I just started a relay (non-exit node, not running a client myself), on
Windows, using the latest Vidalia Relay Bundle. Looks like from the
configuration, given that I'm running in relay mode, there should be only
two ports used by Tor (OrPort and DirPort), right? However, when I run
"netstat -ano", I see that the Tor process is using up a lot more ports.
There are these connections, from 127.0.0.1 back to itself. Some sort of
internal process used by Tor? Not as concerned about these, since these
are internal. But still curious.
TCP 127.0.0.1:63417 127.0.0.1:63418 ESTABLISHED
TCP 127.0.0.1:63418 127.0.0.1:63417 ESTABLISHED
TCP 127.0.0.1:63419 127.0.0.1:63420 ESTABLISHED
But then I see connections like these:
TCP 192.168.1.202:55049 174.136.105.86:9001 ESTABLISHED
TCP 192.168.1.202:56804 37.128.208.46:9002 ESTABLISHED
TCP 192.168.1.202:56896 171.25.193.9:80 ESTABLISHED
TCP 192.168.1.202:57113 109.232.224.74:9001 ESTABLISHED
TCP 192.168.1.202:57206 91.227.249.44:9001 ESTABLISHED
TCP 192.168.1.202:57221 67.164.46.197:9001 ESTABLISHED
TCP 192.168.1.202:57253 128.31.0.34:9101 ESTABLISHED
TCP 192.168.1.202:57259 204.124.83.132:587 ESTABLISHED
TCP 192.168.1.202:57260 128.232.18.57:9001 ESTABLISHED
TCP 192.168.1.202:57309 204.124.83.131:443 ESTABLISHED
TCP 192.168.1.202:57331 81.24.98.236:9001 ESTABLISHED
These appear to be the actual Tor relay traffic (192.168.1.202 is my
computer). Why are these using ports in the 55000+ range, when I specified
my OrPort to be a singular value (in my case, 9031)? I would like to know
the port ranges used by Tor for relay traffic, so I can use my dd-wrt to
set the QoS by specifying these Tor port ranges.
Thanks,
DW