aware of the payload as the complete data is encrypted whereas some say that your ISP is not used at all when using Tor network. AFAIK my packets go to the outer web via my ISP and there is no way to by pass that. I might be wrong. Can someone give me a detailed packet flow?
Thanks, Torzilla11
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I am trying to figure out how the packet flows over a Tor network.. There is a mix of information.. Some claim that the ISP is not aware of the payload as the complete data is encrypted whereas some say that your ISP is not used at all when using Tor network. AFAIK my packets go to the outer web via my ISP and there is no way to by pass that. I might be wrong. Can someone give me a detailed packet flow?
I'll take a stab at this and someone else can correct my possibly wrong and definitely simplified explaination.
We are going to use a packet is an envelope/postcard metaphor. So imagine that you are trying to communicate with Google. Your computer usually just takes that message throws it into an envelope and sends it to Google, with your ISP representing the post office. Because the data is unencrypted, this envelope is actually more like a postcard.
Using Tor things are a little bit different. You have a list of your 1,000 closest friends (exit nodes). You randomly select three of them (lets call them Alice, Bob, and Charles). You take your message that you are sending to Google and put it on a postcard. Then you take that postcard and put it in an envelope and address this outer envelope to Charles. You then seal it with a glue that only Charles can lick to open (encryption). You take that envelope destined for Charles and you repeat the previous process, except this time you address it to Bob (again with the special glue). You do this one more time using an envelope destined for Alice.
You then give that envelope to the mailman (your ISP). Because the list of Tor nodes is public and the protocol is well known, you ISP knows that you are using Tor and knows that Alice is the first person you are talking to. Alice can only open her envelope and see a message to Bob, so she knows you are using Tor and that she is to expect a reply via Bob at some point. Bob, when he opens his envelope, knows only that someone somewhere is using Tor and that they sent their message to Alice and that he has to send it to Charles. Charles knows that someone somewhere is using Tor and they want to send a postcard to Google. Google knows someone is using Tor and wanted to talk to them.
To get Google's reply back to you the process is repeated but in reverse.
Did that help at all?
Thank you, Derric Atzrott
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Actually this diagram is a pretty good visualisation as well:
https://www.eff.org/pages/tor-and-https
Thank you, Derric Atzrott
Thanks Derric,
Thats a ton of information which is very much simplified.. Specially the graphics ;)
I have a clear understanding now.. So what i figured is as far as my ISP goes, he only knows that i am using Tor, period.
Rest all is good to go.. All thanks to encryption. Then i assume this makes it a better option than VPN. Am i right?
Thanks a lot, Torzilla
From: datzrott@alizeepathology.com To: tor-relays@lists.torproject.org Date: Thu, 9 Oct 2014 15:53:42 -0400 Subject: Re: [tor-relays] Need Routing Info on Relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Actually this diagram is a pretty good visualisation as well:
https://www.eff.org/pages/tor-and-https
Thank you, Derric Atzrott -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32)
iD8DBQFUNufCRHoDdZBwKDgRApeLAJsEKbOzeXsrxBLUKCqsbkDC5Q/mRACgn2Ib nts9H+bBnHzilEse+zoCKWQ= =7Fmi -----END PGP SIGNATURE-----
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Also a quick question jumped in.. Say i have a Raspberry PI which is converted to a TOR router and i connect my machine to this router. Will this make the entire traffic go via TOR including something as simple as a ping request. Say i ping a machine on the web, will it stay anonymous or i will have to use proxychains, for what i know both of them are doing the same thing apart from encryption in TOR as an added feature.
Thanks in advance, Torzilla11
From: torzilla11@hotmail.com To: tor-relays@lists.torproject.org Date: Thu, 9 Oct 2014 20:00:40 +0000 Subject: Re: [tor-relays] Need Routing Info on Relays
Thanks Derric,
Thats a ton of information which is very much simplified.. Specially the graphics ;)
I have a clear understanding now.. So what i figured is as far as my ISP goes, he only knows that i am using Tor, period.
Rest all is good to go.. All thanks to encryption. Then i assume this makes it a better option than VPN. Am i right?
