回複：that is the secrete of using anonymous network

This not true. The anonymous network is nothing secrete but routing your packets multiple times. The source IP in the IP header may be changed to the current hop's IP, but the destination IP & port never change, otherwise, it wouldn't know where to send the packets. So, if you know the sender's IP, you could moniter the traffic of that IP, you would see what destination this target machine tries to reach. Is anonymous network totally safe, not at all. The anonymous network, for example, onion routers, uses a "virtual circuit" between the source and the destination. Say A wants to talk to F, so the traffic is routed like A->B->C->E->F. From the destination, E is the source IP, so on and so forth. This is so called "anonymous". If you want, do a reverse trace, F->E->D->C->B->A, you will find A is the real source. It makes it a litte hard to trace, but you cannot hide completely.

If the encrytion is done either at application layer or in the tcp(udp)/ip stack. This paper is useless. I could change the tcp/ip stack impletation in linux/bsd kernel to use a reserved bit in ip headers to trigger encoding/decoding the outgoing/incoming packet payload, or make the client encode/decode the msg before sendin' out and after rcving. As long as both ends of the connection know how to communicate, it's fine for them but other people wouldn't know anything about it. Just like that movie, "wind talker", if you can find a very complicated or rarely used way to talk, you are safe. To rely on the anonymous network to encrypt/decrypt creats chances to be caught.