Giters

shadow / shadow-plugin-tor

A Shadow plug-in that runs the Tor anonymity software

Home Page:https://shadow.github.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Client-Server relationships

zambo92 opened this issue · comments

commented

Hi, I would like to study end-to-end connections, so I would like to know client-server relationships.

I found in the forum that established paths can be derived from the pcap files which contains the IPs of the sender and the receiver of the packets in each node.

Since generated pcap are very large and numerous files, is there a faster and easier method to know client-server pairs? I would like to exploit information to represent the network with a graphic tool (eg NetworkX).

I hope I was clear and thank you.

commented

The minimal example (in the resource directory) is configured to run the "torctl" plugin. I believe the default configuration is that the plugin will log all circuits that are built by the Tor client. After running the experiment, you should be able to check the output in the shadow.data/hosts/torclient/*torctl*log file. Inside that file, look for the circuit lines, which will include information about which 3 relays were chosen for each circuit.

commented

Thanks a lot.

I used the plugin and I found the servers from which the files are downloaded (ADDRESS attribute).
Where can I see the information about the circuit instead?
Thanks again

Screenshot from 2019-03-17 18-47-32

commented

I learned that information about the circuits should be in the tor files and not torctl. But in these files I have no information regarding paths.
I checked and nothing is missing in the configuration file (where the attributes for the tor and torctl plugins are specified) compared to the minimal example. So I could have the same problem reported in the discussion #70

commented

Sorry for the delay!

The short answer is that I fixed the problem and pushed the new commit to the master branch in a91b50a.

More details:

First, the circuit information should appear in the torctl log files, not the tor log files. The torctl process receives information about the circuits from Tor and then logs them to stdout - that is the entire point of the torctl process.

The reason Tor control event information was missing is because of the error: Unrecognized event "TB_EMPTY". The fix is to remove the TB_EMPTY event from the list of events for all torctl processes listed in your shadow.config.xml file.

For example, change these lines:

<process plugin="torctl" starttime="901" arguments="localhost 9051 STREAM,CIRC,CIRC_MINOR,ORCONN,BW,STREAM_BW,CIRC_BW,CONN_BW,BUILDTIMEOUT_SET,CLIENTS_SEEN,GUARD,CELL_STATS,TB_EMPTY,HS_DESC,HS_DESC_CONTENT"/>

to this:

<process plugin="torctl" starttime="901" arguments="localhost 9051 STREAM,CIRC,CIRC_MINOR,ORCONN,BW,STREAM_BW,CIRC_BW,CONN_BW"/>

Then run the experiment again. After the experiment, the circuit information will be in this file: shadow.data/hosts/torclient/stdout-torclient.torctl.1001.log. Look for the 650 CIRC X BUILT lines, for example:

2000-01-01 00:15:06 946685706.615320 [message] [_torctl_processLine] [torctl-log] localhost:9051 650 CIRC 6 BUILT $4EBB385C80A2CA5D671E16F1C722FBFB5F176891~exit2,$3FB0BD7827C760FE7F9DD810FCB10322D63AB4CF~relay1,$0A9B1B207FD13A6F117F95CAFA358EEE2234F19A~exit1 BUILD_FLAGS=IS_INTERNAL,NEED_CAPACITY,NEED_UPTIME PURPOSE=GENERAL TIME_CREATED=2000-01-01T00:15:06.000110