A random forest classifier analyzes TCP and IP header fields from the first 6–10 packets of your connection to determine proxy usage — completely passive, no client interaction required.
Packet Capture: The server captures the first 6–10 TCP/IP packets from your incoming connection, including all TCP and IP header fields.
Feature Extraction: Packet sizes, inter-arrival times, TCP flags, window sizes, and other header fields are extracted as numerical features for the classifier.
Random Forest Classification: A pre-trained random forest model — trained on thousands of real proxy and non-proxy connections — classifies the traffic pattern as proxy or non-proxy.
Completely Passive: No JavaScript, no WebSocket, no client-side code. The classifier works purely from the server-side TCP/IP traffic, making it impossible to evade with browser extensions.