[tor-relays] how to monitor traffick through a bridge

starlight.2015q1 at binnacle.cx starlight.2015q1 at binnacle.cx
Tue Jan 6 06:05:16 UTC 2015 

>Thank you very much for all the precious advice.
>I am running tor on linux.

I second the suggestion of applying 'iptables'
to collecting traffic statistics.  Lot of ways
to go about it but here's something similar
to the approach I'm using.  By having separate
entries for established and new connections
on the input side, one can see both how much
traffic is arriving and how many connection
requests are arriving.  Of if your node is
attacked, the second new-connection catcher
will show huge volumes of DOS traffic.

Also note the separate counters for ssh
and OR port traffic, so you can distinguish
maintenance and utilization activity.

Feel free to change all the port assignments
as suits you, even the ssh one.  The example
uses defaults for illustration.  Is recommended
that the OR port be assigned randomly in
order to make discovery via 'zmap' more
difficult.

22   ssh
9001 OR
443  obfs3
80   fte
587  scramblesuit
993  obfs4

The 'iptables' file loses the .txt extension
and CR characters (addded for easier MUA clicking)
and generally goes in /etc/sysconfig/iptables.

Also attaching an example statistics
display command and output, and a batch
job for collecting the information automatically
every day.
-------------- next part --------------
iptables -nvxL | sed -e 's|10\.10\.10||' -e 's|0\.0\.0\.0/0|xx|g' | cut -c-79
-------------- next part --------------
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out source destination         
   11923 41873175 ACCEPT all  --  lo * xx  xx       
    1455   127316 ACCEPT tcp  --  *  * xx  .101 tcp dpt:22 state RELATED,ESTABLISHED 
   52007 71120944 ACCEPT tcp  --  *  * xx  .101 tcp dpt:9001 state RELATED,ESTABLISHED 
      44     8243 ACCEPT tcp  --  *  * xx  .101 tcp dpt:443 state RELATED,ESTABLISHED 
      52     4998 ACCEPT tcp  --  *  * xx  .101 tcp dpt:80 state RELATED,ESTABLISHED 
   20437  4469613 ACCEPT tcp  --  *  * xx  .101 tcp dpt:587 state RELATED,ESTABLISHED 
      27     7338 ACCEPT tcp  --  *  * xx  .101 tcp dpt:993 state RELATED,ESTABLISHED 
       0        0 ACCEPT tcp  --  *  * xx  xx       state RELATED,ESTABLISHED 
       6      360 ACCEPT tcp  --  *  * xx  .101 tcp dpt:22
      52     3120 ACCEPT tcp  --  *  * xx  .101 tcp dpt:9001
       8      360 ACCEPT tcp  --  *  * xx  .101 tcp dpt:443
      11      552 ACCEPT tcp  --  *  * xx  .101 tcp dpt:80
      10      472 ACCEPT tcp  --  *  * xx  .101 tcp dpt:587
       5      220 ACCEPT tcp  --  *  * xx  .101 tcp dpt:993
    3645   216159 DROP   all  --  *  * xx  xx           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out source destination         
       0        0 DROP   all  --  *      * xx xx           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in out source destination         
   11923 41873175 ACCEPT all  --  * lo xx   xx  
    1163   557466 ACCEPT tcp  --  * *  .101 xx  tcp spt:22
   26578  5589928 ACCEPT tcp  --  * *  .101 xx  tcp spt:9001 
      45    11438 ACCEPT tcp  --  * *  .101 xx  tcp spt:443  
      53     2348 ACCEPT tcp  --  * *  .101 xx  tcp spt:80   
   36907 45926909 ACCEPT tcp  --  * *  .101 xx  tcp spt:587  
      24     1020 ACCEPT tcp  --  * *  .101 xx  tcp spt:993  
       0        0 ACCEPT tcp  --  * *  xx   xx
Zeroing chain `INPUT'
Zeroing chain `FORWARD'
Zeroing chain `OUTPUT'
-------------- next part --------------
59 23 * * * /root/daily_stats
-------------- next part --------------
#!/bin/dash

FILE=/home/tor/stats/$(date '+%Y%m%d')

nc 127.0.0.1 9151 <<EOF | dos2unix >>${FILE:?}
AUTHENTICATE "xxx"
getinfo dir/server/authority
getinfo status/clients-seen
EOF

/sbin/iptables -nvx -L -Z >>${FILE:?}
-------------- next part --------------
*filter

:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]

-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport    22 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport  9001 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport   443 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport    80 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport   587 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport   993 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT                                      -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport    22 -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport  9001 -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport   443 -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport    80 -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport   587 -j ACCEPT
-A INPUT -p tcp -d 10.10.10.101 --dport   993 -j ACCEPT
-A INPUT -j DROP

-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -s 10.10.10.101 --sport    22 -j ACCEPT
-A OUTPUT -p tcp -s 10.10.10.101 --sport  9001 -j ACCEPT
-A OUTPUT -p tcp -s 10.10.10.101 --sport   443 -j ACCEPT
-A OUTPUT -p tcp -s 10.10.10.101 --sport    80 -j ACCEPT
-A OUTPUT -p tcp -s 10.10.10.101 --sport   587 -j ACCEPT
-A OUTPUT -p tcp -s 10.10.10.101 --sport   993 -j ACCEPT
-A OUTPUT -j ACCEPT

-A FORWARD -j DROP

COMMIT

More information about the tor-relays mailing list