What packets I'm reciving when running nmap over proxychains?

Question

I am learning to use nmap. I am observing that most of the times when running a command like proxychains nmap -sT -PN -n -sV -p 80 XX.XX.XX.XX, I am getting the following output:

Starting Nmap 7.01 ( https://nmap.org ) at 2016-11-25 18:11 UTC
|S-chain|-<>-127.0.0.1:9050-<>-162.213.76.45:8080-<>-203.130.228.60:8080-<--timeout
Nmap scan report for XX.XX.XX.XX
Host is up (16s latency).
PORT   STATE  SERVICE VERSION
80/tcp closed http

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

What I can understand is that the server failed to connect to the third proxy.

What I do not understand is: Does that mean that nmap packets are going from the second proxy to the target directly or the proxychaining is failing entirely and nmap packets are sent directly from my pc and revealing my identity?

Note: I'm running the tor browser, and therefore routing my proxychains through the tor network.

Answer 1

It appears that your scan worked correctly through the TOR network. Based on the switches you used, nmap only sent a SYN to port 80 and your target responded with a RST. The timeout from proxychains just means a SYN/ACK wasn't received from the target.

Answer 2

Proxychains (and SOCKS and HTTP proxies in general) do not deal with "packets." They deal with "connections" or streams. The Nmap option you used to allow the use of proxychains was -sT, or TCP Connect scan. Nmap does not create any packets in this case; it requests the OS to perform a connection. Proxychains intercepts that request and performs the connection through its configured proxies. When it encounters an error, it returns that error status to Nmap, just like the OS would if it encountered an error in making a simple TCP connection. No IP packets with a destination address of your target are involved at all.

EDIT:

The question of whether your identity is revealed is much more complicated, since "identity" is a property of you yourself, and not of any packets or data streams coming from your computer. Now, IF you used only the options you listed and IF you specified the target as an IP address and not a hostname, then Nmap itself would not initiate any traffic destined for your target that contains your public IP address, which is usually what people mean by this. However, it will reveal that someone is using Nmap, based on the sequence of packets sent by the version detection engine (-sV). It could even reveal the version of Nmap used, if the service remains undetected and Nmap starts sending very unusual probes that have been added later in its development.

It's also important to remember that "packets [that] are sent directly from my pc" are not the only way you can reveal your identity. The set of applications you use, your browser configuration, the data you access, and information you may choose to divulge can all contribute to developing a picture of your identity. If you use Tor, but click "sign in with Facebook," there's no helping you.