I often monitor my network connection when using Tor using Wireshark. I have never observed it making connections to anything but the two guard nodes I have set in my torrc
Yesterday I saw it make a connection to this relay: Relay Search
My PC initiated the first connection, and In Wireshark it looked somewhat like a client connection to a guard node (same packet lengths and types etc.)
It did not send much data, 37 packets and 21KB in total.
(
This was concerning to me, so I checked on all their nodes in the same family and you can see an increase in guard node connections on all their exit nodes in the past few days
This is highly odd because normally exit nodes also set to run as guard nodes never have any guard traffic, and they all get the same exact looking bump?
Am I just paranoid or is something weird about all this?
I often monitor my network connection when using Tor using Wireshark. I have never observed it making connections to anything but the two guard nodes I have set in my torrc
Yesterday I saw it make a connection to this relay: Relay Search
My PC initiated the first connection, and In Wireshark it looked somewhat like a client connection to a guard node (same packet lengths and types etc.)
It did not send much data, 37 packets and 21KB in total.
(
This was concerning to me, so I checked on all their nodes in the same family and you can see an increase in guard node connections on all their exit nodes in the past few days
This is highly odd because normally exit nodes also set to run as guard nodes never have any guard traffic, and they all get the same exact looking bump?
Am I just paranoid or is something weird about all this?
Those 1000 relays were non-exits and I believe a lot of them were Guard
nodes (it seems around 600 of them). I could imagine that this caused
some pressure on exits nodes with the Guard flag to be used as Guards as
well until things have calmed down a bit at least.
That’s just a theory, though. I’ve not looked at the data (yet).