How to check if Tor is working and debug the problem on CLI?

Question

Tor service is not working

I have installed Tor on a command-line only environment (without the browser), so I can't type in check.torproject.org with a browser. Tor is used by a script to request data from clearnet.

I am using a RHEL-compatible Linux OS, and have Nyx (formerly ARM) installed. Tor is set in client-only mode, and Nyx does not show any issues whatsoever. The tor service is used by Privoxy proxy forwarding in order to relay data to my script. It's been working perfectly for months now, but a problem has just occurred in the setup which is preventing my script to access Tor.

Checking for issues from command line

Please guide me on how to check the Tor status from the command line, and where to look for errors to get my connection working again.

I used to use torify/torsocks to see if tor is working, but sadly it appears to be glitchy and torify curl http://.... doesn't seem work anymore. I know that The tor process is listening, but I have no way to see if it's working and troubleshoot the problem.

Additionally, is there a way I determine if Tor is blocked by my ISP and whether if I need to use bridges? How can I set up bridges on torrc using command-line?

UPDATE: I noticed my server's time had gone out of sync. If you have a similar problem, make sure your machine's time is correct. Here's what I did.

Answer 1

You can use curl to check https://check.torproject.org/api/ip over tor:

curl -x socks5h://localhost:9050 -s https://check.torproject.org/api/ip

Note the h in socks5h. This will ensure dns resolution is done over tor too.

If everything goes well, the output will be something like:

{"IsTor":true,"IP":"185.220.101.169"}

If IsTor is false, or there is an error or no output, tor is probably not working. However, check.torproject.org is prone to false negatives (see comments), so you might want to retry the command a few times to be sure.

This is the script I use, which runs the check a second time if the first fails and returns true if either succeeds. It's pretty unlikely to get two false positives in a row, but if it becomes a problem, increase ATTEMPTS. The script requires jq, the json parser.

#!/bin/bash
# check_tor
LOCAL_PROXY='localhost:9050'
CHECK_URL='https://check.torproject.org/api/ip'
ATTEMPTS=2
false; for i in {1..$ATTEMPTS}; do
    if [ ${?} -ne 0 ]; then
        test "$(curl -x socks5h://${LOCAL_PROXY} -s ${CHECK_URL} | jq '.IsTor')" == 'true'
    fi
done

Answer 2

Actually, using cURL and so-forth has a partial effect: you can tell that Tor is working only in a manner of true/false. To troubleshoot the problem automatically, you should use a pipe analyzer for its logs, and then - for example - you'll be able to fix the issue with time automatically (i.e. enforce the launch of ntpdate)