Understanding Tor: Circuits, Guards, and Exit Nodes
How Tor actually routes your traffic — and what KillNode does to manage it.
The onion model
Tor works by wrapping your traffic in three layers of encryption and routing it through a chain of three relays: a guard (entry), a middle relay, and an exit node.
Each relay only knows its immediate predecessor and successor. The guard knows your real IP but not your destination. The exit node knows your destination but not your IP. No single relay has the full picture.
Circuits
A circuit is an established path through the Tor network. Building one takes roughly 1–3 seconds and involves a cryptographic handshake with each relay. Once built, Tor reuses a circuit for multiple connections until it is rotated.
MaxCircuitDirtiness controls how long a circuit is used before Tor abandons it and builds a fresh one. KillNode's Ghost mode sets this to 45 seconds; the default is 600 (10 minutes). Shorter dirtiness means more circuit churn — useful against traffic-correlation attacks but slower overall.
Guard nodes
Tor uses a small set of guard nodes that stay fixed for weeks or months. This is a deliberate design choice: if you picked a random entry relay for every circuit, a global adversary with enough relay coverage could eventually observe both ends of a connection. Sticky guards reduce that probability significantly.
Exit nodes and policies
Exit nodes enforce exit policies — lists of ports and addresses they will or will not forward traffic to. If your destination uses an uncommon port, you may find Tor circuits failing because no suitable exit node accepted the policy.
KillNode's exit region selector writes ExitNodes {us} (or similar) to the torrc. This restricts which exit nodes Tor will use, which can be useful for geo-specific testing, but it shrinks the available exit pool and may slow circuit construction.
What KillNode adds
KillNode connects to the Tor control port (9051) and polls GETINFO circuit-status every 5 seconds. The circuit count pill in the header shows how many BUILT circuits are currently active. The New Identity button sends SIGNAL NEWNYM, requesting that Tor build fresh circuits for all subsequent connections — useful when you suspect a circuit has been profiled.
NEWNYM rate limiting: Tor enforces a minimum interval (approximately 10 seconds) between NEWNYM signals. Clicking the button repeatedly does not help; Tor silently drops excess signals.