3

A TCP/IP packet mainly has two parts. The header and data (mostly encrypted).

When using Tor, and a packet leaves my Tor browser, where is my initial header information stored?

If the destination address given to my next node is its predecessors address, how does the node after know where to transmit the packet afterwards? And how would the Exit relay know to which IP it is to finally route the traffic to?

Could you please recommend a tutorial or a simple explanation online from which I can gain a proper insight about how TCP/IP packet propagation really works in Tor.

Jens Kubieziel
  • 8,630
  • 5
  • 35
  • 116
Denis
  • 330
  • 1
  • 5
  • 19

3 Answers3

1

Well,it`s complicated,I guess these two links can help :https://www.torproject.org/about/overview.html.en and https://en.wikipedia.org/wiki/HTTP_Secure

Note this :"Everything in the HTTPS message is encrypted, including the headers, and the request/response load. With the exception of the possible CCA cryptographic attack described in the limitations section below, the attacker can only know the fact that a connection is taking place between the two parties, already known to him, the domain name and IP addresses."So you see HTTP headers are encrypted too.

And this:"Since protocols can operate either with or without TLS (or SSL), it is necessary for the client to indicate to the server the setup of a TLS connection. There are two main ways of achieving this. One option is to use a different port number for TLS connections (for example, port 443 for HTTPS). The other is for the client to request that the server switches the connection to TLS using a protocol-specific mechanism (for example, STARTTLS for mail and news protocols).Once the client and server have agreed to use TLS, they negotiate a stateful connection by using a handshaking procedure."Look,that means servers(and tor nodes) do not need to know what contain in your HTTP headers,they just know your browser are trying to connect with them.

This:"Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it's going."If the requested website do not support HTTPS,then your data will be decrypted at Tor exit nodes,and these exit nodes will know all of you,include which IP address(or domain name) it is to finally route the traffic to ;otherwise I guess only the special data which only contains what server(IP address or domain name) the client(this should be your browser,in fact it becomes one of Tor exit nodes finally) tries to build a SSL/TLS connection are the only data which is decrypted at Tor exit nodes,other data(include HTTP headers) is still encrypted until it reaches the requested server finally. I hope my explaination can help you:)

Ghost Assassin
  • 416
  • 2
  • 5
1

how does the node after know where to transmit the packet afterwards? And how would the Exit relay know to which IP it is to finally route the traffic to?

Simply put: Your client first selects the three nodes that it will use. Next, it encrypts your msg with the public key of the exit node. Then it encrypts that with the public key of the middle node, then with the public key of the entry node. It's like building up layers.

As your msg enters the Tor system, the entry node decrypts it with its private key and only then discovers where to send it to next (i.e., the IP address and port for the middle node). And so on, with each node in effect peeling off a layer. Hence, the name of "The onion router", like peeling an onion.

Hope that helps. Btw, I've voted you up to help you more quickly get to the point where you can participate fully on the group. I see a main aim of this group as being advocacy for Tor, besides answering technical questions. Welcome to the struggle for privacy and freedom on the internet.

Chinup
  • 174
  • 10
1

Simple answer: No.
Tor is not working on layer 2. Tor uses a socks proxy to receive data from applications. All TCP headers would be dropped and payload would be reassembled into "cells". Destination is included in socks header and Tor puts it (only destination, not source) in relay cells so that exit relay would know your destination.
Application headers (e.g. HTTP header) are left in the packet, may leak your information.

nobody
  • 725
  • 4
  • 15