Jump to content

[Solved] Is this correct behavior for Tor?


Recommended Posts

Hi. I’ve been watching youtube vids on tor, proxychains, vpn, net anonymity, etc.

I was trying out some of the things in the videos as well as running wireshark along side it to see how DNS was being handled, what’s encrypted, etc.

I use Kali and Parrot. I was trying to analyze Tor’s behavior in conjunction with proxychains and curl terminal commands. (mostly getting my own ip from ipecho.net and monitoring the requests/reply stream on wireshark to make sure there were no dns requests to my ISP’s DNS servers.)

However, I noticed one thing. Each time Tor was stopped and restarted, I got back different IP reported back from ipecho as expected (exit nodes were changing.) However, looking at the packets on wireshark, my kali machine always contacted xxx.xxx.36.62 and my parrot machine always contacted xx.xx.202.207 regardless of how many restarts of Tor service or how many reboots of the system.

My first question is: Is Tor’s entry node hard set once tor is installed on a machine? Exit always changes, but the entry node is not changing at all. Is this normal tor behavior? Isn’t this a security risk?

The reason I got creeped out about it is the fact that xxx.xxx.36.62 is in Reston, Virginia, USA. This is where CIA’s intelligence center is. xx.xx.202.207 is in Gunzenhausen, Germany. It's claim to fame is that there is a major German military/NATO defense contractor (electronic manufacturer).

If tor exit node stayed the same all the time, everyone would notice. But entry node being the same all the time…you wouldn’t see it unless you were snooping your own wifi connection with wireshark.  (which is a great learning tool!)

If this is expected and correct behavior of Tor, I guess I'm OK with it. If tor is supposed to be changing entry nodes but are not changing, could CIA be staging some sort of MITM attack on tor network?

Call me paranoid, but my tor data stream always going to the home of CIA is just a little creepy…

Someone tell me everything is OK with tor… (can people also try monitoring their own tor connection on wireshark and verify whether what I'm seeing on my computers is correct?)



Link to comment
Share on other sites

I know very little about how Tor operates but I'll call you paranoid as requested.

If there was a significant problem with the way Tor operated, it would be been picked up a long time ago by people with a lot more knowledge and skill in this area by either of us.

There may be a problem with your specific install but not with the project.

You mentioned restarting, does that mean rebooting? If not, try that.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...