Hello,
While discussing during the IRC meeting last friday about mbox integration in the tests suite to monitor connections made by the tor browser, we noticed that it opens 2 connections to the dns server, and 2 to the default tor socks port even when it is set to an other port with the TOR_SOCKS_PORT environment variable: https://people.torproject.org/~boklm/tmp/tests/r/4mrXwR46_6/tor-browser-linu...
So I have been looking at why it is doing this.
I have been looking at the browser source code to understand why it does a dns request to resolve the hostname of the machine, and found this: https://gitweb.torproject.org/tor-browser.git/blob/90a58a42063dcd56e29435656... Before starting the browser it wants to create a lock file in the profile directory, which is a symlink pointing to the IP of the machine, so this is probably the reason why it's doing a dns request. Adding the hostname in /etc/hosts fixed the problem. Or for distributions that use libnss_myhostname (such as Fedora 20), editing /etc/nsswitch.conf to move 'myhostname' first on the hosts line.
For the connections on port 9150, here is how to reproduce it:
$ tar xvf tor-browser-linux64-3.6.1_en-US.tar.xz $ cd tor-browser_en-US $ sed -i s/9150/9550/ Data/Tor/torrc-defaults $ export TOR_SOCKS_PORT=9550 $ ./start-tor-browser
Running 'tcpdump -i lo port 9150' in an other shell at the same time shows some connections on this port. Looking with wireshark shows that it is a connection to check.torproject.org.
It only happens with a new profile on the first run (when Data/Browser/profile.default/prefs.js has not been created yet).
If I create a file Data/Browser/profile.default/prefs.js to define extensions.torbutton.socks_port, there is no connection to port 9150: