TOR client: low-level footprint analysis (Part 2 – “whonix gateway”)

In the first post in this series I presented the torhost_report.rb reporting script (see original post) .

In this second post, I will be analyzing the “TOR client” installed components in a Linux host, using torhost_report.rb for that purpose.

More specifically, let’s look at the results for a “whonix gw” virtual machine (Debian).

 

$$$$ TOR Host Analysis Report [Version 0.10]
$$$$
$$$$ Analyzing local host TOR environment ...
$$$$ (Starting at Thu Jul 14 15:25:35 UTC 2016)

$$$$ Important TOR configuration files:

$$$$ torrc

# This file is part of Whonix
# Copyright (C) 2012 - 2013 adrelanos <adrelanos at riseup dot net>
# See the file COPYING for copying conditions.

# Use this file for your user customizations.
# Please see /etc/tor/torrc.examples for help, options, comments etc.

# Anything here will override Whonix's own Tor config customizations in
# /usr/share/tor/tor-service-defaults-torrc

# Enable Tor through whonixsetup or manually uncomment "DisableNetwork 0" by
# removing the # in front of it.
DisableNetwork 0

 

We can see the contents of the /etc/tor/torrc file. This is the main configuration file file for TOR. In the “whonix” scenario, it also uses includes the /usr/share/tor/tor-service-defaults-torrc file, so the script also gets that file’s contents.

There are interesting configuration options here. You can check the full documentation for torrc files at https://www.torproject.org/docs/tor-manual.html.en

I would mention the following configuration options:

  • SOCKSPort [address:]port|unix:path|auto [flags] [isolation flags]
    • opens a listening socket for SOCKS proxy to the TOR network
    • clients connecting to one of the SOCKS proxy services can have access to the TOR network, as the TOR client will forward their requests trough the TOR network to the final server in the internet
    • a “TORified” application should use one of these ports
    • the default SOCKS proxy port for TOR is 9050
    • the user can specify circuit isolation flags
    • multiple SOCKSPort can be defined, for multiple isolation levels for different applications
      • for example, “whonix gw” defines SOCKSPorts for
        • Tor Browser, IRC: XChat, Mail: Thunderbird with TorBirdy, Instant Messenger, apt-get, gpg, ssh, git, Network Time Synchronization, wget, whonixcheck, BitCoin, TorChat, aptitude, yum, Tor Messenger’s default port
  • DNSPort [address:]port|auto [isolation flags]
    • TOR TCP/IP-based DNS service port
    • client applications can use this port to perform DNS requests anonymously, whithout needing to use UDP
  • TransPort [address:]port|auto [isolation flags]
    • similar to SOCKSPort but used for “transparent proxies”, for example “iptables”
    • by properly configuring “iptables”, a system can redirect all or some TCP/IP connections though this port
  • ControlPort PORT|unix:path|auto [flags]
    • an application can connect to this port and control or get status information from the TOR client
    • the TOR control protocol should be used, as defined in control-spec.txt
    • the default control port is 9051
    • arm and vidalia use this protocol to communicate with the TOR client
  • DirPort [address:]PORT|auto [flags]
    • Advertises a TOR directory service
    • This is optional, note that is not used in the “whonix gw” VM
$$$$ /usr/share/tor/tor-service-defaults-torrc

## This file is part of Whonix.
## Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

# Please use "/etc/tor/torrc" for your custom configuration,
# which will override the defaults found here. When this package is updated,
# this file may be overwritten.

## You can find the original upstream tor-service-defaults-torrc under
## /usr/share/tor/tor-service-defaults-torrc.anondist-orig


#########################################
## Upstream Defaults File               #
#########################################

## These defaults are taken from /usr/share/tor/tor-service-defaults-torrc
## on Aug 2013 on Debian Jessi.

DataDirectory /var/lib/tor
PidFile /var/run/tor/tor.pid
RunAsDaemon 1
User debian-tor

ControlSocket /var/run/tor/control
ControlSocketsGroupWritable 1

CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie

Log notice file /var/log/tor/log

#########################
## Enable / Disable Tor #
#########################

## Tor is disabled by default.
## Users are supposed to enable Tor through whonixsetup or manually
## removing the # in front of "DisableNetwork 0" in /etc/tor/torrc.
DisableNetwork 1

#########################################
## Leak Tests                           #
#########################################

##+# #OptionalFeatureNr.6# Leak Testing.
##+#
##+# Manual Leak Testing:
##+# See Whonix/LeakTests. Activate this while testing for leaks. (Step 0)
##+# Deactivate after you are done! (Important!) (Step 9)
##+#
##+# Scripted Leak Testing:
##+# If you change the following two lines, beside removing the hash (#),
##+# beside commenting them in, you break the integrated leaktest script.
##+# See leaktest_whonix_gateway() ed.
##+# See https://www.whonix.org/wiki/Dev/Leak_Tests
##+# on information, how to use the integrated leaktest script.
#ReachableDirAddresses *:80
#ReachableORAddresses *:443
#FascistFirewall 1

#########################################
## General Settings                     #
#########################################

## ControlPort is necessary for tor-arm and Vidalia.
## - Vidalia has to set /var/run/tor/control (default) as
##   Control Cookie. (Not installed by default)
## - Arm autodetects the Control Cookie. (Useful terminal Tor controller.)
## - Tor Control Port Filter Proxy
## - Not using HashedControlPassword or CookieAuthentication.
##   Gateway is no multi purpose machine. It is solely a
##   Tor Gateway. As soon as an adversary has physical access
##   or compromised Gateway, it's Game Over anyway.
ControlPort 9051
ControlListenAddress 127.0.0.1

Log notice syslog
Log notice file /run/tor/log
#Log notice file /var/log/tor/log

## Not required:
#DataDirectory /...
#PidFile /...
#ControlSocket /...
#ControlSocketsGroupWritable 1
#CookieAuthentication 1
#CookieAuthFileGroupReadable 1
#CookieAuthFile /...

#########################################
## mixmaster remailer                   #
#########################################

## REVIEW: Are the virtual IP addresses 1.1.1.1 and 2.2.2.2 appropriate or are different values better?

mapaddress 1.1.1.1 k54ids7luh523dbi.onion
mapaddress 2.2.2.2 gbhpq7eihle4btsn.onion

#########################################
## Misc Settings                        #
#########################################

VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1

###############################
## Workstation Trans/Dns-Port #
###############################

## (comment mirrored from /usr/bin/whonix_firewall)
## Transparent Proxy Port for Workstation
## TRANS_PORT_WORKSTATION="9040"
##+# #OptionalFeatureNr.5# Best possible protection against Identity correlation through circuit sharing. ^5^
##
## TransPort is not used for anything preinstalled by default.
## Only as a catch all for user installed applications,
## which is documented.
##
## IsolateDestAddr should not be activated by default,
## if people install filesharing software it would be a nightmare if all connections to the massive amount
## of destination IP's would go through separate circuits.
##
## For the same reason IsolateDestPort should not be activated by default, since BitTorrent (in some cases)
## uses random ports.
TransPort 10.152.152.10:9040

## (comment mirrored from /usr/bin/whonix_firewall)
## DNS_PORT_WORKSTATION="5300"
##+# #OptionalFeatureNr.5# Best possible protection against Identity correlation through circuit sharing. ^5^
##
## DnsPort is not used for anything preinstalled by default.
## Only as a catch all for user installed applications,
## which is documented.
##
## Not listening on port 53 but rather on a port higher than 1024 to avoid
## issues with reloading Tor. (Tor drops privileges and is then unable to
## create listeners below 1024.)
##
## Not sure about IsolateDestAddr.
## IsolateDestPort has probably very little effect, since most DNS servers listen on port 53.
DnsPort 10.152.152.10:5300 IsolateDestPort

###########################
## Workstation SocksPorts #
###########################

## (comment mirrored from /usr/bin/whonix_firewall)
## Socks Ports for per application circuits.
## SOCKS_PORT_TOR_DEFAULT="9050"
## SOCKS_PORT_TB="9100"
## SOCKS_PORT_IRC="9101"
## SOCKS_PORT_TORBIRDY="9102"
## SOCKS_PORT_IM="9103"
## SOCKS_PORT_APT_GET="9104"
## SOCKS_PORT_GPG="9105"
## SOCKS_PORT_SSH="9106"
## SOCKS_PORT_GIT="9107"
## SOCKS_PORT_SDWDATE="9108"
## SOCKS_PORT_WGET="9109"
## SOCKS_PORT_WHONIXCHECK="9110"
## SOCKS_PORT_BITCOIN="9111"
## SOCKS_PORT_PRIVOXY="9112"
## SOCKS_PORT_POLIPO="9113"
## SOCKS_PORT_WHONIX_NEWS="9114"
## SOCKS_PORT_TBB_DOWNLOAD="9115"
## SOCKS_PORT_TBB_GPG="9116"
## SOCKS_PORT_CURL="9117"
## SOCKS_PORT_RSS="9118"
## SOCKS_PORT_TORCHAT="9119"
## SOCKS_PORT_MIXMASTERUPDATE="9120"
## SOCKS_PORT_MIXMASTER="9121"
## SOCKS_PORT_KDE="9122"
## SOCKS_PORT_GNOME="9123"
## SOCKS_PORT_APTITUDE="9124"
## SOCKS_PORT_YUM="9125"
## SOCKS_PORT_TBB_DEFAULT="9150"

## Tor Default Port
## Only for applications, which expect Tor to be running on port 9050.
SocksPort 10.152.152.10:9050

## Web: Tor Browser
## Not using IsolateDestAddr IsolateDestPort, because too much
## performance loss, too much load on Tor network and not secure.
## Ticket https://trac.torproject.org/projects/tor/ticket/3455
## is the right way to solve this issue. Waiting for upstream.
SocksPort 10.152.152.10:9100
#SocksPort 10.152.152.10:9100 IsolateDestAddr IsolateDestPort

## IRC: XChat
## People are normally not connected to too many IRC servers,
## so they can use one circuit per server.
SocksPort 10.152.152.10:9101 IsolateDestAddr IsolateDestPort

## Mail: Thunderbird with TorBirdy
## Not preinstalled.
## Not used by too many people. Most users do not connect to
## too many servers.
SocksPort 10.152.152.10:9102 IsolateDestAddr IsolateDestPort

## Instant Messenger
## People are normally not connected to too many IM servers,
## so they can use one circuit per server.
SocksPort 10.152.152.10:9103 IsolateDestAddr IsolateDestPort

## Operating system updates: apt-get
## Not using IsolateDestAddr IsolateDestPort, because too much
## performance loss, too much load on Tor network and no gain
## in security.
SocksPort 10.152.152.10:9104

## gpg
## Not used by too many people. Most users do not connect to
## too many servers.
SocksPort 10.152.152.10:9105 IsolateDestAddr IsolateDestPort

## ssh
## Not used by too many people. Most users do not connect to
## too many servers.
SocksPort 10.152.152.10:9106 IsolateDestAddr IsolateDestPort

## git
## Not preinstalled.
## Not used by too many people. Most users do not connect to
## too many servers.
SocksPort 10.152.152.10:9107 IsolateDestAddr IsolateDestPort

## Network Time Synchronization
## There are only three different connections.
SocksPort 10.152.152.10:9108 IsolateDestAddr IsolateDestPort

## command line downloader: wget
## Only manually and by very few applications used. Should not
## hurt performance or Tor network. Very few connections are
## expected.
SocksPort 10.152.152.10:9109 IsolateDestAddr IsolateDestPort

## whonixcheck
## Only connects to https://check.torproject.org and checks IP
## and Tor Browser version.
## Only one server and only one port.
## Would be fine without IsolateDestAddr IsolateDestPort,
## but add it anyway to have less exceptions.
SocksPort 10.152.152.10:9110 IsolateDestAddr IsolateDestPort

## BitCoin
## Not using IsolateDestAddr IsolateDestPort.
## Makes too many connections to different servers. Should not
## hurt if they get through the same circuit.
SocksPort 10.152.152.10:9111

