I just started a relay (non-exit node, not running a client myself), on Windows, using the latest Vidalia Relay Bundle. Looks like from the configuration, given that I'm running in relay mode, there should be only two ports used by Tor (OrPort and DirPort), right? However, when I run "netstat -ano", I see that the Tor process is using up a lot more ports.
There are these connections, from 127.0.0.1 back to itself. Some sort of internal process used by Tor? Not as concerned about these, since these are internal. But still curious.
TCP 127.0.0.1:63417 127.0.0.1:63418 ESTABLISHED TCP 127.0.0.1:63418 127.0.0.1:63417 ESTABLISHED TCP 127.0.0.1:63419 127.0.0.1:63420 ESTABLISHED
But then I see connections like these: TCP 192.168.1.202:55049 174.136.105.86:9001 ESTABLISHED TCP 192.168.1.202:56804 37.128.208.46:9002 ESTABLISHED TCP 192.168.1.202:56896 171.25.193.9:80 ESTABLISHED TCP 192.168.1.202:57113 109.232.224.74:9001 ESTABLISHED TCP 192.168.1.202:57206 91.227.249.44:9001 ESTABLISHED TCP 192.168.1.202:57221 67.164.46.197:9001 ESTABLISHED TCP 192.168.1.202:57253 128.31.0.34:9101 ESTABLISHED TCP 192.168.1.202:57259 204.124.83.132:587 ESTABLISHED TCP 192.168.1.202:57260 128.232.18.57:9001 ESTABLISHED TCP 192.168.1.202:57309 204.124.83.131:443 ESTABLISHED TCP 192.168.1.202:57331 81.24.98.236:9001 ESTABLISHED
These appear to be the actual Tor relay traffic (192.168.1.202 is my computer). Why are these using ports in the 55000+ range, when I specified my OrPort to be a singular value (in my case, 9031)? I would like to know the port ranges used by Tor for relay traffic, so I can use my dd-wrt to set the QoS by specifying these Tor port ranges.
Thanks,
DW