Thanks a lot, Torzilla
From: datzrott@alizeepathology.com To: tor-relays@lists.torproject.org Date: Thu, 9 Oct 2014 15:53:42 -0400 Subject: Re: [tor-relays] Need Routing Info on Relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Actually this diagram is a pretty good visualisation as well:
https://www.eff.org/pages/tor-and-https
Thank you, Derric Atzrott -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32)
iD8DBQFUNufCRHoDdZBwKDgRApeLAJsEKbOzeXsrxBLUKCqsbkDC5Q/mRACgn2Ib nts9H+bBnHzilEse+zoCKWQ= =7Fmi -----END PGP SIGNATURE-----
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Thats a ton of information which is very much simplified.. Specially the graphics ;)
Anytime.
I have a clear understanding now.. So what i figured is as far as my ISP goes, he only knows that i am using Tor, period.
Anyone who can monitor both ends of the connection can tell who is doing what by looking at who sends data into Tor and when similarly sized data leaves Tor. There are other attacks as well. Generally speaking though, I think its safe to assume that your ISP will only be able to see that you are using Tor.
Rest all is good to go.. All thanks to encryption. Then i assume this makes it a better option than VPN. Am i right?
Generally speaking Tor does a better job anonymising you than a VPN does. To use the previous metaphor, in a VPN you take your message to Google and you put it in an envelope to Alice. Alice then sends it to Google for you. Alice knows who you are and who you are talking to. Google just knows you send things via Alice. Your ISP knows that you use Alice as well. Alice is the weak point here as if she caves or is untrustworthy, you have no protection.
Using a VPN just shifts who can watch you from your ISP to your VPN provider. This is a good thing if you trust your VPN provider more than your ISP, but someone still knows who you are and what you are doing.
Also a quick question jumped in.. Say i have a Raspberry PI which is converted to a TOR router and i connect my machine to this router. Will this make the entire traffic go via TOR including something as simple as a ping request.
No. There is some additional configuration that needs done. If you'd like all of your traffic to go through Tor, I'd recommend using Tails. https://tails.boum.org/
Say i ping a machine on the web, will it stay anonymous or i will have to use proxychains, for what i know both of them are doing the same thing apart from encryption in TOR as an added feature.
I'm not very familiar with proxychains, so I can't answer that.
Also this seems like a conversation best brought to the Tor-talk mailing list rather than the Tor-relay list. At least the general Tor questions part of it.
Thank you, Derric Atzrott
Thanks again for taking time to answer all the questions..
This helped me a lot.
I am adding Tor-talk mailing list
to my address book...
Cheers, Torzilla11
From: datzrott@alizeepathology.com To: tor-relays@lists.torproject.org Date: Thu, 9 Oct 2014 16:16:45 -0400 Subject: Re: [tor-relays] Need Routing Info on Relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Thats a ton of information which is very much simplified.. Specially the graphics ;)
Anytime.
I have a clear understanding now.. So what i figured is as far as my ISP goes, he only knows that i am using Tor, period.
Anyone who can monitor both ends of the connection can tell who is doing what by looking at who sends data into Tor and when similarly sized data leaves Tor. There are other attacks as well. Generally speaking though, I think its safe to assume that your ISP will only be able to see that you are using Tor.
Rest all is good to go.. All thanks to encryption. Then i assume this makes it a better option than VPN. Am i right?
Generally speaking Tor does a better job anonymising you than a VPN does. To use the previous metaphor, in a VPN you take your message to Google and you put it in an envelope to Alice. Alice then sends it to Google for you. Alice knows who you are and who you are talking to. Google just knows you send things via Alice. Your ISP knows that you use Alice as well. Alice is the weak point here as if she caves or is untrustworthy, you have no protection.
Using a VPN just shifts who can watch you from your ISP to your VPN provider. This is a good thing if you trust your VPN provider more than your ISP, but someone still knows who you are and what you are doing.
Also a quick question jumped in.. Say i have a Raspberry PI which is converted to a TOR router and i connect my machine to this router. Will this make the entire traffic go via TOR including something as simple as a ping request.
No. There is some additional configuration that needs done. If you'd like all of your traffic to go through Tor, I'd recommend using Tails. https://tails.boum.org/
Say i ping a machine on the web, will it stay anonymous or i will have to use proxychains, for what i know both of them are doing the same thing apart from encryption in TOR as an added feature.
I'm not very familiar with proxychains, so I can't answer that.
Also this seems like a conversation best brought to the Tor-talk mailing list rather than the Tor-relay list. At least the general Tor questions part of it.
