Traffic type "torpark onion routing" showing up

Hi was checking Glass wire and in traffic type i noticed “torpark onion routing” in there this is a band new laptop, that I’ve only used for YouTube and on steam when playing games. It shows 18kb of data transfer, I don’t know why it’s there. also my sisters iPhone and brothers xbox are showing up in the firewall under host process for windows services and google chrome as well as nvidia for some reason.

You are likely to see TOR traffic if anyone is using TOR on a computer attached to your LAN. Torpark is a portable web browser, built on Firefox, that uses The Onion Router (TOR) to give greater anonymity.

Is the traffic only inwards or is it outwards as well?

I can see other computers broadcasting on my network which, in the Usage tab, appears in the as inwards traffic (:arrow_down:) on my computer but there is no outwards traffic (:arrow_up:).

Here’s a screenshot where I went to the Usage tab, selected the Apps button, then the app Host Process for Windows, and then the Host John.hub. I’ve marked in red where there the sub-windows shows the data transfer is not outwards from my computer:

ok I get the same thing no out going traffic but under the traffic tab on same window there is a small amount

also I am connected to wifi why do i see everybody else do they have any connection to me or do I just see them through the wifi. I downloaded this program to see my own data usage not everybody else’s mixed in with mine. also this allows me to see their IP address, so are you telling me if we had a guest connect to the wifi they could have all our IPs if they had the same program

nvm the IP thing just heard a lot that handing out IP was bad but quick google check says otherwise the more you know i guess.

checked some more it’s a bit ify but not all bad still not good idea though is what i got from it

There is no problem:

  • You are only seeing the data usage for your computer and not all the others on your local network (LAN).
  • Other computers on your local network need to know your computer’s IP address so they can communicate with it. In a similar way, web servers on the Internet need to know your IP address so they can send you the web pages or downloads you want to receive.

Printing and streaming or casting to your TV are good examples of why computers on a local network to be able to see each other other. You would want to be able to print to the printer or stream to the TV so those devices need to be visible to your computer.

The IP addresses you can see on your LAN will be local or private IP addresses, probably starting with 192.168.1. These addresses are different from the public IP address that is used for your Internet connection, e.g. mine is something like

Your wireless router has the job of protecting your local network from just anybody trying to access it. The router normally has a firewall enabled in it to check that any incoming communications match requests sent out from your computers. The router then routes the incoming response to the correct computer.

1 Like

Congrats on your new laptop.

Store bought systems are loaded with bloatware, shovelware and, unfortunately, spyware.

I wouldn’t be happy with that connection to NitroVideo. It’s a peer-to-peer porn site.

Open up Chrome, enter chrome://extensions in the address bar, hit Enter and check for an extension associated with tor, onion or is oddball media related and remove it. If not, enter chrome://flags in the address bar, hit Enter, hold the Ctrl key, tap the f key and release Ctrl - this opens a search bar. Type tor, search down and disable anything in there that looks like it might be related. Searching for nitro might reveal something, too.

If you don’t use Chrome, block it in the firewall or just uninstall it.

I can conclude you’re running Windows 10 Home. Host Process for Windows Services is svchost.exe, a critical core component of the network operating system that is Windows NT, as it’s known historically. And it gets pretty crazy in Windows 10. Without drilling through and modifying a multitude of settings or disabling stuff in the Services console or micro-managing your LAN (or all three), there’s not much you can do about it.

As Remah said, there’s no problem. No one is looking in to your laptop because of Glasswire.

Glasswire is accross-the-board monitoring which can be sensory overload to the uninitiated, but that’s it’s job. You’ll end up appreciating all of it once you work with it some.



This is just my curiosity… I installed the official Tor browser recently, and used it to visit a couple of sites. It clearly said it was setting up an onion routing path for the connections. But when I go to GlassWire, zoom into that time period, and do the same Traffic display shown in the screenshot above, there is no “torpark onion routing” entry. My Tor traffic is shown under “ETL Service Manager” and “Other”, with a tiny bit as HTTPS.

I’m thinking maybe as the top originator of the onion route, my usage counts as regular connections to the first onion layer? Maybe we only see “torpark onion routing” if we are acting as a layer down in the middle of the onion? Or is there some other explanation?

Looks like “ETL Service Manager” is the official label for the Tor port:

“We observe that Tor flows have the most number of unique ports. Additionally,
port 9001 has been observed very often (i.e., 35.6% of the packets and
19.6% of the bytes) as it is the Tor default port. Even though 9001/tcp is
registered by ETL Service Manager at IANA [9], we believe the traffic we observe
is the Tor traffic related to directory fetch or internal communications.”

Mine was 3.5 of a total 4.4 MB… Does Tor create that much overhead?


We use an API to detect traffic types and it’s usually accurate. Sometimes TOR and other tech can update/change where its protocols are different, or intentionally hidden, etc… so perhaps TOR has changed their tech, or perhaps our API needs to be updated.