[tor-dev] Understanding Tor and SOCKS

spriver spriver at autistici.org
Sun Oct 26 08:46:42 UTC 2014

Hi everyone!

I am trying to understand the communication between an application and 
Tor (especially connecting to a hidden service). I am tracing packets on 
loopback between a torified netcat request to connect to a .onion 
address. When the connection gets granted I am getting a response from 
the socks server:
(hex data of the tcp payload)

0x05 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00

Regarding to the SOCKS specification this means that the request is 
granted. But I don't understand the 0x01 in byte no 4. It means IPv4 
address in the SOCKS specification, but the following part of the 
destination address and port (the following 0x00's) are empty. So what 
does that 0x01 mean?

Can someone explain me that?

Thank you!


More information about the tor-dev mailing list