On Sun, Apr 20, 2014 at 07:17:40PM +0000, Wilton Gorske wrote:
On Sat, Apr 12, 2014 at 12:22:47PM +0000, Wilton Gorske wrote:
TBB Launches successfully: yes, *****but launches two browsers?
David Fitfield: Thanks for testing. Launching two browsers is expected--the second browser is the one that hosts the browser extension that meek uses to make its HTTP requests (see https://trac.torproject.org/projects/tor/ticket/11183 and https://trac.torproject.org/projects/tor/wiki/doc/meek#HowtolooklikebrowserH...). But the fact that it shows two icons on OS X is a bug, one I don't know how to fix yet (https://trac.torproject.org/projects/tor/ticket/11429).
No problem. Thanks for the clarification.
Connections to google.com, evintl-oscp.versigin.com, and calendar.google.com.
David Fitfield: google.com and evintl-oscp.verisign.com are expected. That's because all your traffic is being routed through Google's App Engine servers. I'm surprised at calendar.google.com though. how did you get those names? Through reverse DNS? Google can you different frontend IPs and maybe one of them reverse-resolves to calendar.google.com.
The connections were observed using Little Snitch (http://www.obdev.at/products/littlesnitch/index.html).
The PCAP file: TorBrowser-4:12:14@14:13.pcap - https://drive.google.com/file/d/0B8a32woongSmcHRQSGtXNlc2M1k/edit?usp=sharin...
Thanks. The only addresses I find in the pcap file are:
0.0.194.82 0.0.194.95 127.0.0.1 173.194.65.147 (ee-in-f147.1e100.net)
I'm assuming that the first two are anonymized standins for your IP address. 0.0.194.82 appears to be what your Tor Browser uses to talk to tor on 127.0.0.1:9150 and 127.0.0.1:9151, and 0.0.194.95 appears to be the external address used to talk to www.google.com. 173.194.65.147, for me, reverse resolves to ee-in-f147.1e100.net, which is one of Google's servers.
David Fifield