Digging into anonymous traffic

a deep analysis of the Tor anonymizing network

Abdelberi Chaabane*, Pere Manils, Mohamed Ali Kaafar

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

63 Citations (Scopus)


Users' anonymity and privacy are among the major concerns of today's Internet. Anonymizing networks are then poised to become an important service to support anonymousdriven Internet communications and consequently enhance users' privacy protection. Indeed, Tor an example of anonymizing networks based on onion routing concept attracts more and more volunteers, and is now popular among dozens of thousands of Internet users. Surprisingly, very few researches shed light on such an anonymizing network. Beyond providing global statistics on the typical usage of Tor in the wild, we show that Tor is actually being mis-used, as most of the observed traffic belongs to P2P applications. In particular, we quantify the BitTorrent traffic and show that the load of the latter on the Tor network is underestimated because of encrypted BitTorrent traffic (that can go unnoticed). Furthermore, this paper provides a deep analysis of both the HTTP and BitTorrent protocols giving a complete overview of their usage. We do not only report such usage in terms of traffic size and number of connections but also depict how users behave on top of Tor. We also show that Tor usage is now diverted from the onion routing concept and that Tor exit nodes are frequently used as 1-hop SOCKS proxies, through a so-called tunneling technique. We provide an efficient method allowing an exit node to detect such an abnormal usage. Finally, we report our experience in effectively crawling bridge nodes, supposedly revealed sparingly in Tor.

Original languageEnglish
Title of host publicationProceedings of the 4th International Conference on Network and System Security, NSS 2010
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages8
ISBN (Electronic)9780769541594
ISBN (Print)9781424484843
Publication statusPublished - 2010
Externally publishedYes
Event4th International Conference on Network and System Security, NSS 2010 - Melbourne, VIC, Australia
Duration: 1 Sep 20103 Sep 2010


Conference4th International Conference on Network and System Security, NSS 2010
CityMelbourne, VIC

Fingerprint Dive into the research topics of 'Digging into anonymous traffic: a deep analysis of the Tor anonymizing network'. Together they form a unique fingerprint.

Cite this