Hi everyone!
I am trying to understand the communication between an application and Tor (especially connecting to a hidden service). I am tracing packets on loopback between a torified netcat request to connect to a .onion address. When the connection gets granted I am getting a response from the socks server: (hex data of the tcp payload)
0x05 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00
Regarding to the SOCKS specification this means that the request is granted. But I don't understand the 0x01 in byte no 4. It means IPv4 address in the SOCKS specification, but the following part of the destination address and port (the following 0x00's) are empty. So what does that 0x01 mean?
Can someone explain me that?
Thank you!
Cheers, spriver
Hm... Did you try Wireshark on it?
2014-10-26 11:46 GMT+03:00 spriver spriver@autistici.org:
Hi everyone!
I am trying to understand the communication between an application and Tor (especially connecting to a hidden service). I am tracing packets on loopback between a torified netcat request to connect to a .onion address. When the connection gets granted I am getting a response from the socks server: (hex data of the tcp payload)
0x05 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00
Regarding to the SOCKS specification this means that the request is granted. But I don't understand the 0x01 in byte no 4. It means IPv4 address in the SOCKS specification, but the following part of the destination address and port (the following 0x00's) are empty. So what does that 0x01 mean?
Can someone explain me that?
Thank you!
Cheers, spriver _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
address. When the connection gets granted I am getting a response from the socks server: (hex data of the tcp payload)
0x05 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00
Regarding to the SOCKS specification this means that the request is granted. But I don't understand the 0x01 in byte no 4. It means IPv4 address in the SOCKS specification, but the following part of the destination address and port (the following 0x00's) are empty. So what does that 0x01 mean?
Can someone explain me that?
Hi,
What you see is the reply to a CONNECT command.
From: https://www.ietf.org/rfc/rfc1928.txt
<snip>
CONNECT
In the reply to a CONNECT, BND.PORT contains the port number that the server assigned to connect to the target host, while BND.ADDR contains the associated IP address. The supplied BND.ADDR is often different from the IP address that the client uses to reach the SOCKS server, since such servers are often multi-homed. It is expected that the SOCKS server will use DST.ADDR and DST.PORT, and the client-side source address and port in evaluating the CONNECT request.
</snip>
So, the SOCKS protocol supports redirection to another SOCKS server. An all-zero address/port simply means: use the server/port that you are currently connected to.
On Sun, 26 Oct 2014 14:34:59 +0100 Rob van der Hoeven robvanderhoeven@ziggo.nl wrote:
So, the SOCKS protocol supports redirection to another SOCKS server. An all-zero address/port simply means: use the server/port that you are currently connected to.
That's a really interesting way of interpreting that part of the RFC.
The reason why BND.ADDR and BND.PORT are supplied in a SOCKS5 response is to provide the client with the information equivalent to calling getsockname() on a non-proxied socket.
In the context of tor, the reason why BND.ADDR and BND.PORT are all NUL bytes is because the RELAY_CONNECTED cell does not propagate BND.PORT backwards to the client from the exit. BND.ADDR could technically be filled in (since the tor client knows where it is exiting from), but I don't see much point (and this information is useless at best in the context of HSes).
Regards,
Thank you for the explanation! This was the exactly the question. (I was just wondering why BND.ADDR and BND.PORT get set to NUL, )
Have a nice day!
Am 2014-10-26 18:31, schrieb Yawning Angel:
On Sun, 26 Oct 2014 14:34:59 +0100 Rob van der Hoeven robvanderhoeven@ziggo.nl wrote:
So, the SOCKS protocol supports redirection to another SOCKS server. An all-zero address/port simply means: use the server/port that you are currently connected to.
That's a really interesting way of interpreting that part of the RFC.
The reason why BND.ADDR and BND.PORT are supplied in a SOCKS5 response is to provide the client with the information equivalent to calling getsockname() on a non-proxied socket.
In the context of tor, the reason why BND.ADDR and BND.PORT are all NUL bytes is because the RELAY_CONNECTED cell does not propagate BND.PORT backwards to the client from the exit. BND.ADDR could technically be filled in (since the tor client knows where it is exiting from), but I don't see much point (and this information is useless at best in the context of HSes).
Regards,
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Sun, 2014-10-26 at 17:31 +0000, Yawning Angel wrote:
On Sun, 26 Oct 2014 14:34:59 +0100 Rob van der Hoeven robvanderhoeven@ziggo.nl wrote:
So, the SOCKS protocol supports redirection to another SOCKS server. An all-zero address/port simply means: use the server/port that you are currently connected to.
That's a really interesting way of interpreting that part of the RFC.
Your interpretation makes more sense. I had a wrong picture about this.
Thanks for clearing things up!
-
Rob van der Hoeven -
spriver -
Yawning Angel -
Владимир Мартьянов