Check for tor running on the network. The program analyzes every packet from the PacketSource for a match with an IP confirmed as a Tor node, thus establishing proof of Tor connection. The list of Tor nodes is taken from https://github.com/SecOps-Institute/Tor-IP-Addresses and can be refreshed using the flag -refresh.
| flag | description |
|---|---|
| -live | capture packets live from interface |
| -refresh | fetch and store the latest list of Tor IPs |
| -d | specify interface to capture on if live mode enabled |
| -offline | read packets from pcap file |
| -file | specify filename if offline mode enabled |
Run the program using go run catch-tor.go <flags>.
- -live always requires an interface name specified with -d.
- -offline always requires a file specified with -file.
.\catch-tor -live -d wlan0will look for live Tor connections running on the interface namedwlan0..\catch-tor -offline -file test.pcapwill look for Tor connections through the filetest.pcap.