## http to socks converter: privoxy
## Not in use for anything preinstalled.
## Not using IsolateDestAddr IsolateDestPort for the same reasons
## as mentioned under Web: Tor Browser.
## Only used for Thunderbird with TorBirdy, which is not
## preinstalled.
SocksPort 10.152.152.10:9112

## http to socks converter: polipo
## Not in use for anything preinstalled.
## Not using IsolateDestAddr IsolateDestPort for the same reasons
## as mentioned under Web: Tor Browser.
SocksPort 10.152.152.10:9113

## Whonix news download
## Only connects to the Whonix homepage and downloads a small file with
## latest important Whonix news.
## Only one server and only one port.
## Would be fine without IsolateDestAddr IsolateDestPort,
## but add it anyway to have less exceptions.
SocksPort 10.152.152.10:9114 IsolateDestAddr IsolateDestPort

## Tor Browser bundle download
## Rarely used.
## Only one server and only one port.
## Would be fine without IsolateDestAddr IsolateDestPort,
## but add it anyway to have less exceptions.
SocksPort 10.152.152.10:9115 IsolateDestAddr IsolateDestPort

## Tor Browser gpg public key download
## Rarely used.
## Only one server and only one port.
## Would be fine without IsolateDestAddr IsolateDestPort,
## but add it anyway to have less exceptions.
SocksPort 10.152.152.10:9116 IsolateDestAddr IsolateDestPort

## Curl
## Only manually and by very few applications used. Should not
## hurt performance or Tor network. Very few connections are
## expected.
SocksPort 10.152.152.10:9117 IsolateDestAddr IsolateDestPort

## RSS
## By default only for the Whonix Blog and for the torproject.org blog.
## Few users expected to add their own feeds.
SocksPort 10.152.152.10:9118 IsolateDestAddr IsolateDestPort

## TorChat
## Not using IsolateDestAddr or IsolateDestPort, because upstream
## TorChat also does not do it. Since it only connects to
## hidden services it would perhaps not make a difference anyway.
SocksPort 10.152.152.10:9119

## mixmaster-update
## Few users expected to use it.
## Since it only connects to one or very few servers using
## IsolateDestAddr IsolateDestPort.
SocksPort 10.152.152.10:9120 IsolateDestAddr IsolateDestPort

## mixmaster
## This port is currently not in use. See Whonix mixmaster integration.
## https://www.whonix.org/wiki/Dev/Mixmaster
## Few users expected to use it.
## Since it only connects to one or very few servers using
## IsolateDestAddr IsolateDestPort.
SocksPort 10.152.152.10:9121 IsolateDestAddr IsolateDestPort

## KDE application wide proxy.
## Not using IsolateDestAddr or IsolateDestPort, because also browsers
## could use this port.
SocksPort 10.152.152.10:9122

## GNOME application wide proxy.
## This port is currently not in use.
## Not using IsolateDestAddr or IsolateDestPort, because also browsers
## could use this port.
SocksPort 10.152.152.10:9123

## Operating system updates: aptitude
## Not using IsolateDestAddr IsolateDestPort, because too much
## performance loss, too much load on Tor network and no gain
## in security.
SocksPort 10.152.152.10:9124

## Operating system updates: yum
## Not using IsolateDestAddr IsolateDestPort, because too much
## performance loss, too much load on Tor network and no gain
## in security.
SocksPort 10.152.152.10:9125

## Tor Browser Bundle Default Port
## This port gets used if someone uses the default Tor Browser Bundle.
## (rinetd runs on Workstation and forwards connections from
##  127.0.0.1:9150 to 10.152.152.10:9150 [as part of the
## anon-ws-disable-stacked-tor package].)
## Not using IsolateDestAddr IsolateDestPort, because too much
## performance loss, too much load on Tor network and not secure.
## Ticket https://trac.torproject.org/projects/tor/ticket/3455
## is the right way to solve this issue. Waiting for upstream.
SocksPort 10.152.152.10:9150 IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth

## Tor Messenger's default port
## This port gets used if someone uses the default Tor Messenger.
## (rinetd runs on Workstation and forwards connections from
##  127.0.0.1:9152 to 10.152.152.10:9152 [as part of the
## anon-ws-disable-stacked-tor package].)
SocksPort 10.152.152.10:9152 IsolateDestAddr IsolateDestPort

##+# #OptionalFeatureNr.4# More Socks Ports.
## Custom Ports #1:
## without IsolateDestAddr
## without IsolateDestPort
SocksPort 10.152.152.10:9153
SocksPort 10.152.152.10:9154
SocksPort 10.152.152.10:9155
SocksPort 10.152.152.10:9156
SocksPort 10.152.152.10:9157
SocksPort 10.152.152.10:9158
SocksPort 10.152.152.10:9159

##+# #OptionalFeatureNr.4# More Socks Ports.
## Custom Ports #2:
## with IsolateDestAddr
## without IsolateDestPort
SocksPort 10.152.152.10:9160 IsolateDestAddr
SocksPort 10.152.152.10:9161 IsolateDestAddr
SocksPort 10.152.152.10:9162 IsolateDestAddr
SocksPort 10.152.152.10:9163 IsolateDestAddr
SocksPort 10.152.152.10:9164 IsolateDestAddr
SocksPort 10.152.152.10:9165 IsolateDestAddr
SocksPort 10.152.152.10:9166 IsolateDestAddr
SocksPort 10.152.152.10:9167 IsolateDestAddr
SocksPort 10.152.152.10:9168 IsolateDestAddr
SocksPort 10.152.152.10:9169 IsolateDestAddr

##+# #OptionalFeatureNr.4# More Socks Ports.
## Custom Ports #3:
## without IsolateDestAddr
## with IsolateDestPort
SocksPort 10.152.152.10:9170 IsolateDestPort
SocksPort 10.152.152.10:9171 IsolateDestPort
SocksPort 10.152.152.10:9172 IsolateDestPort
SocksPort 10.152.152.10:9173 IsolateDestPort
SocksPort 10.152.152.10:9174 IsolateDestPort
SocksPort 10.152.152.10:9175 IsolateDestPort
SocksPort 10.152.152.10:9176 IsolateDestPort
SocksPort 10.152.152.10:9177 IsolateDestPort
SocksPort 10.152.152.10:9178 IsolateDestPort
SocksPort 10.152.152.10:9179 IsolateDestPort

##+# #OptionalFeatureNr.4# More Socks Ports.
## Custom Ports #4:
## with IsolateDestAddr
## with IsolateDestPort
SocksPort 10.152.152.10:9180 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9181 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9182 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9183 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9184 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9185 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9186 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9187 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9188 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9189 IsolateDestAddr IsolateDestPort

###########################
## Gateway Trans/Dns-Port #
###########################

## TransPort and DnsPort are not enabled in gateway firewall by default.
##
## (comment mirrored from /usr/bin/whonix_firewall)
## Transparent Proxy Ports for Whonix-Gateway
## TRANS_PORT_GATEWAY="9041"
## DNS_PORT_GATEWAY="5400"
TransPort 127.0.0.1:9041
DnsPort 127.0.0.1:5400

#######################
## Gateway SocksPorts #
#######################

## Developer comment:
##
## We actually do not need all of them,
## but they do not hurt anyway and
## it keeps the setup more generic,
## with less exceptions.
##
## Comments why we (not) use IsolateDestAddr and/or IsolateDestPort
## are the same as in section Workstation SocksPorts.

SocksPort 127.0.0.1:9050
SocksPort 127.0.0.1:9100
SocksPort 127.0.0.1:9101 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9102 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9103 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9104
SocksPort 127.0.0.1:9105 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9106 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9107 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9108 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9109 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9110 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9111
SocksPort 127.0.0.1:9112
SocksPort 127.0.0.1:9113
SocksPort 127.0.0.1:9114 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9115 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9116 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9117 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9118 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9119
SocksPort 127.0.0.1:9120 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9121 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9122
SocksPort 127.0.0.1:9123
SocksPort 127.0.0.1:9124
SocksPort 127.0.0.1:9125
SocksPort 127.0.0.1:9150 IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth

#####################################################
## End of /usr/share/tor/tor-service-defaults-torrc #
#####################################################

 

Next, the script gets the last lines of important TOR log files, for example:

$$$$ /var/log/tor/log

Jul 14 14:52:14.432 [notice] Opening Socks listener on 127.0.0.1:9150
Jul 14 14:52:14.433 [notice] Opening DNS listener on 10.152.152.10:5300
Jul 14 14:52:14.433 [notice] Opening DNS listener on 127.0.0.1:5400
Jul 14 14:52:14.433 [notice] Opening Transparent pf/netfilter listener on 10.152.152.10:9040
Jul 14 14:52:14.433 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9041
Jul 14 14:52:14.433 [notice] Opening Control listener on 127.0.0.1:9051
Jul 14 14:52:14.433 [notice] Opening Control listener on /var/run/tor/control
Jul 14 14:52:14.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jul 14 14:52:15.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jul 14 14:52:16.000 [notice] Bootstrapped 0%: Starting
Jul 14 14:52:19.000 [notice] Bootstrapped 5%: Connecting to directory server
Jul 14 14:52:19.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Jul 14 14:52:19.000 [notice] Signaled readiness to systemd
Jul 14 14:52:22.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Jul 14 14:52:25.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:52:26.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:52:26.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jul 14 14:52:36.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jul 14 14:52:36.000 [notice] Bootstrapped 100%: Done
Jul 14 14:52:36.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:52:36.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:52:33.000 [warn] Socks version 71 not recognized. (Tor is not an http proxy.)
Jul 14 14:52:33.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:52:33.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:54:34.000 [warn] Socks version 71 not recognized. (Tor is not an http proxy.)
Jul 14 14:54:34.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:54:34.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:55:07.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:01:05.000 [warn] Socks version 71 not recognized. (Tor is not an http proxy.)
Jul 14 15:01:05.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:01:05.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:01:29.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:03:42.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:04:38.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:05:01.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:05:40.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:08:24.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:11:57.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:15:19.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:17:13.000 [notice] New control connection opened from 127.0.0.1.

We can use the /var/log/tor/log file to study TOR’s behavior or for troubleshooting.

Other log files are also included in the report:

  • /var/log/syslog
  • /var/log/sdwdate.log
  • /var/log/control-port-filter-python.log

 

Next, the script tries to execute some known command-line utilities to check for their availability and version. For example, arm :

$$$$ is arm available ?

Usage arm [OPTION]
Terminal status monitor for Tor relays.

  -g, --gui                       launch the Gtk+ interface
  -p, --prompt                    only start the control interpretor
  -i, --interface [ADDRESS:]PORT  change control interface from 127.0.0.1:9051
  -s, --socket SOCKET_PATH        attach using unix domain socket if present,
                                    SOCKET_PATH defaults to: /var/run/tor/control
  -c, --config CONFIG_PATH        loaded configuration options, CONFIG_PATH
                                    defaults to: /root/.arm/armrc
  -d, --debug                     writes all arm logs to /root/.arm/log
  -b, --blind                     disable connection lookups
  -e, --event EVENT_FLAGS         event types in message log  (default: N3)
        d DEBUG      a ADDRMAP           k DESCCHANGED   s STREAM
        i INFO       f AUTHDIR_NEWDESCS  g GUARD         r STREAM_BW
        n NOTICE     h BUILDTIMEOUT_SET  l NEWCONSENSUS  t STATUS_CLIENT
        w WARN       b BW                m NEWDESC       u STATUS_GENERAL
        e ERR        c CIRC              p NS            v STATUS_SERVER
                     j CLIENTS_SEEN      q ORCONN
          DINWE tor runlevel+            A All Events
          12345 arm runlevel+            X No Events
          67890 torctl runlevel+         U Unknown Events
  -v, --version                   provides version information
  -h, --help                      presents this help

Example:
arm -b -i 1643          hide connection data, attaching to control port 1643
arm -e we -c /tmp/cfg   use this configuration file with 'WARN'/'ERR' events

arm version 1.4.5.0 (released April 28, 2012)

 

Arm is a useful monitoring tool for TOR:

ARM 1.jpg

Other interesting tools checked by the script include:

  • tor-ctrl
    • tor-ctrl -v -c “GETINFO version”
    • command-line front-end for the TOR Control protocol
  • tor-prompt
    • tor-prompt -h
    • old (obsolete) command-line front-end for the TOR Control protocol
  • torsocks
    • used to “torify” an application
    • example
      • torify wget http://www.google.com
      • forces wget to use the TOR SOCKS proxy instead of direct TCP/IP connections
  • tor-resolve

 

Next, the report includes system network configuration data and relevant running services, including the local IP and the external IP as seen by the destination web server.

$$$$ is networking [service] running ?

 [ + ]  networking


$$$$ Network configuration

eth0      Link encap:Ethernet  HWaddr 08:00:27:b7:49:35  
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4295 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3260 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:983100 (960.0 KiB)  TX bytes:1613725 (1.5 MiB)
          Interrupt:19 Base address:0xd000 

eth1      Link encap:Ethernet  HWaddr 08:00:27:b4:c2:dd  
          inet addr:10.152.152.10  Bcast:10.152.191.255  Mask:255.255.192.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:16 Base address:0xd040 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1982 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1982 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:262618 (256.4 KiB)  TX bytes:262618 (256.4 KiB)



$$$$$$$$ iptables

Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             state INVALID
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN/FIN,SYN
DROP       tcp  --  anywhere             anywhere             tcp flags:SYN,RST/SYN,RST
DROP       all  -f  anywhere             anywhere            
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
DROP       icmp --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere             udp dpt:5300
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9040
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9052
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9124
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9104
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9111
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9117
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9107
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9123
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9105
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bacula-sd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bacula-dir
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9122
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9121
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9120
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9113
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9112
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9118
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9108
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9106
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9100
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9150
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9115
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9116
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bacula-fd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9119
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9050
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9109
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9110
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9114
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9125
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 9152:9189
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             reject-with icmp-admin-prohibited

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             ctstate INVALID reject-with icmp-admin-prohibited
REJECT     all  --  anywhere             anywhere             state INVALID reject-with icmp-admin-prohibited
REJECT     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK reject-with icmp-admin-prohibited
REJECT     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN/FIN,SYN reject-with icmp-admin-prohibited
REJECT     tcp  --  anywhere             anywhere             tcp flags:SYN,RST/SYN,RST reject-with icmp-admin-prohibited
REJECT     all  -f  anywhere             anywhere             reject-with icmp-admin-prohibited
REJECT     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG reject-with icmp-admin-prohibited
REJECT     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE reject-with icmp-admin-prohibited
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             destination IP range 127.0.0.0-127.0.0.24
ACCEPT     all  --  anywhere             anywhere             destination IP range 192.168.0.0-192.168.0.24
ACCEPT     all  --  anywhere             anywhere             destination IP range 192.168.1.0-192.168.1.24
ACCEPT     all  --  anywhere             anywhere             destination IP range 10.152.152.0-10.152.152.24
ACCEPT     all  --  anywhere             anywhere             destination IP range 10.0.2.2-10.0.2.24
ACCEPT     all  --  anywhere             anywhere             owner UID match clearnet
ACCEPT     all  --  anywhere             anywhere             owner UID match tunnel
ACCEPT     all  --  anywhere             anywhere             owner UID match debian-tor
REJECT     all  --  anywhere             anywhere             reject-with icmp-admin-prohibited


$$$$$$$$ active connections IPv4

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 localhost:9119          *:*                     LISTEN      root       13791       1385/tor        
tcp        0      0 10.152.152.10:9183      *:*                     LISTEN      root       13764       1385/tor        
tcp        0      0 10.152.152.10:9119      *:*                     LISTEN      root       13725       1385/tor        
tcp        0      0 localhost:9120          *:*                     LISTEN      root       13792       1385/tor        
tcp        0      0 10.152.152.10:9184      *:*                     LISTEN      root       13765       1385/tor        
tcp        0      0 10.152.152.10:9152      *:*                     LISTEN      root       13733       1385/tor        
tcp        0      0 10.152.152.10:9120      *:*                     LISTEN      root       13726       1385/tor        
tcp        0      0 localhost:9121          *:*                     LISTEN      root       13793       1385/tor        
tcp        0      0 10.152.152.10:9185      *:*                     LISTEN      root       13766       1385/tor        
tcp        0      0 10.152.152.10:9153      *:*                     LISTEN      root       13734       1385/tor        
tcp        0      0 10.152.152.10:9121      *:*                     LISTEN      root       13727       1385/tor        
tcp        0      0 localhost:9122          *:*                     LISTEN      root       13794       1385/tor        
tcp        0      0 10.152.152.10:9186      *:*                     LISTEN      root       13767       1385/tor        
tcp        0      0 10.152.152.10:9154      *:*                     LISTEN      root       13735       1385/tor        
tcp        0      0 10.152.152.10:9122      *:*                     LISTEN      root       13728       1385/tor        
tcp        0      0 localhost:9123          *:*                     LISTEN      root       13795       1385/tor        
tcp        0      0 10.152.152.10:9187      *:*                     LISTEN      root       13768       1385/tor        
tcp        0      0 10.152.152.10:9155      *:*                     LISTEN      root       13736       1385/tor        
tcp        0      0 10.152.152.10:9123      *:*                     LISTEN      root       13729       1385/tor        
tcp        0      0 localhost:9124          *:*                     LISTEN      root       13796       1385/tor        
tcp        0      0 10.152.152.10:9188      *:*                     LISTEN      root       13769       1385/tor        
tcp        0      0 10.152.152.10:9156      *:*                     LISTEN      root       13737       1385/tor        
tcp        0      0 10.152.152.10:9124      *:*                     LISTEN      root       13730       1385/tor        
tcp        0      0 localhost:9125          *:*                     LISTEN      root       13797       1385/tor        
tcp        0      0 10.152.152.10:9189      *:*                     LISTEN      root       13770       1385/tor        
tcp        0      0 10.152.152.10:9157      *:*                     LISTEN      root       13738       1385/tor        
tcp        0      0 10.152.152.10:9125      *:*                     LISTEN      root       13731       1385/tor        
tcp        0      0 localhost:4101          *:*                     LISTEN      root       8842        169/brltty      
tcp        0      0 10.152.152.10:9158      *:*                     LISTEN      root       13739       1385/tor        
tcp        0      0 10.152.152.10:9159      *:*                     LISTEN      root       13740       1385/tor        
tcp        0      0 10.152.152.10:9160      *:*                     LISTEN      root       13741       1385/tor        
tcp        0      0 10.152.152.10:9161      *:*                     LISTEN      root       13742       1385/tor        
tcp        0      0 10.152.152.10:9162      *:*                     LISTEN      root       13743       1385/tor        
tcp        0      0 *:netbios-ssn           *:*                     LISTEN      root       14486       1622/smbd       
tcp        0      0 10.152.152.10:9163      *:*                     LISTEN      root       13744       1385/tor        
tcp        0      0 localhost:9100          *:*                     LISTEN      root       13772       1385/tor        
tcp        0      0 10.152.152.10:9164      *:*                     LISTEN      root       13745       1385/tor        
tcp        0      0 10.152.152.10:9100      *:*                     LISTEN      root       13706       1385/tor        
tcp        0      0 localhost:bacula-dir    *:*                     LISTEN      root       13773       1385/tor        
tcp        0      0 10.152.152.10:9165      *:*                     LISTEN      root       13746       1385/tor        
tcp        0      0 10.152.152.1:bacula-dir *:*                     LISTEN      root       13707       1385/tor        
tcp        0      0 localhost:bacula-fd     *:*                     LISTEN      root       13774       1385/tor        
tcp        0      0 10.152.152.10:9166      *:*                     LISTEN      root       13747       1385/tor        
tcp        0      0 10.152.152.10:bacula-fd *:*                     LISTEN      root       13708       1385/tor        
tcp        0      0 localhost:bacula-sd     *:*                     LISTEN      root       13775       1385/tor        
tcp        0      0 10.152.152.10:9167      *:*                     LISTEN      root       13748       1385/tor        
tcp        0      0 10.152.152.10:bacula-sd *:*                     LISTEN      root       13709       1385/tor        
tcp        0      0 10.152.152.10:9040      *:*                     LISTEN      root       13801       1385/tor        
tcp        0      0 localhost:9104          *:*                     LISTEN      root       13776       1385/tor        
tcp        0      0 10.152.152.10:9168      *:*                     LISTEN      root       13749       1385/tor        
tcp        0      0 10.152.152.10:9104      *:*                     LISTEN      root       13710       1385/tor        
tcp        0      0 localhost:9041          *:*                     LISTEN      root       13802       1385/tor        
tcp        0      0 localhost:9105          *:*                     LISTEN      root       13777       1385/tor        
tcp        0      0 10.152.152.10:9169      *:*                     LISTEN      root       13750       1385/tor        
tcp        0      0 10.152.152.10:9105      *:*                     LISTEN      root       13711       1385/tor        
tcp        0      0 localhost:9106          *:*                     LISTEN      root       13778       1385/tor        
tcp        0      0 10.152.152.10:9170      *:*                     LISTEN      root       13751       1385/tor        
tcp        0      0 10.152.152.10:9106      *:*                     LISTEN      root       13712       1385/tor        
tcp        0      0 localhost:9107          *:*                     LISTEN      root       13779       1385/tor        
tcp        0      0 10.152.152.10:9171      *:*                     LISTEN      root       13752       1385/tor        
tcp        0      0 10.152.152.10:9107      *:*                     LISTEN      root       13713       1385/tor        
tcp        0      0 localhost:9108          *:*                     LISTEN      root       13780       1385/tor        
tcp        0      0 10.152.152.10:9172      *:*                     LISTEN      root       13753       1385/tor        
tcp        0      0 10.152.152.10:9108      *:*                     LISTEN      root       13714       1385/tor        
tcp        0      0 localhost:9109          *:*                     LISTEN      root       13781       1385/tor        
tcp        0      0 10.152.152.10:9173      *:*                     LISTEN      root       13754       1385/tor        
tcp        0      0 10.152.152.10:9109      *:*                     LISTEN      root       13715       1385/tor        
tcp        0      0 localhost:9110          *:*                     LISTEN      root       13782       1385/tor        
tcp        0      0 10.152.152.10:9174      *:*                     LISTEN      root       13755       1385/tor        
tcp        0      0 10.152.152.10:9110      *:*                     LISTEN      root       13716       1385/tor        
tcp        0      0 localhost:9111          *:*                     LISTEN      root       13783       1385/tor        
tcp        0      0 10.152.152.10:9175      *:*                     LISTEN      root       13756       1385/tor        
tcp        0      0 10.152.152.10:9111      *:*                     LISTEN      root       13717       1385/tor        
tcp        0      0 localhost:9112          *:*                     LISTEN      root       13784       1385/tor        
tcp        0      0 10.152.152.10:9176      *:*                     LISTEN      root       13757       1385/tor        
tcp        0      0 10.152.152.10:9112      *:*                     LISTEN      root       13718       1385/tor        
tcp        0      0 localhost:9113          *:*                     LISTEN      root       13785       1385/tor        
tcp        0      0 10.152.152.10:9177      *:*                     LISTEN      root       13758       1385/tor        
tcp        0      0 10.152.152.10:9113      *:*                     LISTEN      root       13719       1385/tor        
tcp        0      0 localhost:9114          *:*                     LISTEN      root       13786       1385/tor        
tcp        0      0 localhost:9050          *:*                     LISTEN      root       13771       1385/tor        
tcp        0      0 10.152.152.10:9178      *:*                     LISTEN      root       13759       1385/tor        
tcp        0      0 10.152.152.10:9114      *:*                     LISTEN      root       13720       1385/tor        
tcp        0      0 10.152.152.10:9050      *:*                     LISTEN      root       13705       1385/tor        
tcp        0      0 localhost:9051          *:*                     LISTEN      root       13803       1385/tor        
tcp        0      0 localhost:9115          *:*                     LISTEN      root       13787       1385/tor        
tcp        0      0 10.152.152.10:9179      *:*                     LISTEN      root       13760       1385/tor        
tcp        0      0 10.152.152.10:9115      *:*                     LISTEN      root       13721       1385/tor        
tcp        0      0 10.152.152.10:9052      *:*                     LISTEN      debian-tor 14241       1407/python     
tcp        0      0 localhost:9116          *:*                     LISTEN      root       13788       1385/tor        
tcp        0      0 10.152.152.10:9180      *:*                     LISTEN      root       13761       1385/tor        
tcp        0      0 10.152.152.10:9116      *:*                     LISTEN      root       13722       1385/tor        
tcp        0      0 *:microsoft-ds          *:*                     LISTEN      root       14485       1622/smbd       
tcp        0      0 localhost:9117          *:*                     LISTEN      root       13789       1385/tor        
tcp        0      0 10.152.152.10:9181      *:*                     LISTEN      root       13762       1385/tor        
tcp        0      0 10.152.152.10:9117      *:*                     LISTEN      root       13723       1385/tor        
tcp        0      0 localhost:9150          *:*                     LISTEN      root       13798       1385/tor        
tcp        0      0 localhost:9118          *:*                     LISTEN      root       13790       1385/tor        
tcp        0      0 10.152.152.10:9182      *:*                     LISTEN      root       13763       1385/tor        
tcp        0      0 10.152.152.10:9150      *:*                     LISTEN      root       13732       1385/tor        
tcp        0      0 10.152.152.10:9118      *:*                     LISTEN      root       13724       1385/tor        
tcp        0      0 10.0.2.15:36871         10.0.2.2:microsoft-ds   ESTABLISHED root       17549       -               
tcp        0      0 localhost:9051          localhost:50813         TIME_WAIT   root       0           -               
tcp        0      0 10.0.2.15:50687         139.162.130.190:https   ESTABLISHED debian-tor 14206       1385/tor        
udp        0      0 localhost:5400          *:*                                 root       13800       1385/tor        
udp        0      0 *:bootpc                *:*                                 root       11337       956/dhclient    
udp        0      0 *:22123                 *:*                                 root       11313       956/dhclient    
udp        0      0 10.0.2.255:netbios-ns   *:*                                 root       14321       1578/nmbd       
udp        0      0 10.0.2.15:netbios-ns    *:*                                 root       14320       1578/nmbd       
udp        0      0 10.152.191.2:netbios-ns *:*                                 root       14317       1578/nmbd       
udp        0      0 10.152.152.1:netbios-ns *:*                                 root       14316       1578/nmbd       
udp        0      0 *:netbios-ns            *:*                                 root       14313       1578/nmbd       
udp        0      0 10.0.2.255:netbios-dgm  *:*                                 root       14323       1578/nmbd       
udp        0      0 10.0.2.15:netbios-dgm   *:*                                 root       14322       1578/nmbd       
udp        0      0 10.152.191.:netbios-dgm *:*                                 root       14319       1578/nmbd       
udp        0      0 10.152.152.:netbios-dgm *:*                                 root       14318       1578/nmbd       
udp        0      0 *:netbios-dgm           *:*                                 root       14314       1578/nmbd       
udp        0      0 10.152.152.10:5300      *:*                                 root       13799       1385/tor        


$$$$$$$$ My Exit Relay IP

IP=93.115.95.204

93.115.95.204 lh28409.voxility.net



$$$$$$$$ uname

Linux host 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt25-1 (2016-03-06) i686 GNU/Linux


$$$$$$$$ hostname

host


$$$$$$$$ dnsdomainname

localdomain


$$$$ (Ending at Thu Jul 14 15:25:56 UTC 2016)

 

As can see, this report gives us a lot of useful information to understand TOR’s local behavior, correlating the TOR configuration and the actual open and connected ports.

Be free to use it !

 

References

 

 

TOR client: low-level footprint analysis (Part 1)

When analyzing and gathering information about a complex system, I often find it useful to build small reporting tools to list all configuration files, running services, network configuration, and so on. This constantly reminds me of the system’s “big picture”.

While analyzing “TOR client” installed components in a Linux host, I’ve built “torhost_report.rb” for that purpose:

#!/usr/bin/ruby

print "$$$$ TOR Host Analysis Report [Version 0.10]\n"
print "$$$$\n"
print "$$$$ Analyzing local host TOR envinroment ...\n"
print "$$$$ (Starting at ", `date`.strip, ")\n"


print "\n$$$$ Important TOR configuration files:\n"
print "\n$$$$ torrc\n\n"
system 'cat /etc/tor/torrc'

print "\n$$$$ /usr/share/tor/tor-service-defaults-torrc\n\n"
system 'cat /usr/share/tor/tor-service-defaults-torrc'


print "\n\n$$$$ Important configuration folders\n"
print "\n$$$$ /etc/whonix.d/\n\n"
system 'ls -l /etc/whonix.d/'
print "\n$$$$ /etc/whonix_firewall.d\n\n"
system 'ls -l /etc/whonix_firewall.d/'

print "\n\n$$$$ Important logs:\n\n"
print "\n\n$$$$ /var/log/syslog\n\n"
system 'tail -40 /var/log/syslog'

print "\n\n$$$$ /var/log/sdwdate.log\n\n"
system 'tail -40 /var/log/sdwdate.log'

print "\n\n$$$$ /var/log/control-port-filter-python.log\n\n"
system 'tail -40 /var/log/control-port-filter-python.log'

print "\n\n$$$$ /var/log/tor/log\n\n"
system 'tail -40 /var/log/tor/log'


print "\n\n$$$$ is whonix running ?\n\n"
system 'whonix'
print "\n\n$$$$$$$$ whonixcheck connection to TOR \n\n"
system 'whonixcheck'

print "\n\n$$$$ is arm available ?\n\n"
system 'arm -h'
system 'arm -v'

print "\n\n$$$$ is tor [service] running ?\n\n"
system 'service --status-all | grep tor'
system 'ps aux | grep "/usr/bin/tor" | grep -v grep'

print "\n\n$$$$$$$$ TOR version\n\n"
system 'tor-ctrl -v -c "GETINFO version"'

print "\n\n$$$$$$$$ is tor-prompt available ?\n\n"
system 'tor-prompt -h'

print "\n\n$$$$$$$$ is torsocks available ?\n\n"
system 'torsocks'

print "\n\n$$$$$$$$ is tor-resolve available ?\n\n"
system 'tor-resolve'

print "\n\ntor-resolve www.google.com\n\n"
system 'tor-resolve www.google.com'


print "\n\n$$$$ is networking [service] running ?\n\n"
system 'service --status-all | grep networking'

print "\n\n$$$$ Network configuration\n\n"
system 'ifconfig'
print "\n\n$$$$$$$$ iptables\n\n"
system 'iptables --list'

print "\n\n$$$$$$$$ active connections IPv4\n\n"
system 'netstat -4 -a -e -p -v'

print "\n\n$$$$$$$$ My Exit Relay IP\n\n"
MY_EXTERNAL_IP = `wget -O - -q http://ipecho.net/plain ; echo`
print "IP=#{MY_EXTERNAL_IP}\n"
system 'wget -O - -q http://api.hackertarget.com/reversedns/?q='+MY_EXTERNAL_IP
print "\n"

print "\n\n$$$$$$$$ uname\n\n"
system 'uname -a'
print "\n\n$$$$$$$$ hostname\n\n"
system 'hostname'
print "\n\n$$$$$$$$ dnsdomainname\n\n"
system 'dnsdomainname'

print "\n\n$$$$ (Ending at ", `date`.strip, ")\n"



 

If you run this script, you will get something like the following, which can help guide you through TOR’s internals.

  • ( NOTE: I’ll analyze the tool’s output in more detail in a future post)
$$$$ TOR Host Analysis Report [Version 0.10]
$$$$
$$$$ Analyzing local host TOR environment ...
$$$$ (Starting at Thu Jul 14 15:25:35 UTC 2016)

$$$$ Important TOR configuration files:

$$$$ torrc

# This file is part of Whonix
# Copyright (C) 2012 - 2013 adrelanos <adrelanos at riseup dot net>
# See the file COPYING for copying conditions.

# Use this file for your user customizations.
# Please see /etc/tor/torrc.examples for help, options, comments etc.

# Anything here will override Whonix's own Tor config customizations in
# /usr/share/tor/tor-service-defaults-torrc

# Enable Tor through whonixsetup or manually uncomment "DisableNetwork 0" by
# removing the # in front of it.
DisableNetwork 0

$$$$ /usr/share/tor/tor-service-defaults-torrc

## This file is part of Whonix.
## Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

# Please use "/etc/tor/torrc" for your custom configuration,
# which will override the defaults found here. When this package is updated,
# this file may be overwritten.

## You can find the original upstream tor-service-defaults-torrc under
## /usr/share/tor/tor-service-defaults-torrc.anondist-orig

######################################################################
## DO NOT CHANGE ANYTHING BELOW, UNLESS YOU KNOW WHAT YOU ARE DOING! #
## DO NOT CHANGE ANYTHING BELOW, UNLESS YOU KNOW WHAT YOU ARE DOING! #
## DO NOT CHANGE ANYTHING BELOW, UNLESS YOU KNOW WHAT YOU ARE DOING! #
## DO NOT CHANGE ANYTHING BELOW, UNLESS YOU KNOW WHAT YOU ARE DOING! #
## DO NOT CHANGE ANYTHING BELOW, UNLESS YOU KNOW WHAT YOU ARE DOING! #
######################################################################

   ###################
#### Internals torrc #
   ######################################
    # Upstream Defaults File            #
    # Enable / Disable Tor              #
    # Leak Tests                        #
    # General Settings                  #
    # Workstation Trans/Dns-Port        #
    # Workstation SocksPorts            #
    # Gateway Trans/Dns-Port            #
    # Gateway SocksPorts                #
    #####################################

#########################################
## Upstream Defaults File               #
#########################################

## These defaults are taken from /usr/share/tor/tor-service-defaults-torrc
## on Aug 2013 on Debian Jessi.

DataDirectory /var/lib/tor
PidFile /var/run/tor/tor.pid
RunAsDaemon 1
User debian-tor

ControlSocket /var/run/tor/control
ControlSocketsGroupWritable 1

CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie

Log notice file /var/log/tor/log

#########################
## Enable / Disable Tor #
#########################

## Tor is disabled by default.
## Users are supposed to enable Tor through whonixsetup or manually
## removing the # in front of "DisableNetwork 0" in /etc/tor/torrc.
DisableNetwork 1

#########################################
## Leak Tests                           #
#########################################

##+# #OptionalFeatureNr.6# Leak Testing.
##+#
##+# Manual Leak Testing:
##+# See Whonix/LeakTests. Activate this while testing for leaks. (Step 0)
##+# Deactivate after you are done! (Important!) (Step 9)
##+#
##+# Scripted Leak Testing:
##+# If you change the following two lines, beside removing the hash (#),
##+# beside commenting them in, you break the integrated leaktest script.
##+# See leaktest_whonix_gateway() ed.
##+# See https://www.whonix.org/wiki/Dev/Leak_Tests
##+# on information, how to use the integrated leaktest script.
#ReachableDirAddresses *:80
#ReachableORAddresses *:443
#FascistFirewall 1

#########################################
## General Settings                     #
#########################################

## ControlPort is necessary for tor-arm and Vidalia.
## - Vidalia has to set /var/run/tor/control (default) as
##   Control Cookie. (Not installed by default)
## - Arm autodetects the Control Cookie. (Useful terminal Tor controller.)
## - Tor Control Port Filter Proxy
## - Not using HashedControlPassword or CookieAuthentication.
##   Gateway is no multi purpose machine. It is solely a
##   Tor Gateway. As soon as an adversary has physical access
##   or compromised Gateway, it's Game Over anyway.
ControlPort 9051
ControlListenAddress 127.0.0.1

Log notice syslog
Log notice file /run/tor/log
#Log notice file /var/log/tor/log

## Not required:
#DataDirectory /...
#PidFile /...
#ControlSocket /...
#ControlSocketsGroupWritable 1
#CookieAuthentication 1
#CookieAuthFileGroupReadable 1
#CookieAuthFile /...

