It occurs to me: I don't think it's possible to determine from packet inspection at the server machine a given client is connecting via Tor. Honestly even if it is, I don't see how it would be the least bit useful, since the server has as much access to the network streams it's handling as it pleases without deep packet inspection or having to look at IP and/or TCP headers.By monitoring the packet stream in the middle while it's still in the Tor network (e.g. what all our ISPs probably do these days), sure you could tell it's Tor traffic. Pretty simple. But the entire point of Tor is transparent proxying: shouldn't the only indication that someone's using it be the fact that the IP of the exit node their traffic is coming out of has an entry in the Tor directory mirrors? If it's obvious even after the stream is routed out of the exit node, then Tor would be trivial to squash altogether.