I would like to ask for some clarification in connection with the basic principles of the tor network/socks5/anonsurf. One of the first thing I learned when I started using tor, is that the inside routing uses tcp only communication, so the client cant use udp based tools (like ping - icmp). I used a Whonix gateway before and this rule stood, I was not able to use this kind of tools from the workstation OS.
So my agony started with anonsurf, where somehow udp tools can be used, and I can’t get my head around it. If I understands right it starts the connection with a socks5 connection (that I’m not really familiar with), and that it supports udp packets. But what happens with them? They can’t be simply sent through the network.
I would be really greatful if someone can explain to me (with technical details), that how is the usage of udp communication possible through the tor network with anonsurf. This bothers me for days, because if these packets are not properly routed/encrypted while allowed than it would be a security flaw.
One strange thing I experience tho, is that the domain of the ping destination changes during the execution (but the ip is the same). E.g.:
PING google.com (188.8.131.52) 56(84) bytes of data.
64 bytes from fra16s20-in-f14.1e100.net (184.108.40.206): icmp_seq=1 ttl=64 time=0.114 ms
64 bytes from fra16s20-in-f14.1e100.net (220.127.116.11): icmp_seq=2 ttl=64 time=0.110 ms