[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Nestat Results Connections Established With Hardware Disabled

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Nestat Results Connections Established With Hardware Disabled
From: krishna e bera <keb@xxxxxxxxxxxxxx>
Date: Thu, 14 Aug 2014 11:12:18 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 14 Aug 2014 11:13:08 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyblings.on.ca; s=google; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=Cu/kxJWcsat6XhdsCdeKmrxVUHnOoXVE7G1uzfmNDuc=; b=YYZACGD6uBDD5NnAd0tEWJVe6fItQLsVqTzBVTyQTAhRKMggrZpv/HN2dqu/9LyAGK 9VGroAgqxLVYhMF9G6nCwHMArcpvpO0Bk7WqyH4LTZHayB3UTrvdh+79Qn4rxcor3zTz Iv0LMjuN/8iEonZdRCradmMUzobMUeLyANPWk=
In-reply-to: <SNT146-W4513BA5EB54A23F2CE5175A3EB0@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <SNT146-W4513BA5EB54A23F2CE5175A3EB0@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0

On 14-08-13 10:26 AM, Ben Healey wrote:
> I came across 2 connections that were able to stay established with my hardware disabled.

The software keeps trying for a while before it gives up.

Secondly, netstat for Windows may be reporting the last active
connections rather than the current state of the machine.

> I'm not sure why.  So I did a set of different netsat runs.
> 
> I don't know if any of this can affect Tor. But I thought I would post what I found.
> 
> The results are below. 
> 
> 
> Hardware Disabled(laptop switch)
> 166.98.7.20:https Established
> 166.98.7.20:https Established
> 
> http://www.speedguide.net/ip/166.98.7.20
> 
> ------------------
> Norton Block All
> 198.252.206.25:https Established
> https://ipdb.at/ip/198.252.206.25

How is Norton activity relevant to Tor?

> 
> 193.149.77.115:https Established
> http://db-ip.com/193.149.77.115
> These 2 only showed up once
> -------------------
> 
> 
> Norton Blocked All Network Traffic
> 
> 143.127.102.25:https Established
> 143.127.102.25:https Established
> 
> 
> 166.98.7.20:https Established
> 166.98.7.20:https Established
> 
> 
> 
> 
> Tor Started Cannot Connect
> 127....... to (owner)PC          Established
> Many of them--- What are they??? Established
> 
> 
> 
> 
> Tor Started Blank Page
> 
> 127........Multiple
> 
> 166.98.7.20:https Established
> 166.98.7.20:https Established
> 
> x1 :9001                                  Established
> epow0:9001                            Established
> xray632:9001                          Established
> 
> 
> 
> Tor Started Blank Page Norton Blocking All (Last Run)
> 
> 127........Multiple
> 
> 166.98.7.11:https Established(changed)
> 166.98.7.19:https Established(changed)
> 
> 146.0.32.144:9001 TIME_Wait
> 95.211.225.167https TIME_Wait
> 188.138.88.86:9001  TIME_Wait
> 157.56.172.28:https TIME_Wait
> 131.253.34.141:httpsTIME_Wait
> 146.0.32.144:9001   Established
> 188.138.88.86:9001  Established

Connections to port 9001 are likely your Tor connecting to Entry Guard
nodes, as 9001 is the default port a relay listens on.


> Tor Started Hardware Disabled(laptop switch)
> 127............. multiple
> 
> 166.98.7.20:https        Established
> 166.98.7.20:https        Established
> 192.168.0.32.144:9001 Established

Did you edit or cut/paste these reports?
192.168.0.32.144 isnt a possible address.


> 95.211.255.167:https  Established
> 5.9.26.219:8888          Established
> 146.0.32.144:9001      Established
> epow0:9001                                   Established
> xray632:9001                                 Established
> 
> This one is strange. More connections with hardware disabled?

As noted above, could be leftover stale connection info.

Try turning off the hardware wifi switch and then rebooting the
computer, and then run your netstat reports again.
You should see only connections to localhost (127.0.0.1) active, but
various Windows programs will try to connect to sites on the internet
and of course fail. Tor will try to reach a Directory server.
TorBrowser(Firefox) will be connected to Tor on 127.0.0.1:9150.
Tor will also be listening on its Control Port 9151.

> 
> 
> BH
> 
>  		 	   		  
> 

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Nestat Results Connections Established With Hardware Disabled
  - From: Ben Healey

Prev by Author: [tor-talk] deleting publicly posted content
Next by Author: Re: [tor-talk] torbundlebrowser.org
Previous by thread: [tor-talk] Nestat Results Connections Established With Hardware Disabled
Next by thread: [tor-talk] The Tor network doesn't support Named relays anymore
Index(es):
- Author
- Thread