Delivery-Date: Thu, 14 Aug 2014 11:13:08 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 10EC51E0464;
	Thu, 14 Aug 2014 11:13:07 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 61B9A3090B;
	Thu, 14 Aug 2014 15:13:03 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id DF24130293
 for <tor-talk@lists.torproject.org>; Thu, 14 Aug 2014 15:12:59 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id FELPCdoiGpSC for <tor-talk@lists.torproject.org>;
 Thu, 14 Aug 2014 15:12:59 +0000 (UTC)
Received: from mail-qa0-x235.google.com (mail-qa0-x235.google.com
 [IPv6:2607:f8b0:400d:c00::235])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id BB2D7308D2
 for <tor-talk@lists.torproject.org>; Thu, 14 Aug 2014 15:12:59 +0000 (UTC)
Received: by mail-qa0-f53.google.com with SMTP id v10so1051788qac.26
 for <tor-talk@lists.torproject.org>; Thu, 14 Aug 2014 08:12:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=cyblings.on.ca; s=google;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type:content-transfer-encoding;
 bh=Cu/kxJWcsat6XhdsCdeKmrxVUHnOoXVE7G1uzfmNDuc=;
 b=YYZACGD6uBDD5NnAd0tEWJVe6fItQLsVqTzBVTyQTAhRKMggrZpv/HN2dqu/9LyAGK
 9VGroAgqxLVYhMF9G6nCwHMArcpvpO0Bk7WqyH4LTZHayB3UTrvdh+79Qn4rxcor3zTz
 Iv0LMjuN/8iEonZdRCradmMUzobMUeLyANPWk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
 :subject:references:in-reply-to:content-type
 :content-transfer-encoding;
 bh=Cu/kxJWcsat6XhdsCdeKmrxVUHnOoXVE7G1uzfmNDuc=;
 b=m+njW8aC136JSJGjQlRMycboOg4tL3TFXvrAXTl3hZxb1luHmHmRUcMZexztr5pUea
 nt6VdB6hOxQs/a86f8CTR23cnN2ABwBMTenwetZgIIl/UyMUuolZ+NeDl/Dn9J8IpQLz
 wmfz9rvBVL4GVIU1rSJo4GDGneqrAgvo0ChIQ61yM9CZMpSHtOTMKdn70ttNN9Bvdav6
 LCKwGbPouPjueGNgQDlf+2TkmbaBpG5H0ozauNESSH42Go9Tx3R0NVgqh92K+5dwrGGE
 ICzyJIBsxZGmbEMG/LGkDc+TTmWlflOaqUQAvVQdxJHz07ey3vqC3FrR4yYjBoPHZbu9
 A1eQ==
X-Gm-Message-State: ALoCoQm/lnc7VrBcZvKhJruocXdgrJ8Tayn+ZHmWn5/qOjKIgY52JQzdWaq734hgMnf93jc18dwE
X-Received: by 10.224.96.137 with SMTP id h9mr18240889qan.96.1408029176901;
 Thu, 14 Aug 2014 08:12:56 -0700 (PDT)
Received: from [192.168.1.2] (69-196-152-198.dsl.teksavvy.com.
 [69.196.152.198])
 by mx.google.com with ESMTPSA id y93sm5761490qgy.2.2014.08.14.08.12.55
 for <tor-talk@lists.torproject.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 14 Aug 2014 08:12:56 -0700 (PDT)
Message-ID: <53ECD1D2.1080503@cyblings.on.ca>
Date: Thu, 14 Aug 2014 11:12:18 -0400
From: krishna e bera <keb@cyblings.on.ca>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <SNT146-W4513BA5EB54A23F2CE5175A3EB0@phx.gbl>
In-Reply-To: <SNT146-W4513BA5EB54A23F2CE5175A3EB0@phx.gbl>
Subject: Re: [tor-talk] Nestat Results Connections Established With Hardware
 Disabled
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 14-08-13 10:26 AM, Ben Healey wrote:
> I came across 2 connections that were able to stay established with my hardware disabled.

The software keeps trying for a while before it gives up.

Secondly, netstat for Windows may be reporting the last active
connections rather than the current state of the machine.

> I'm not sure why.  So I did a set of different netsat runs.
> 
> I don't know if any of this can affect Tor. But I thought I would post what I found.
> 
> The results are below. 
> 
> 
> Hardware Disabled(laptop switch)
> 166.98.7.20:https Established
> 166.98.7.20:https Established
> 
> http://www.speedguide.net/ip/166.98.7.20
> 
> ------------------
> Norton Block All
> 198.252.206.25:https Established
> https://ipdb.at/ip/198.252.206.25

How is Norton activity relevant to Tor?

> 
> 193.149.77.115:https Established
> http://db-ip.com/193.149.77.115
> These 2 only showed up once
> -------------------
> 
> 
> Norton Blocked All Network Traffic
> 
> 143.127.102.25:https Established
> 143.127.102.25:https Established
> 
> 
> 166.98.7.20:https Established
> 166.98.7.20:https Established
> 
> 
> 
> 
> Tor Started Cannot Connect
> 127....... to (owner)PC          Established
> Many of them--- What are they??? Established
> 
> 
> 
> 
> Tor Started Blank Page
> 
> 127........Multiple
> 
> 166.98.7.20:https Established
> 166.98.7.20:https Established
> 
> x1 :9001                                  Established
> epow0:9001                            Established
> xray632:9001                          Established
> 
> 
> 
> Tor Started Blank Page Norton Blocking All (Last Run)
> 
> 127........Multiple
> 
> 166.98.7.11:https Established(changed)
> 166.98.7.19:https Established(changed)
> 
> 146.0.32.144:9001 TIME_Wait
> 95.211.225.167https TIME_Wait
> 188.138.88.86:9001  TIME_Wait
> 157.56.172.28:https TIME_Wait
> 131.253.34.141:httpsTIME_Wait
> 146.0.32.144:9001   Established
> 188.138.88.86:9001  Established

Connections to port 9001 are likely your Tor connecting to Entry Guard
nodes, as 9001 is the default port a relay listens on.


> Tor Started Hardware Disabled(laptop switch)
> 127............. multiple
> 
> 166.98.7.20:https        Established
> 166.98.7.20:https        Established
> 192.168.0.32.144:9001 Established

Did you edit or cut/paste these reports?
192.168.0.32.144 isnt a possible address.


> 95.211.255.167:https  Established
> 5.9.26.219:8888          Established
> 146.0.32.144:9001      Established
> epow0:9001                                   Established
> xray632:9001                                 Established
> 
> This one is strange. More connections with hardware disabled?

As noted above, could be leftover stale connection info.

Try turning off the hardware wifi switch and then rebooting the
computer, and then run your netstat reports again.
You should see only connections to localhost (127.0.0.1) active, but
various Windows programs will try to connect to sites on the internet
and of course fail. Tor will try to reach a Directory server.
TorBrowser(Firefox) will be connected to Tor on 127.0.0.1:9150.
Tor will also be listening on its Control Port 9151.

> 
> 
> BH
> 
>  		 	   		  
> 

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

