[tor-dev] Understanding Tor and SOCKS

Rob van der Hoeven robvanderhoeven at ziggo.nl
Sun Oct 26 13:34:59 UTC 2014

> address. When the connection gets granted I am getting a response from 
> the socks server:
> (hex data of the tcp payload)
> 0x05 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00
> Regarding to the SOCKS specification this means that the request is 
> granted. But I don't understand the 0x01 in byte no 4. It means IPv4 
> address in the SOCKS specification, but the following part of the 
> destination address and port (the following 0x00's) are empty. So what 
> does that 0x01 mean?
> Can someone explain me that?


What you see is the reply to a CONNECT command.

From: https://www.ietf.org/rfc/rfc1928.txt



In the reply to a CONNECT, BND.PORT contains the port number that the
server assigned to connect to the target host, while BND.ADDR contains
the associated IP address.  The supplied BND.ADDR is often different
from the IP address that the client uses to reach the SOCKS server,
since such servers are often multi-homed.  It is expected that the
SOCKS server will use DST.ADDR and DST.PORT, and the client-side source
address and port in evaluating the CONNECT request.


So, the SOCKS protocol supports redirection to another SOCKS server. An
all-zero address/port simply means: use the server/port that you are
currently connected to.


More information about the tor-dev mailing list