[tor-dev] Understanding Tor and SOCKS

Владимир Мартьянов vilgeforce at gmail.com
Sun Oct 26 08:59:31 UTC 2014

Hm... Did you try Wireshark on it?

2014-10-26 11:46 GMT+03:00 spriver <spriver at autistici.org>:

> Hi everyone!
> I am trying to understand the communication between an application and Tor
> (especially connecting to a hidden service). I am tracing packets on
> loopback between a torified netcat request to connect to a .onion address.
> When the connection gets granted I am getting a response from the socks
> server:
> (hex data of the tcp payload)
> 0x05 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00
> Regarding to the SOCKS specification this means that the request is
> granted. But I don't understand the 0x01 in byte no 4. It means IPv4
> address in the SOCKS specification, but the following part of the
> destination address and port (the following 0x00's) are empty. So what does
> that 0x01 mean?
> Can someone explain me that?
> Thank you!
> Cheers,
> spriver
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20141026/51d7b550/attachment-0001.html>

More information about the tor-dev mailing list