If someone just has tcpdump running this won't catch them unless they actually try to use the links or credentials they retrieved.
I like this, but from the title I expected to be able to detect that tcpdump is running, akin to what you can do with malformed ARP packets to detect a NIC in promiscuous mode.
Tor should really just detect and block (or warn + prompt the user to allow) unencrypted connections. If you're using Tor you probably also want end-to-end encryption.
That's the responsibility of a browser plugin. tor itself is a low-level packet relay so it's not really up to it to determine whether or not traffic is encrypted already.
Not really, lots of Tor servers will block various protocols for various reasons; core difference being that packet inspection would enforce network usage policy to a finer degree; lastly, anyone using Tor should assume the packers are actively being mined by the severs.
I don't think so. Tor could make the address bar red when you're on a non-HTTPS connection, for instance, warning you that any information transmitted can be sniffed by the exit node.
I like this, but from the title I expected to be able to detect that tcpdump is running, akin to what you can do with malformed ARP packets to detect a NIC in promiscuous mode.
Edit: in case anyone is wondering what I'm talking about - http://security.stackexchange.com/questions/3630/how-to-find...