I’m don’t know, what do you mean by “supposed to be there and what isn’t”, but in general you can use nyx⁽¹⁾ to monitor your Tor node.How would I continuously monitor the incoming traffic to my relay, both what's supposed to be there and what isn't.
If that’s for some research and finer control is needed, Tor nodes expose a control socket, which is what nyx uses. Available either directly⁽²⁾ or through a Python library — Stem⁽³⁾. If conducting research, please respect users’ privacy. In particular see the “Expectations for Relay Operators” draft⁽⁴⁾.
Finally, all incoming connections arrive at the same port, so under Linux they are traceable using common tools: auditd, libcap/tcpdump/Wireshark, iproute2’s `ss` and so on.
____ ¹ https://nyx.torproject.org/ ² https://gitweb.torproject.org/torspec.git/tree/control-spec.txt ³ https://stem.torproject.org/⁴ https://gitlab.torproject.org/tpo/community/team/-/wikis/Expectations-for-Relay-Operators
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays