[tor-talk] Analyzing the traffic between nodes in my private tor network

Roger Dingledine arma at mit.edu
Tue Aug 21 20:50:59 UTC 2012


On Tue, Aug 21, 2012 at 09:09:32PM +0300, juhapki at wippies.fi wrote:
> I succeeded to build a private tor network including some hidden
>services in it and every tor-machine (ubuntu) is behind a different
>router (multiple networks) I have tried to build my tor network as real
>as possible in our lab environment. Now I am monitoring the network
>traffic between the nodes and I have realized that all the traffic is
>just TCP (PSH, SYN, ACK etc.). No sing of client hellos, key exchanges,
>encrypted handshakes. When I compared traffic between real and private
>tor networks using Wireshark, there was no TLS-, SSL-traffic in the
>private one while the debug log file says that there was a bunch of
>"tor_tls_handshakes". Is it just because nodes in the private tor network
>have configured differently (TestingTorNetwork, OrPorts and DirPorts
>port numbers, own auth dirs, etc..), old version of OpenSSL or something
>else? Any good explanation why the traffic it's just TCP?

TCP is the transport, and TLS is the application-level data that goes
over TCP.

So your question doesn't make any sense.

Perhaps the monitoring tools you're using are different, or are configured
differently?

--Roger



More information about the tor-talk mailing list