[tor-relays] Sustained large spike in outbound traffic - what might be going on?

Julien ROBIN julien.robin28 at free.fr
Tue Dec 29 11:44:06 UTC 2015


Hi,

In fact, this is strange because Upload means that the server is receiving something to send, idem for Downloads : upload and download should be the same if the Tor Process is used as server only (relay or exit).

For a Tor process, the only normal way to do this, is to be using the socks port (client side) of the Tor Process ! At least, it's the only normal way I know.

Good luck for your investigations
Julien ROBIN

----- Mail original -----
De: "Tim Wilson-Brown - teor" <teor2345 at gmail.com>
À: tor-relays at lists.torproject.org
Envoyé: Mardi 29 Décembre 2015 01:48:02
Objet: Re: [tor-relays] Sustained large spike in outbound traffic - what	might be going on?







On 23 Dec 2015, at 19:32, David Tomic < david at tomic.com.au > wrote: 


Hello everyone, 


I noticed something a little bit "odd" on one of my exit relays recently, and I just wanted to ask whether anybody might be able to account for what was actually happening, and whether it's likely to warrant any further investigation? 


TLDR; I noticed a fairly significant spike - in excess of 30MB/s (yes, megabytes) - of outbound traffic compared to inbound. 



http://s2.postimg.org/cvfzqvrsp/graph.png 


It persisted steadily for just over an hour, until I noticed what was going on and restarted Tor (not the whole server, only Tor), at which point my traffic appeared to return to normal again. 


I have this relay running a a dedicated machine, with multiple physical NICs, and the ONLY thing which should be touching this NIC is my Tor traffic. 


Thoughts? 

Exit relays can end up with large traffic disparities for two reasons: 
* small internet server requests can yield large internet server responses, or vice versa 
* Tor cells are 512 bytes, if a small request or small response is embedded in a cell, the overhead can be quite large 


This could happen because someone is uploading or downloading a large file. 
But 30MB/s would probably require more than one client at the same time. 


Tim 





















Tim Wilson-Brown (teor) 


teor2345 at gmail dot com 
PGP 968F094B 

teor at blah dot im 
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F 

_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


More information about the tor-relays mailing list