#########################################
## mixmaster remailer                   #
#########################################

## REVIEW: Are the virtual IP addresses 1.1.1.1 and 2.2.2.2 appropriate or are different values better?

mapaddress 1.1.1.1 k54ids7luh523dbi.onion
mapaddress 2.2.2.2 gbhpq7eihle4btsn.onion

#########################################
## Misc Settings                        #
#########################################

VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1

###############################
## Workstation Trans/Dns-Port #
###############################

## (comment mirrored from /usr/bin/whonix_firewall)
## Transparent Proxy Port for Workstation
## TRANS_PORT_WORKSTATION="9040"
##+# #OptionalFeatureNr.5# Best possible protection against Identity correlation through circuit sharing. ^5^
##
## TransPort is not used for anything preinstalled by default.
## Only as a catch all for user installed applications,
## which is documented.
##
## IsolateDestAddr should not be activated by default,
## if people install filesharing software it would be a nightmare if all connections to the massive amount
## of destination IP's would go through separate circuits.
##
## For the same reason IsolateDestPort should not be activated by default, since BitTorrent (in some cases)
## uses random ports.
TransPort 10.152.152.10:9040

## (comment mirrored from /usr/bin/whonix_firewall)
## DNS_PORT_WORKSTATION="5300"
##+# #OptionalFeatureNr.5# Best possible protection against Identity correlation through circuit sharing. ^5^
##
## DnsPort is not used for anything preinstalled by default.
## Only as a catch all for user installed applications,
## which is documented.
##
## Not listening on port 53 but rather on a port higher than 1024 to avoid
## issues with reloading Tor. (Tor drops privileges and is then unable to
## create listeners below 1024.)
##
## Not sure about IsolateDestAddr.
## IsolateDestPort has probably very little effect, since most DNS servers listen on port 53.
DnsPort 10.152.152.10:5300 IsolateDestPort

###########################
## Workstation SocksPorts #
###########################

## (comment mirrored from /usr/bin/whonix_firewall)
## Socks Ports for per application circuits.
## SOCKS_PORT_TOR_DEFAULT="9050"
## SOCKS_PORT_TB="9100"
## SOCKS_PORT_IRC="9101"
## SOCKS_PORT_TORBIRDY="9102"
## SOCKS_PORT_IM="9103"
## SOCKS_PORT_APT_GET="9104"
## SOCKS_PORT_GPG="9105"
## SOCKS_PORT_SSH="9106"
## SOCKS_PORT_GIT="9107"
## SOCKS_PORT_SDWDATE="9108"
## SOCKS_PORT_WGET="9109"
## SOCKS_PORT_WHONIXCHECK="9110"
## SOCKS_PORT_BITCOIN="9111"
## SOCKS_PORT_PRIVOXY="9112"
## SOCKS_PORT_POLIPO="9113"
## SOCKS_PORT_WHONIX_NEWS="9114"
## SOCKS_PORT_TBB_DOWNLOAD="9115"
## SOCKS_PORT_TBB_GPG="9116"
## SOCKS_PORT_CURL="9117"
## SOCKS_PORT_RSS="9118"
## SOCKS_PORT_TORCHAT="9119"
## SOCKS_PORT_MIXMASTERUPDATE="9120"
## SOCKS_PORT_MIXMASTER="9121"
## SOCKS_PORT_KDE="9122"
## SOCKS_PORT_GNOME="9123"
## SOCKS_PORT_APTITUDE="9124"
## SOCKS_PORT_YUM="9125"
## SOCKS_PORT_TBB_DEFAULT="9150"

## Tor Default Port
## Only for applications, which expect Tor to be running on port 9050.
SocksPort 10.152.152.10:9050

## Web: Tor Browser
## Not using IsolateDestAddr IsolateDestPort, because too much
## performance loss, too much load on Tor network and not secure.
## Ticket https://trac.torproject.org/projects/tor/ticket/3455
## is the right way to solve this issue. Waiting for upstream.
SocksPort 10.152.152.10:9100
#SocksPort 10.152.152.10:9100 IsolateDestAddr IsolateDestPort

## IRC: XChat
## People are normally not connected to too many IRC servers,
## so they can use one circuit per server.
SocksPort 10.152.152.10:9101 IsolateDestAddr IsolateDestPort

## Mail: Thunderbird with TorBirdy
## Not preinstalled.
## Not used by too many people. Most users do not connect to
## too many servers.
SocksPort 10.152.152.10:9102 IsolateDestAddr IsolateDestPort

## Instant Messenger
## People are normally not connected to too many IM servers,
## so they can use one circuit per server.
SocksPort 10.152.152.10:9103 IsolateDestAddr IsolateDestPort

## Operating system updates: apt-get
## Not using IsolateDestAddr IsolateDestPort, because too much
## performance loss, too much load on Tor network and no gain
## in security.
SocksPort 10.152.152.10:9104

## gpg
## Not used by too many people. Most users do not connect to
## too many servers.
SocksPort 10.152.152.10:9105 IsolateDestAddr IsolateDestPort

## ssh
## Not used by too many people. Most users do not connect to
## too many servers.
SocksPort 10.152.152.10:9106 IsolateDestAddr IsolateDestPort

## git
## Not preinstalled.
## Not used by too many people. Most users do not connect to
## too many servers.
SocksPort 10.152.152.10:9107 IsolateDestAddr IsolateDestPort

## Network Time Synchronization
## There are only three different connections.
SocksPort 10.152.152.10:9108 IsolateDestAddr IsolateDestPort

## command line downloader: wget
## Only manually and by very few applications used. Should not
## hurt performance or Tor network. Very few connections are
## expected.
SocksPort 10.152.152.10:9109 IsolateDestAddr IsolateDestPort

## whonixcheck
## Only connects to https://check.torproject.org and checks IP
## and Tor Browser version.
## Only one server and only one port.
## Would be fine without IsolateDestAddr IsolateDestPort,
## but add it anyway to have less exceptions.
SocksPort 10.152.152.10:9110 IsolateDestAddr IsolateDestPort

## BitCoin
## Not using IsolateDestAddr IsolateDestPort.
## Makes too many connections to different servers. Should not
## hurt if they get through the same circuit.
SocksPort 10.152.152.10:9111

## http to socks converter: privoxy
## Not in use for anything preinstalled.
## Not using IsolateDestAddr IsolateDestPort for the same reasons
## as mentioned under Web: Tor Browser.
## Only used for Thunderbird with TorBirdy, which is not
## preinstalled.
SocksPort 10.152.152.10:9112

## http to socks converter: polipo
## Not in use for anything preinstalled.
## Not using IsolateDestAddr IsolateDestPort for the same reasons
## as mentioned under Web: Tor Browser.
SocksPort 10.152.152.10:9113

## Whonix news download
## Only connects to the Whonix homepage and downloads a small file with
## latest important Whonix news.
## Only one server and only one port.
## Would be fine without IsolateDestAddr IsolateDestPort,
## but add it anyway to have less exceptions.
SocksPort 10.152.152.10:9114 IsolateDestAddr IsolateDestPort

## Tor Browser bundle download
## Rarely used.
## Only one server and only one port.
## Would be fine without IsolateDestAddr IsolateDestPort,
## but add it anyway to have less exceptions.
SocksPort 10.152.152.10:9115 IsolateDestAddr IsolateDestPort

## Tor Browser gpg public key download
## Rarely used.
## Only one server and only one port.
## Would be fine without IsolateDestAddr IsolateDestPort,
## but add it anyway to have less exceptions.
SocksPort 10.152.152.10:9116 IsolateDestAddr IsolateDestPort

## Curl
## Only manually and by very few applications used. Should not
## hurt performance or Tor network. Very few connections are
## expected.
SocksPort 10.152.152.10:9117 IsolateDestAddr IsolateDestPort

## RSS
## By default only for the Whonix Blog and for the torproject.org blog.
## Few users expected to add their own feeds.
SocksPort 10.152.152.10:9118 IsolateDestAddr IsolateDestPort

## TorChat
## Not using IsolateDestAddr or IsolateDestPort, because upstream
## TorChat also does not do it. Since it only connects to
## hidden services it would perhaps not make a difference anyway.
SocksPort 10.152.152.10:9119

## mixmaster-update
## Few users expected to use it.
## Since it only connects to one or very few servers using
## IsolateDestAddr IsolateDestPort.
SocksPort 10.152.152.10:9120 IsolateDestAddr IsolateDestPort

## mixmaster
## This port is currently not in use. See Whonix mixmaster integration.
## https://www.whonix.org/wiki/Dev/Mixmaster
## Few users expected to use it.
## Since it only connects to one or very few servers using
## IsolateDestAddr IsolateDestPort.
SocksPort 10.152.152.10:9121 IsolateDestAddr IsolateDestPort

## KDE application wide proxy.
## Not using IsolateDestAddr or IsolateDestPort, because also browsers
## could use this port.
SocksPort 10.152.152.10:9122

## GNOME application wide proxy.
## This port is currently not in use.
## Not using IsolateDestAddr or IsolateDestPort, because also browsers
## could use this port.
SocksPort 10.152.152.10:9123

## Operating system updates: aptitude
## Not using IsolateDestAddr IsolateDestPort, because too much
## performance loss, too much load on Tor network and no gain
## in security.
SocksPort 10.152.152.10:9124

## Operating system updates: yum
## Not using IsolateDestAddr IsolateDestPort, because too much
## performance loss, too much load on Tor network and no gain
## in security.
SocksPort 10.152.152.10:9125

## Tor Browser Bundle Default Port
## This port gets used if someone uses the default Tor Browser Bundle.
## (rinetd runs on Workstation and forwards connections from
##  127.0.0.1:9150 to 10.152.152.10:9150 [as part of the
## anon-ws-disable-stacked-tor package].)
## Not using IsolateDestAddr IsolateDestPort, because too much
## performance loss, too much load on Tor network and not secure.
## Ticket https://trac.torproject.org/projects/tor/ticket/3455
## is the right way to solve this issue. Waiting for upstream.
SocksPort 10.152.152.10:9150 IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth

## Tor Messenger's default port
## This port gets used if someone uses the default Tor Messenger.
## (rinetd runs on Workstation and forwards connections from
##  127.0.0.1:9152 to 10.152.152.10:9152 [as part of the
## anon-ws-disable-stacked-tor package].)
SocksPort 10.152.152.10:9152 IsolateDestAddr IsolateDestPort

##+# #OptionalFeatureNr.4# More Socks Ports.
## Custom Ports #1:
## without IsolateDestAddr
## without IsolateDestPort
SocksPort 10.152.152.10:9153
SocksPort 10.152.152.10:9154
SocksPort 10.152.152.10:9155
SocksPort 10.152.152.10:9156
SocksPort 10.152.152.10:9157
SocksPort 10.152.152.10:9158
SocksPort 10.152.152.10:9159

##+# #OptionalFeatureNr.4# More Socks Ports.
## Custom Ports #2:
## with IsolateDestAddr
## without IsolateDestPort
SocksPort 10.152.152.10:9160 IsolateDestAddr
SocksPort 10.152.152.10:9161 IsolateDestAddr
SocksPort 10.152.152.10:9162 IsolateDestAddr
SocksPort 10.152.152.10:9163 IsolateDestAddr
SocksPort 10.152.152.10:9164 IsolateDestAddr
SocksPort 10.152.152.10:9165 IsolateDestAddr
SocksPort 10.152.152.10:9166 IsolateDestAddr
SocksPort 10.152.152.10:9167 IsolateDestAddr
SocksPort 10.152.152.10:9168 IsolateDestAddr
SocksPort 10.152.152.10:9169 IsolateDestAddr

