wiki:doc/BlockingDiagnostics

These are the quick and dirty steps to producing good, useful logs and traces to help us diagnose fingerprint-based blocking techniques.

  1. Start up wireshark sniffing of your connection using these general instructions and/or these OS-specific instructions.
  • If you are using a Linux root shell for testing, the command to use instead of wireshark is: "tcpdump -v -i any -s 0 -w bridge_test.cap"
  1. Verify the wireshark sniffing is working. Try to access some non-censored websites and see if they show up in the wireshark capture window.
  • You can also read the .cap file using "tcpdump -r bridge_test.cap"
  • Avoid sensitive sites sites that you are logged in to, because otherwise your login information will be stored in the capture file.
  1. Get a private bridge IP (one with the PublishServerDescriptor 0 option set) from us (#tor-dev on irc.oftc.net, the ssl port is 6697). Do not use it yet.
  1. Tell the person who gave you the bridge to follow the instructions in steps 1 and 2 to start sniffing the bridge side.
  1. Tell them to enable info level logs on their bridge.
  1. Attempt to access the bridge IP in Firefox with Tor still disabled: Enter the bridge IP address and port number into the Firefox URL bar, with an https in front. The URL location bar should look like this: https://bridge.ip:port/
  • You should get a certificate warning. Tell us if you do or do not. If you do not get a warning, the bridge is likely blocked by IP. Ask us for a new bridge and try again (but leave the wireshark capture running the whole time).
  1. If you do get the warning or you have tested at least 2-3 different private bridge IPs, configure your Tor to connect to the private bridge IP, and to log at info.
  1. Let Tor attempt to connect.
  1. Tell us the results.
  1. If Tor was in fact blocked, please also attempt to visit some self-signed SSL sites. Good examples are: https://184.73.183.163:443, https://204.13.164.191:443, https://213.154.225.245:443. Note whether or not you can access these IPs. Ensure wireshark is still capturing your attempts.
  1. Have wireshark save the capture file for this entire process, and send us this file and the Tor client log file.
Last modified 6 years ago Last modified on Oct 5, 2011, 7:40:34 AM