Thank you, Derric Atzrott -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32)
iD8DBQFUNu0hRHoDdZBwKDgRAswtAJ9CGp9pg+aPX+qncR+AMXRBXoB0AQCeMgvY mzykQQQFQl1q5Dk3vrO5KPg= =XwMk -----END PGP SIGNATURE-----
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
Am 2014-10-09 um 22:11 schrieb Tor Zilla:
Also a quick question jumped in.. Say i have a Raspberry PI which is converted to a TOR router and i connect my machine to this router. Will this make the entire traffic go via TOR including something as simple as a ping request. Say i ping a machine on the web, will it stay anonymous or i will have to use proxychains, for what i know both of them are doing the same thing apart from encryption in TOR as an added feature.
you may want to read the following [1] about TOR as a transparent proxy.
Also Adrelanos from whonix wrote earlier on the list the following on topic of tunneling all traffic through tor:
There is tons of stuff that can go wrong: - not using Tor Browser - Tor over Tor - identity correlation through circuit sharing - malconfigured firewall - IPv6 leak - network time synchronization
You may want to check out their page [2] too, they are developing a system with security in mind but ready for almost daily business work, all routed over TOR.
Cheers,
Chris
[1] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy [2] https://www.whonix.org/wiki/Main_Page
Thanks Chris,
I will check the links.. :)
Looks like TOR is still going through a development phase which is a good thing
Thanks, Torzilla11
Date: Thu, 9 Oct 2014 22:58:06 +0200 From: christian@ph3x.at To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Need Routing Info on Relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
Am 2014-10-09 um 22:11 schrieb Tor Zilla:
Also a quick question jumped in.. Say i have a Raspberry PI which is converted to a TOR router and i connect my machine to this router. Will this make the entire traffic go via TOR including something as simple as a ping request. Say i ping a machine on the web, will it stay anonymous or i will have to use proxychains, for what i know both of them are doing the same thing apart from encryption in TOR as an added feature.
you may want to read the following [1] about TOR as a transparent proxy.
Also Adrelanos from whonix wrote earlier on the list the following on topic of tunneling all traffic through tor:
There is tons of stuff that can go wrong: - not using Tor Browser - Tor over Tor - identity correlation through circuit sharing - malconfigured firewall - IPv6 leak - network time synchronization
You may want to check out their page [2] too, they are developing a system with security in mind but ready for almost daily business work, all routed over TOR.
Cheers,
Chris
[1] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy [2] https://www.whonix.org/wiki/Main_Page -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJUNvbOAAoJECgP5Pn8Zk3/QT4P/ji80FOTIXtlEMLDoQNno5qg siSwH8A/WqR4SNQK04VN+pkR+V2UlD8DGMPFsVl1SwBOpM8DwOZbiKMtHw1W37XP kv0/Bw0HSyT1s4IROWC02W5YPPjkVB3JyFfHvJLDCCGADvavbRPMp1j5CT0XYsHr rVSIo/p8/DI+g4cGLXQgajtgQLDR7mVcHQ9jCL+vw6zGjQbCTwZCwlGxa05fhr/X 5cgiqFxYL67fMsXclEBIh9WBmqB68SDsBI7UdAGenCBFLPpiGtFDJYGChpnvqrfH EjZYOrUD2ztUU6Bb9t6KZoT6Kq35cnEZIGXRNC60oWMeTm/auByEd/RlYtwPJjEl 9ol+iSWrYtK0B4dD+cHPGfCQeeK8RZvsiR/7YObRukFDwXIHKu/YVNiRfZ8VUNpE oVv8tvPshYfBh85XfLhbzNOS96j1BJ/LUo4Wa59TDdgcIeWfDGhDGzSYCX6GZbph dGgxFRC6RqZC52dHWsSB7y02JEWi1nhNSZ1ARshcbRY/7Iz5yKhmDlHMkbMnlh4w zjVp14XS8NOcAChddcAZEzabouuvI+izgD0c/FvEX2GJHV1K0dVP4p6plRmfHd6u r8G8MPROm22wEpwGbgwINdXH3OAQf3MeZg1jFBiaFuUkvZaOkFniAO1Cpfj6RcQB NMjSV/Z5zXH8emzad4bQ =UnT9 -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Derric Atzrott -
Krbusek Christian -
Tor Zilla