I couldn't reproduce this in any scenario that I tried... whether having multiple connections open to the same port on the same host, to different ports, or even with different users logged on and using the same route... the users count still stayed at '1' for me.
I suspect it's something that Tor is doing. Does that behaviour occur when you do not use Tor?
yep, it still occurs even if not using Tor. I did try to open browser and test to browse to a website, the users increase when i try to ip route the site address.So it is true that is count of connections made by host to the ip.
"
But problem is when i didn't open any webbrowser and no any connection to the site, it still shows lots of users"
so i did try some test, below are mtr report to google site
HOST: childmild Loss% Snt Last Avg Best Wrst StDev
1.|-- 172.19.129.96 0.0% 10 143.1 142.9 69.5 376.4 88.2
2.|-- 172.19.128.133 0.0% 10 178.6 173.5 93.6 409.9 92.4
3.|-- 172.19.128.254 0.0% 10 134.0 175.9 101.1 339.3 73.6
4.|-- 10.8.11.93 0.0% 10 129.5 163.8 79.8 267.7 58.3
5.|-- 10.8.11.145 50.0% 10 153.7 191.1 133.5 262.1 55.3
6.|-- 202.152.194.254 0.0% 10 85.4 151.5 85.4 290.4 61.6
7.|-- 202.152.207.105 0.0% 10 93.9 168.4 93.9 258.9 54.4
8.|-- 202.152.207.33 0.0% 10 89.4 175.2 89.4 332.1 71.7
9.|-- 202.152.207.22 0.0% 10 103.8 194.2 103.8 292.5 66.9
10.|-- 202.152.207.70 0.0% 10 106.3 178.2 106.3 297.4 63.4
11.|-- 66.249.95.124 0.0% 10 101.7 194.8 101.7 354.6 80.7
12.|-- 64.233.174.109 0.0% 10 123.2 194.3 87.4 351.9 83.3
13.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
14.|-- 74.125.200.100 10.0% 10 221.7 227.7 108.1 556.0 137.0
what i did is very simple, i just do "ip -s route get" on each ip between me and google
so here is the result :
1. ip route to my ppp gateway (172.19.129.96 ) :
ip -s route get 172.19.128.96
172.19.129.96 dev ppp0 src 10.70.107.152
cache
users 1
2. ip route to 172.19.128.133
ip -s route get 172.19.128.133
172.19.128.133 dev ppp0 src 10.70.107.152
cache
users 10 age 601sec
so there is a lots of users
after my ppp gateway (as i mention before i use direct modem -- no any LAN between me and my ISP)
could it be....ESN/MEID hack (because my ISP use same login / password for all their client)?
thank you