##+# #OptionalFeatureNr.4# More Socks Ports.
## Custom Ports #3:
## without IsolateDestAddr
## with IsolateDestPort
SocksPort 10.152.152.10:9170 IsolateDestPort
SocksPort 10.152.152.10:9171 IsolateDestPort
SocksPort 10.152.152.10:9172 IsolateDestPort
SocksPort 10.152.152.10:9173 IsolateDestPort
SocksPort 10.152.152.10:9174 IsolateDestPort
SocksPort 10.152.152.10:9175 IsolateDestPort
SocksPort 10.152.152.10:9176 IsolateDestPort
SocksPort 10.152.152.10:9177 IsolateDestPort
SocksPort 10.152.152.10:9178 IsolateDestPort
SocksPort 10.152.152.10:9179 IsolateDestPort

##+# #OptionalFeatureNr.4# More Socks Ports.
## Custom Ports #4:
## with IsolateDestAddr
## with IsolateDestPort
SocksPort 10.152.152.10:9180 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9181 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9182 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9183 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9184 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9185 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9186 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9187 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9188 IsolateDestAddr IsolateDestPort
SocksPort 10.152.152.10:9189 IsolateDestAddr IsolateDestPort

###########################
## Gateway Trans/Dns-Port #
###########################

## TransPort and DnsPort are not enabled in gateway firewall by default.
##
## (comment mirrored from /usr/bin/whonix_firewall)
## Transparent Proxy Ports for Whonix-Gateway
## TRANS_PORT_GATEWAY="9041"
## DNS_PORT_GATEWAY="5400"
TransPort 127.0.0.1:9041
DnsPort 127.0.0.1:5400

#######################
## Gateway SocksPorts #
#######################

## Developer comment:
##
## We actually do not need all of them,
## but they do not hurt anyway and
## it keeps the setup more generic,
## with less exceptions.
##
## Comments why we (not) use IsolateDestAddr and/or IsolateDestPort
## are the same as in section Workstation SocksPorts.

SocksPort 127.0.0.1:9050
SocksPort 127.0.0.1:9100
SocksPort 127.0.0.1:9101 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9102 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9103 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9104
SocksPort 127.0.0.1:9105 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9106 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9107 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9108 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9109 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9110 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9111
SocksPort 127.0.0.1:9112
SocksPort 127.0.0.1:9113
SocksPort 127.0.0.1:9114 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9115 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9116 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9117 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9118 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9119
SocksPort 127.0.0.1:9120 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9121 IsolateDestAddr IsolateDestPort
SocksPort 127.0.0.1:9122
SocksPort 127.0.0.1:9123
SocksPort 127.0.0.1:9124
SocksPort 127.0.0.1:9125
SocksPort 127.0.0.1:9150 IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth

#####################################################
## End of /usr/share/tor/tor-service-defaults-torrc #
#####################################################


$$$$ Important configuration folders

$$$$ /etc/whonix.d/

total 8
-rw-r--r-- 1 root root 7357 Aug 15  2013 30_whonixcheck_default.conf

$$$$ /etc/whonix_firewall.d

total 12
-rw-r--r-- 1 root root 8871 Aug 15  2013 30_default.conf


$$$$ Important logs:



$$$$ /var/log/syslog

Jul 14 15:25:17 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:22 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:27 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device
Jul 14 15:25:32 host brltty[169]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device


$$$$ /var/log/sdwdate.log

2016-07-14 14:39:36,997 - sdwdate.log - INFO - Old unixttime: 1468507177.0
2016-07-14 14:39:36,997 - sdwdate.log - INFO - New unixtime : 1468507346.61
2016-07-14 14:42:26,614 - sdwdate.log - INFO - Instantly setting the time by using command "sudo /bin/date --set @1468507346.61"
2016-07-14 14:42:26,615 - sdwdate.log - INFO - Last run (on Thu Jul 14 14:39:36 UTC 2016) was successful.
 
 Sleeping for 101 minutes.
2016-07-14 14:52:21,523 - sdwdate.log - INFO - sdwdate started. PID 1410
2016-07-14 14:52:22,583 - sdwdate.log - INFO - Tor socks host: 127.0.0.1  Tor socks port: 9108
2016-07-14 14:52:26,519 - sdwdate.log - WARNING - Prerequsite check:
 Tor is not yet fully bootstrapped. 85 % done.
Tor reports: NOTICE BOOTSTRAP PROGRESS=85 TAG=handshake_or SUMMARY="Finishing handshake with first hop"
2016-07-14 14:52:36,807 - sdwdate.log - INFO - Fetching remote times, start Thu Jul 14 14:52:36 UTC 2016 (unixtime 1468507956.81)
2016-07-14 14:52:36,887 - sdwdate.log - INFO - The clock is sane
 Current time Thu Jul 14 14:52:36 UTC 2016
2016-07-14 14:52:36,887 - sdwdate.log - INFO - Fetching remote times...<br>For better security and anonymity, ideally please do not use the internet until initial time fetching succeeded.
2016-07-14 14:52:36,887 - sdwdate.log - INFO - Running sdwdate loop, iteration 1
2016-07-14 14:52:36,887 - sdwdate.log - INFO - Requested urls ['y6xjgkgwj47us5ca.onion', 'w6csjytbrl273che.onion', 'j7652k4sod2azfu6.onion']
2016-07-14 14:52:52,868 - sdwdate.log - INFO - Returned urls "['y6xjgkgwj47us5ca.onion', 'w6csjytbrl273che.onion', 'j7652k4sod2azfu6.onion']"
2016-07-14 14:52:52,869 - sdwdate.log - INFO - Remote status "y6xjgkgwj47us5ca.onion", True
2016-07-14 14:52:52,869 - sdwdate.log - INFO - Remote status "w6csjytbrl273che.onion", True
2016-07-14 14:52:52,869 - sdwdate.log - INFO - Remote status "j7652k4sod2azfu6.onion", True
2016-07-14 14:52:52,869 - sdwdate.log - INFO - Pool 1 last url: y6xjgkgwj47us5ca.onion, web unixtime: 1468507917, web time: Thu Jul 14 14:51:57 UTC 2016, diff: -55 seconds
2016-07-14 14:52:52,869 - sdwdate.log - INFO - Pool 2 last url: w6csjytbrl273che.onion, web unixtime: 1468506962, web time: Thu Jul 14 14:36:02 UTC 2016, diff: -1010 seconds
2016-07-14 14:52:52,869 - sdwdate.log - INFO - Pool 3 last url: j7652k4sod2azfu6.onion, web unixtime: 1468507918, web time: Thu Jul 14 14:51:58 UTC 2016, diff: -54 seconds
2016-07-14 14:52:52,869 - sdwdate.log - INFO - Reachable urls:
y6xjgkgwj47us5ca.onion: "The Intercept    https://firstlook.org/theintercept/securedrop    y6xjgkgwj47us5ca.onion"
w6csjytbrl273che.onion: "Ljost[24][25]     2012-September-30     Transparency Activism     w6csjytbrl273che.onion     https://w6csjytbrl273che.tor2web.org/     Iceland"
j7652k4sod2azfu6.onion: "https://www.systemli.org/en/service/etherpad.html Systemli.org privacy tech collective"
2016-07-14 14:52:52,869 - sdwdate.log - INFO - Unreachable urls:
2016-07-14 14:52:52,870 - sdwdate.log - INFO - Fetching remote times, end Thu Jul 14 14:52:52 UTC 2016 (unixtime 1468507972.87)
2016-07-14 14:52:52,872 - sdwdate.log - INFO - Pool differences, sorted: [-1010, -55, -54]
2016-07-14 14:52:52,872 - sdwdate.log - INFO - Median time difference: -55
2016-07-14 14:52:52,872 - sdwdate.log - INFO - Seconds to add: - 0.113674991
2016-07-14 14:52:52,872 - sdwdate.log - INFO - New time difference: -55.113674991
2016-07-14 14:52:52,872 - sdwdate.log - INFO - Old unixttime: 1468507972.87
2016-07-14 14:52:52,872 - sdwdate.log - INFO - New unixtime : 1468507917.76
2016-07-14 14:51:57,762 - sdwdate.log - INFO - Instantly setting the time by using command "sudo /bin/date --set @1468507917.76"
2016-07-14 14:51:57,762 - sdwdate.log - INFO - Last run (on Thu Jul 14 14:52:52 UTC 2016) was successful.
 
 Sleeping for 81 minutes.


$$$$ /var/log/control-port-filter-python.log

2016-07-01 17:13:08,027 - CPFP log - WARNING - Answer: 510 Request filtered "setevents stream"
2016-07-01 17:27:34,346 - CPFP log - DEBUG - Request: getinfo status/bootstrap-phase
2016-07-01 17:27:34,348 - CPFP log - DEBUG - Answer: 250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
250 OK
2016-07-01 17:27:34,353 - CPFP log - DEBUG - Request: quit
2016-07-01 17:27:34,356 - CPFP log - DEBUG - Answer: 250 closing connection
2016-07-01 17:27:34,469 - CPFP log - DEBUG - Request: getinfo status/circuit-established
2016-07-01 17:27:34,471 - CPFP log - DEBUG - Answer: 250-status/circuit-established=1
250 OK
2016-07-01 17:27:34,474 - CPFP log - DEBUG - Request: quit
2016-07-01 17:27:34,475 - CPFP log - DEBUG - Answer: 250 closing connection
2016-07-01 18:27:38,380 - CPFP log - DEBUG - Request: getinfo status/bootstrap-phase
2016-07-01 18:27:38,382 - CPFP log - DEBUG - Answer: 250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
250 OK
2016-07-01 18:27:38,384 - CPFP log - DEBUG - Request: quit
2016-07-01 18:27:38,386 - CPFP log - DEBUG - Answer: 250 closing connection
2016-07-01 18:27:38,500 - CPFP log - DEBUG - Request: getinfo status/circuit-established
2016-07-01 18:27:38,502 - CPFP log - DEBUG - Answer: 250-status/circuit-established=1
250 OK
2016-07-01 18:27:38,504 - CPFP log - DEBUG - Request: quit
2016-07-01 18:27:38,507 - CPFP log - DEBUG - Answer: 250 closing connection
2016-07-01 19:27:46,623 - CPFP log - DEBUG - Request: getinfo status/bootstrap-phase
2016-07-01 19:27:46,625 - CPFP log - DEBUG - Answer: 250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
250 OK
2016-07-01 19:27:46,627 - CPFP log - DEBUG - Request: quit
2016-07-01 19:27:46,629 - CPFP log - DEBUG - Answer: 250 closing connection
2016-07-01 19:27:46,730 - CPFP log - DEBUG - Request: getinfo status/circuit-established
2016-07-01 19:27:46,732 - CPFP log - DEBUG - Answer: 250-status/circuit-established=1
250 OK
2016-07-01 19:27:46,734 - CPFP log - DEBUG - Request: quit
2016-07-01 19:27:46,736 - CPFP log - DEBUG - Answer: 250 closing connection
2016-07-01 20:21:55,142 - CPFP log - WARNING - Signal sigterm received. Exiting.
2016-07-02 17:15:44,900 - CPFP log - DEBUG - Trying to start Tor control port filter on IP 10.152.152.10 port 9052
2016-07-02 17:15:44,979 - CPFP log - DEBUG - Tor control port filter started, listening on IP 10.152.152.10 port 9052
2016-07-03 08:46:59,479 - CPFP log - DEBUG - Trying to start Tor control port filter on IP 10.152.152.10 port 9052
2016-07-03 08:46:59,968 - CPFP log - DEBUG - Tor control port filter started, listening on IP 10.152.152.10 port 9052
2016-07-14 14:39:01,142 - CPFP log - DEBUG - Trying to start Tor control port filter on IP 10.152.152.10 port 9052
2016-07-14 14:39:01,220 - CPFP log - DEBUG - Tor control port filter started, listening on IP 10.152.152.10 port 9052
2016-07-14 14:52:18,685 - CPFP log - DEBUG - Trying to start Tor control port filter on IP 10.152.152.10 port 9052
2016-07-14 14:52:21,639 - CPFP log - DEBUG - Tor control port filter started, listening on IP 10.152.152.10 port 9052


$$$$ /var/log/tor/log

Jul 14 14:52:14.432 [notice] Opening Socks listener on 127.0.0.1:9150
Jul 14 14:52:14.433 [notice] Opening DNS listener on 10.152.152.10:5300
Jul 14 14:52:14.433 [notice] Opening DNS listener on 127.0.0.1:5400
Jul 14 14:52:14.433 [notice] Opening Transparent pf/netfilter listener on 10.152.152.10:9040
Jul 14 14:52:14.433 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9041
Jul 14 14:52:14.433 [notice] Opening Control listener on 127.0.0.1:9051
Jul 14 14:52:14.433 [notice] Opening Control listener on /var/run/tor/control
Jul 14 14:52:14.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jul 14 14:52:15.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jul 14 14:52:16.000 [notice] Bootstrapped 0%: Starting
Jul 14 14:52:19.000 [notice] Bootstrapped 5%: Connecting to directory server
Jul 14 14:52:19.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Jul 14 14:52:19.000 [notice] Signaled readiness to systemd
Jul 14 14:52:22.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Jul 14 14:52:25.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:52:26.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:52:26.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jul 14 14:52:36.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jul 14 14:52:36.000 [notice] Bootstrapped 100%: Done
Jul 14 14:52:36.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:52:36.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:52:33.000 [warn] Socks version 71 not recognized. (Tor is not an http proxy.)
Jul 14 14:52:33.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:52:33.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:54:34.000 [warn] Socks version 71 not recognized. (Tor is not an http proxy.)
Jul 14 14:54:34.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:54:34.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 14:55:07.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:01:05.000 [warn] Socks version 71 not recognized. (Tor is not an http proxy.)
Jul 14 15:01:05.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:01:05.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:01:29.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:03:42.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:04:38.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:05:01.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:05:40.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:08:24.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:11:57.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:15:19.000 [notice] New control connection opened from 127.0.0.1.
Jul 14 15:17:13.000 [notice] New control connection opened from 127.0.0.1.


$$$$ is whonix running ?

[1mDocumentation can be found on Whonix homepage.
https://www.whonix.org

Whonix is based on Debian, VirtualBox and Tor.

The following commands are available on Whonix-Gateway...(B[m

[4mAnonymizing Relay Monitor
(Vidalia alternative, Tor Controller as console application):(B[m
arm

[4mRestart Network:(B[m
sudo service networking restart

[4mRestart Tor:(B[m
sudo service tor@default restart

[4mManually set System Clock:(B[m
sudo date -s "17 FEB 2012 24:00:00" && sudo hwclock -w

[4mUpdate operating system:(B[m
sudo apt-get update
sudo apt-get dist-upgrade

[4mCheck Network Time Synchronization and Tor connection:(B[m
whonixcheck

[4mSwich to clearnet user. clearnet user has direct internet access:(B[m
(see DNS notes below)
sudo su clearnet

[4mReboot:(B[m
sudo reboot

[4mPower off:(B[m
sudo poweroff

[4mCircumvent using uwt wrapper (Experts / Debugging only!):(B[m
/usr/bin/apt-get.anondist-orig
/usr/bin/wget.anondist-orig
/usr/bin/curl.anondist-orig
/usr/bin/gpg.anondist-orig
/usr/bin/ssh.anondist-orig

[4mcheck if DNS resolution is functional:(B[m
- Experts only!
- This is only a summary.
- You normally do not need to manually resolve DNS on Whonix-Gateway.
- Whonix has by default a feature to hide the fact, that you are a Whonix user.
  - This will NOT hide the fact that you are a Tor user from your ISP!
    - Hiding the fact, that you are a Tor user, is available as an optional configuration.
  - Whonix-Workstations traffic goes through Tors Socks-, Dns- or TransPorts.
  - Whonix-Gateway can only send traffic through Tor as well.
    - Whonix-Gateway has no longer a Trans- or DnsPort.
    - For example, apt-get will actually call the uwt wrapper /usr/bin/apt-get.
    - The apt-get uwt wrapper will with help of uwt and torsocks force also
      Whonix-Gateways traffic through Tor.
    - Thus hiding the fact, that you are a Whonix user.
- Only as either,
  - as clearnet user or
  - after activation of transparent proxying for Whonix-Gateway
    in /etc/whonix_firewall.d/ or
  - after allowing Whonix-Gateways root sending non-Tor traffic
    in /etc/whonix_firewall.d/
- chattr -i /etc/resolv.conf
- fix /etc/resolv.conf either,
  - manually or
  - sudo service networking restart
- nslookup check.torproject.org

[4mImportant configuration files:(B[m
nano /etc/tor/torrc

[4mImportant configuration folders:(B[m
/etc/whonix.d/
/etc/whonix_firewall.d/

[4mImportant logs:(B[m
tail -f /var/log/syslog
tail -f -n 20 /var/log/sdwdate.log
tail -f /var/log/controlportfilt.log
tail -f /var/log/tor/log

[4m Connection Wizard (Enable/Disable Tor)(B[m
sudo whonixsetup

[4mChange keyboard layout:(B[m
sudo dpkg-reconfigure keyboard-configuration
sudo dpkg-reconfigure console-data

[4mDefault username and password for Whonix-Gateway and Whonix-Workstation:(B[m
Default username: user
Default password: changeme

[4mFor slower output, run:(B[m
whonix | more

[1mEnd of Whonix help.(B[m



$$$$$$$$ whonixcheck connection to TOR 

[[31m[1mERROR(B[m] [whonixcheck] Please do not run whonixcheck as root.


$$$$ is arm available ?

Usage arm [OPTION]
Terminal status monitor for Tor relays.

  -g, --gui                       launch the Gtk+ interface
  -p, --prompt                    only start the control interpretor
  -i, --interface [ADDRESS:]PORT  change control interface from 127.0.0.1:9051
  -s, --socket SOCKET_PATH        attach using unix domain socket if present,
                                    SOCKET_PATH defaults to: /var/run/tor/control
  -c, --config CONFIG_PATH        loaded configuration options, CONFIG_PATH
                                    defaults to: /root/.arm/armrc
  -d, --debug                     writes all arm logs to /root/.arm/log
  -b, --blind                     disable connection lookups
  -e, --event EVENT_FLAGS         event types in message log  (default: N3)
        d DEBUG      a ADDRMAP           k DESCCHANGED   s STREAM
        i INFO       f AUTHDIR_NEWDESCS  g GUARD         r STREAM_BW
        n NOTICE     h BUILDTIMEOUT_SET  l NEWCONSENSUS  t STATUS_CLIENT
        w WARN       b BW                m NEWDESC       u STATUS_GENERAL
        e ERR        c CIRC              p NS            v STATUS_SERVER
                     j CLIENTS_SEEN      q ORCONN
          DINWE tor runlevel+            A All Events
          12345 arm runlevel+            X No Events
          67890 torctl runlevel+         U Unknown Events
  -v, --version                   provides version information
  -h, --help                      presents this help

Example:
arm -b -i 1643          hide connection data, attaching to control port 1643
arm -e we -c /tmp/cfg   use this configuration file with 'WARN'/'ERR' events

arm version 1.4.5.0 (released April 28, 2012)



$$$$ is tor [service] running ?

 [ + ]  tor
debian-+  1385  0.1  3.1  26376 24264 ?        Ss   14:51   0:03 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0


$$$$$$$$ TOR version

Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
250 OK
250-version=0.2.7.6 (git-605ae665009853bd)
250 OK
250 closing connection


$$$$$$$$ is tor-prompt available ?

Interactive interpreter for Tor. This provides you with direct access
to Tor's control interface via either python or direct requests.

  -i, --interface [ADDRESS:]PORT  change control interface from 127.0.0.1:9051
  -s, --socket SOCKET_PATH        attach using unix domain socket if present,
                                    SOCKET_PATH defaults to: /var/run/tor/control
  --no-color                      disables colorized output
  -h, --help                      presents this help



$$$$$$$$ is torsocks available ?

torsocks 2.0.0

/usr/bin/torsocks [OPTIONS] [COMMAND [arg ...]]

usage: /usr/bin/torsocks command args

Options:
  -h, --help      Show this help
      --shell     Spawn a torified shell
      --version   Show version
  -d, --debug     Set debug mode.
  -u, --user NAME Username for the SOCKS5 authentication
  -p, --pass NAME Password for the SOCKS5 authentication
  on, off         Set/Unset your shell to use Torsocks by default
                  Make sure to source the call when using this option. (See Examples)
  show, sh        Show the current value of the LD_PRELOAD

Examples:

Simple use of torsocks with SSH
    $ torsocks ssh user@host.com -p 1234

Set your current shell in Tor mode.
    $ . torsocks on

Please see torsocks(1), torsocks.conf(5) and torsocks(8) for more information.


$$$$$$$$ is tor-resolve available ?

Syntax: tor-resolve [-4] [-5] [-v] [-x] [-p port] hostname [sockshost[:socksport]]


tor-resolve www.google.com

216.58.198.228


$$$$ is networking [service] running ?

 [ + ]  networking


$$$$ Network configuration

eth0      Link encap:Ethernet  HWaddr 08:00:27:b7:49:35  
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4295 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3260 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:983100 (960.0 KiB)  TX bytes:1613725 (1.5 MiB)
          Interrupt:19 Base address:0xd000 

eth1      Link encap:Ethernet  HWaddr 08:00:27:b4:c2:dd  
          inet addr:10.152.152.10  Bcast:10.152.191.255  Mask:255.255.192.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:16 Base address:0xd040 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1982 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1982 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:262618 (256.4 KiB)  TX bytes:262618 (256.4 KiB)



$$$$$$$$ iptables

Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             state INVALID
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN/FIN,SYN
DROP       tcp  --  anywhere             anywhere             tcp flags:SYN,RST/SYN,RST
DROP       all  -f  anywhere             anywhere            
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP       tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
DROP       icmp --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere             udp dpt:5300
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9040
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9052
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9124
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9104
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9111
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9117
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9107
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9123
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9105
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bacula-sd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bacula-dir
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9122
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9121
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9120
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9113
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9112
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9118
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9108
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9106
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9100
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9150
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9115
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9116
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bacula-fd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9119
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9050
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9109
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9110
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9114
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9125
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 9152:9189
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             reject-with icmp-admin-prohibited

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             ctstate INVALID reject-with icmp-admin-prohibited
REJECT     all  --  anywhere             anywhere             state INVALID reject-with icmp-admin-prohibited
REJECT     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK reject-with icmp-admin-prohibited
REJECT     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN/FIN,SYN reject-with icmp-admin-prohibited
REJECT     tcp  --  anywhere             anywhere             tcp flags:SYN,RST/SYN,RST reject-with icmp-admin-prohibited
REJECT     all  -f  anywhere             anywhere             reject-with icmp-admin-prohibited
REJECT     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG reject-with icmp-admin-prohibited
REJECT     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE reject-with icmp-admin-prohibited
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             destination IP range 127.0.0.0-127.0.0.24
ACCEPT     all  --  anywhere             anywhere             destination IP range 192.168.0.0-192.168.0.24
ACCEPT     all  --  anywhere             anywhere             destination IP range 192.168.1.0-192.168.1.24
ACCEPT     all  --  anywhere             anywhere             destination IP range 10.152.152.0-10.152.152.24
ACCEPT     all  --  anywhere             anywhere             destination IP range 10.0.2.2-10.0.2.24
ACCEPT     all  --  anywhere             anywhere             owner UID match clearnet
ACCEPT     all  --  anywhere             anywhere             owner UID match tunnel
ACCEPT     all  --  anywhere             anywhere             owner UID match debian-tor
REJECT     all  --  anywhere             anywhere             reject-with icmp-admin-prohibited


$$$$$$$$ active connections IPv4

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 localhost:9119          *:*                     LISTEN      root       13791       1385/tor        
tcp        0      0 10.152.152.10:9183      *:*                     LISTEN      root       13764       1385/tor        
tcp        0      0 10.152.152.10:9119      *:*                     LISTEN      root       13725       1385/tor        
tcp        0      0 localhost:9120          *:*                     LISTEN      root       13792       1385/tor        
tcp        0      0 10.152.152.10:9184      *:*                     LISTEN      root       13765       1385/tor        
tcp        0      0 10.152.152.10:9152      *:*                     LISTEN      root       13733       1385/tor        
tcp        0      0 10.152.152.10:9120      *:*                     LISTEN      root       13726       1385/tor        
tcp        0      0 localhost:9121          *:*                     LISTEN      root       13793       1385/tor        
tcp        0      0 10.152.152.10:9185      *:*                     LISTEN      root       13766       1385/tor        
tcp        0      0 10.152.152.10:9153      *:*                     LISTEN      root       13734       1385/tor        
tcp        0      0 10.152.152.10:9121      *:*                     LISTEN      root       13727       1385/tor        
tcp        0      0 localhost:9122          *:*                     LISTEN      root       13794       1385/tor        
tcp        0      0 10.152.152.10:9186      *:*                     LISTEN      root       13767       1385/tor        
tcp        0      0 10.152.152.10:9154      *:*                     LISTEN      root       13735       1385/tor        
tcp        0      0 10.152.152.10:9122      *:*                     LISTEN      root       13728       1385/tor        
tcp        0      0 localhost:9123          *:*                     LISTEN      root       13795       1385/tor        
tcp        0      0 10.152.152.10:9187      *:*                     LISTEN      root       13768       1385/tor        
tcp        0      0 10.152.152.10:9155      *:*                     LISTEN      root       13736       1385/tor        
tcp        0      0 10.152.152.10:9123      *:*                     LISTEN      root       13729       1385/tor        
tcp        0      0 localhost:9124          *:*                     LISTEN      root       13796       1385/tor        
tcp        0      0 10.152.152.10:9188      *:*                     LISTEN      root       13769       1385/tor        
tcp        0      0 10.152.152.10:9156      *:*                     LISTEN      root       13737       1385/tor        
tcp        0      0 10.152.152.10:9124      *:*                     LISTEN      root       13730       1385/tor        
tcp        0      0 localhost:9125          *:*                     LISTEN      root       13797       1385/tor        
tcp        0      0 10.152.152.10:9189      *:*                     LISTEN      root       13770       1385/tor        
tcp        0      0 10.152.152.10:9157      *:*                     LISTEN      root       13738       1385/tor        
tcp        0      0 10.152.152.10:9125      *:*                     LISTEN      root       13731       1385/tor        
tcp        0      0 localhost:4101          *:*                     LISTEN      root       8842        169/brltty      
tcp        0      0 10.152.152.10:9158      *:*                     LISTEN      root       13739       1385/tor        
tcp        0      0 10.152.152.10:9159      *:*                     LISTEN      root       13740       1385/tor        
tcp        0      0 10.152.152.10:9160      *:*                     LISTEN      root       13741       1385/tor        
tcp        0      0 10.152.152.10:9161      *:*                     LISTEN      root       13742       1385/tor        
tcp        0      0 10.152.152.10:9162      *:*                     LISTEN      root       13743       1385/tor        
tcp        0      0 *:netbios-ssn           *:*                     LISTEN      root       14486       1622/smbd       
tcp        0      0 10.152.152.10:9163      *:*                     LISTEN      root       13744       1385/tor        
tcp        0      0 localhost:9100          *:*                     LISTEN      root       13772       1385/tor        
tcp        0      0 10.152.152.10:9164      *:*                     LISTEN      root       13745       1385/tor        
tcp        0      0 10.152.152.10:9100      *:*                     LISTEN      root       13706       1385/tor        
tcp        0      0 localhost:bacula-dir    *:*                     LISTEN      root       13773       1385/tor        
tcp        0      0 10.152.152.10:9165      *:*                     LISTEN      root       13746       1385/tor        
tcp        0      0 10.152.152.1:bacula-dir *:*                     LISTEN      root       13707       1385/tor        
tcp        0      0 localhost:bacula-fd     *:*                     LISTEN      root       13774       1385/tor        
tcp        0      0 10.152.152.10:9166      *:*                     LISTEN      root       13747       1385/tor        
tcp        0      0 10.152.152.10:bacula-fd *:*                     LISTEN      root       13708       1385/tor        
tcp        0      0 localhost:bacula-sd     *:*                     LISTEN      root       13775       1385/tor        
tcp        0      0 10.152.152.10:9167      *:*                     LISTEN      root       13748       1385/tor        
tcp        0      0 10.152.152.10:bacula-sd *:*                     LISTEN      root       13709       1385/tor        
tcp        0      0 10.152.152.10:9040      *:*                     LISTEN      root       13801       1385/tor        
tcp        0      0 localhost:9104          *:*                     LISTEN      root       13776       1385/tor        
tcp        0      0 10.152.152.10:9168      *:*                     LISTEN      root       13749       1385/tor        
tcp        0      0 10.152.152.10:9104      *:*                     LISTEN      root       13710       1385/tor        
tcp        0      0 localhost:9041          *:*                     LISTEN      root       13802       1385/tor        
tcp        0      0 localhost:9105          *:*                     LISTEN      root       13777       1385/tor        
tcp        0      0 10.152.152.10:9169      *:*                     LISTEN      root       13750       1385/tor        
tcp        0      0 10.152.152.10:9105      *:*                     LISTEN      root       13711       1385/tor        
tcp        0      0 localhost:9106          *:*                     LISTEN      root       13778       1385/tor        
tcp        0      0 10.152.152.10:9170      *:*                     LISTEN      root       13751       1385/tor        
tcp        0      0 10.152.152.10:9106      *:*                     LISTEN      root       13712       1385/tor        
tcp        0      0 localhost:9107          *:*                     LISTEN      root       13779       1385/tor        
tcp        0      0 10.152.152.10:9171      *:*                     LISTEN      root       13752       1385/tor        
tcp        0      0 10.152.152.10:9107      *:*                     LISTEN      root       13713       1385/tor        
tcp        0      0 localhost:9108          *:*                     LISTEN      root       13780       1385/tor        
tcp        0      0 10.152.152.10:9172      *:*                     LISTEN      root       13753       1385/tor        
tcp        0      0 10.152.152.10:9108      *:*                     LISTEN      root       13714       1385/tor        
tcp        0      0 localhost:9109          *:*                     LISTEN      root       13781       1385/tor        
tcp        0      0 10.152.152.10:9173      *:*                     LISTEN      root       13754       1385/tor        
tcp        0      0 10.152.152.10:9109      *:*                     LISTEN      root       13715       1385/tor        
tcp        0      0 localhost:9110          *:*                     LISTEN      root       13782       1385/tor        
tcp        0      0 10.152.152.10:9174      *:*                     LISTEN      root       13755       1385/tor        
tcp        0      0 10.152.152.10:9110      *:*                     LISTEN      root       13716       1385/tor        
tcp        0      0 localhost:9111          *:*                     LISTEN      root       13783       1385/tor        
tcp        0      0 10.152.152.10:9175      *:*                     LISTEN      root       13756       1385/tor        
tcp        0      0 10.152.152.10:9111      *:*                     LISTEN      root       13717       1385/tor        
tcp        0      0 localhost:9112          *:*                     LISTEN      root       13784       1385/tor        
tcp        0      0 10.152.152.10:9176      *:*                     LISTEN      root       13757       1385/tor        
tcp        0      0 10.152.152.10:9112      *:*                     LISTEN      root       13718       1385/tor        
tcp        0      0 localhost:9113          *:*                     LISTEN      root       13785       1385/tor        
tcp        0      0 10.152.152.10:9177      *:*                     LISTEN      root       13758       1385/tor        
tcp        0      0 10.152.152.10:9113      *:*                     LISTEN      root       13719       1385/tor        
tcp        0      0 localhost:9114          *:*                     LISTEN      root       13786       1385/tor        
tcp        0      0 localhost:9050          *:*                     LISTEN      root       13771       1385/tor        
tcp        0      0 10.152.152.10:9178      *:*                     LISTEN      root       13759       1385/tor        
tcp        0      0 10.152.152.10:9114      *:*                     LISTEN      root       13720       1385/tor        
tcp        0      0 10.152.152.10:9050      *:*                     LISTEN      root       13705       1385/tor        
tcp        0      0 localhost:9051          *:*                     LISTEN      root       13803       1385/tor        
tcp        0      0 localhost:9115          *:*                     LISTEN      root       13787       1385/tor        
tcp        0      0 10.152.152.10:9179      *:*                     LISTEN      root       13760       1385/tor        
tcp        0      0 10.152.152.10:9115      *:*                     LISTEN      root       13721       1385/tor        
tcp        0      0 10.152.152.10:9052      *:*                     LISTEN      debian-tor 14241       1407/python     
tcp        0      0 localhost:9116          *:*                     LISTEN      root       13788       1385/tor        
tcp        0      0 10.152.152.10:9180      *:*                     LISTEN      root       13761       1385/tor        
tcp        0      0 10.152.152.10:9116      *:*                     LISTEN      root       13722       1385/tor        
tcp        0      0 *:microsoft-ds          *:*                     LISTEN      root       14485       1622/smbd       
tcp        0      0 localhost:9117          *:*                     LISTEN      root       13789       1385/tor        
tcp        0      0 10.152.152.10:9181      *:*                     LISTEN      root       13762       1385/tor        
tcp        0      0 10.152.152.10:9117      *:*                     LISTEN      root       13723       1385/tor        
tcp        0      0 localhost:9150          *:*                     LISTEN      root       13798       1385/tor        
tcp        0      0 localhost:9118          *:*                     LISTEN      root       13790       1385/tor        
tcp        0      0 10.152.152.10:9182      *:*                     LISTEN      root       13763       1385/tor        
tcp        0      0 10.152.152.10:9150      *:*                     LISTEN      root       13732       1385/tor        
tcp        0      0 10.152.152.10:9118      *:*                     LISTEN      root       13724       1385/tor        
tcp        0      0 10.0.2.15:36871         10.0.2.2:microsoft-ds   ESTABLISHED root       17549       -               
tcp        0      0 localhost:9051          localhost:50813         TIME_WAIT   root       0           -               
tcp        0      0 10.0.2.15:50687         139.162.130.190:https   ESTABLISHED debian-tor 14206       1385/tor        
udp        0      0 localhost:5400          *:*                                 root       13800       1385/tor        
udp        0      0 *:bootpc                *:*                                 root       11337       956/dhclient    
udp        0      0 *:22123                 *:*                                 root       11313       956/dhclient    
udp        0      0 10.0.2.255:netbios-ns   *:*                                 root       14321       1578/nmbd       
udp        0      0 10.0.2.15:netbios-ns    *:*                                 root       14320       1578/nmbd       
udp        0      0 10.152.191.2:netbios-ns *:*                                 root       14317       1578/nmbd       
udp        0      0 10.152.152.1:netbios-ns *:*                                 root       14316       1578/nmbd       
udp        0      0 *:netbios-ns            *:*                                 root       14313       1578/nmbd       
udp        0      0 10.0.2.255:netbios-dgm  *:*                                 root       14323       1578/nmbd       
udp        0      0 10.0.2.15:netbios-dgm   *:*                                 root       14322       1578/nmbd       
udp        0      0 10.152.191.:netbios-dgm *:*                                 root       14319       1578/nmbd       
udp        0      0 10.152.152.:netbios-dgm *:*                                 root       14318       1578/nmbd       
udp        0      0 *:netbios-dgm           *:*                                 root       14314       1578/nmbd       
udp        0      0 10.152.152.10:5300      *:*                                 root       13799       1385/tor        


$$$$$$$$ My Exit Relay IP

IP=93.115.95.204

93.115.95.204 lh28409.voxility.net



$$$$$$$$ uname

Linux host 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt25-1 (2016-03-06) i686 GNU/Linux


$$$$$$$$ hostname

host


$$$$$$$$ dnsdomainname

localdomain


$$$$ (Ending at Thu Jul 14 15:25:56 UTC 2016)