• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

SP2 TCPIP.SYS

Recommended Posts

Brandon Live    232
But, I need at least one Windows dev box for work, so I'm going to go ahead and patch my box.

My XP dev systems have been running SP2 release candidates for months and the RTM build for two weeks now without the slightest problem. In fact, my development efforts are heavily network-oriented. And still, I've not had even the slightest problem with this change. Patch your box if you want. Be ignorant if you want. Surely, many people are happier that way.

Share this post


Link to post
Share on other sites
teleguise    0

Gee almost forgot to follow my own words.... Actually I figured a seperate post was better ' it increases my post count by 1 to 2 oops.. :)'

So far I have 2 machines installed w/ the 'WindowsXP-KB835935-SP2-ENU.exe'

One primarily is for remote admin / remote downloading & p2p downloads (big pipe) the other general usage neither with the 'Controversial' patch. (yet)

On the one haven't noticed anything negligable towards p2p (Edonkey .052) or otherwise but for my own curiousity will watch a little more closely to some points mentioned.

The other hasn't been used much for surfin compared to the non-SP2 machines so can't say much in that regard as for connect slowdowns, not that it should matter but all I can say is we don't use IE on ANY machines (guess I just like the Mozilla icon better :laugh: )

Time permitting or if obvious issues arise I will most likely try a patched version and post my experience.

Hope many of you will do the same as well either way.

Best Regards!

Note: This post was edited because my favorite icon is NOT working well with the Neoforum in keeping proper text

alignment

Edited by teleguise

Share this post


Link to post
Share on other sites
awgh    0

My point is just that it should have been made an option. The default setting could still limit new connections, but knowledgeable users should be able to disable it. Not making this an option is indicative of how MS treats their customers.

As to specific issues I've had:

I've noticed a rather drastic slow-down in p2p searching for more nodes to download from, and p2p applications in general seem to have a lot more trouble getting off their feet. I'm a very intensive user from a network standpoint, I remotely administer several personal servers and my work involves running and developing negative network traffic scenarios for playback on a test network. Add this to a rigorous p2p regime and I'm in trouble.

You can see why this would be a problem for me.

I do have another (Linux) box, which has always had a higher throughput, but I also need to have a Windows box for reasons I won't bore you with.

I do have to admit that everything else about SP2 actually makes up for this in my mind. Most of the really annoying things about XP are fixed, and the new wireless widget is a massive improvement. I would recommend the service pack in general, as long as you make a conscious decision to either live with or patch the new network silliness.

I can't comment as to whether or not any of the patches here actually work, as I haven't installed any of them yet. I'm not entirely convinced that the connection limit is the only different thing in the network stack. Something tells me that there is more yet to be patched. I'd be interested in hearing back from anyone who's had a chance to test the patches?

Share this post


Link to post
Share on other sites
darkmark327    0

The problem is that if users can disable it, so can malware.

And it's affect.

Share this post


Link to post
Share on other sites
teleguise    0

(Darn temptation is killing me) I agree with OPTIONS but I believe the Micrictionary defines 'options' as bloat :D. I'll add while not all bad they have done good for (not to) the industry, just the ratio is heavily weighted.

I probably should of noted (since stating myself about experience) that mine has been quite short only 4 days. My usage is similar while likely not as intestive as yours 'awgh'. I can tell your experience & education is above (for lack of a better word) norm, will check your mentioned specific issues.

(Slightly off topic) Out of curiousity you also mentioned your Linux box always had higher throughput, is that LAN wise or overall? Presently, dont have a Linuxed lan(ned) box w/XP but had an associate inquire about typical Win-Win Lan speeds because he wasn't getting anywhere near 100mb throughput between his Linux boxes.

Better watch the upbeat M$ Sp2 talk, it might start sounding like YOUR a M$ employee :shifty:.

Don't also forget what the OTHER BETTER ONES have had forever..

:woot: IE finally has a Pop-up blocker..

Edited by teleguise

Share this post


Link to post
Share on other sites
teleguise    0
The problem is that if users can disable it, so can malware.

And it's affect.

You caught that...

Yes & No... Thats all dependent on how & what they allow the OS & user to do. Theres many ways yes checking

a simple registry flag, memory location or file setting is easily compromised if allowed to do so, but if looked

at from other angles there's numerous methods they could make 'security issues' manageable yet secure.

Share this post


Link to post
Share on other sites
Brandon Live    232
You caught that...

Yes & No... Thats all dependent on how & what they allow the OS & user to do. Theres many ways yes checking

a simple registry flag, memory location or file setting is easily compromised if allowed to do so, but if looked

at from other angles there's numerous methods they could make 'security issues' manageable yet secure.

I've yet to find a security option in SP2 that I can't configure to my heart's desire through group policy. But perhaps I haven't looked hard enough.

I've already said it once but I'll say it again: Windows XP is not a server OS. This security feature will not affect you in any way unless you try to run an extremely high-load server on a home or workstation-based OS. If that is what you're trying to do, you should expect to see some problems like this. They aren't design flaws, they're design.

If you want to run a server, you should have a server OS.

Given the nature of this change, the fact that anyone would want to "revert" this setting in a home or workstation environment is completely beyond me. It simply won't affect you in any meaningful way, except to protect others (to a small degree) if you screw something up and let your PC be turned into a DDOS attack vessel.

If you're seeing problems with P2P services, look elsewhere. If your P2P client encounters a problem because of this change, then you have a severe configuration problem in your P2P client. There's simply no reason why any client application would need to open more than 10 suspended connections per second. If you tried to, you'd run into several other bottlenecks before this would become a problem - including the connection limits imposed by both your router and your ISP. But even if you could do so, it would provide no discernable benefit to the use of a P2P client... as that's simply not how they work.

Share this post


Link to post
Share on other sites
Jonny_C    0

The idea of MS is not bad to reduce the spreading of worms and other harmful programs. But 10 half-open connections is a little bit too less. With a higher (e.G. 25-100) number of waiting for connection connections the benefit would be almost the same, but less normal users would feel disturbed by this. The download and the instructions provided here are only for education purposes, how to set a higher limit. After the successful implementation, the user commits oneself to change it back to the original state!

http://www.lvllord.de/index2.htm

Note: don't forget to copy in SAFE MODE ! in normal mode the original file will be restored as soon as you copied it!

What's this all for?

After almost everybody knows the <<EventID 4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts>>, I used a day to create for educational purpose a fix for this argumentative feature.

Unfortunately there exists no REG-key which could easily be set (would be so nice and easy, right? *smile*). The file TCPIP.SYS in the directory C:\WINDOWS\SYSTEM32\DRIVERS and C:\WINDOWS\SERVICEPACKFILES\I386 has to be changed (system dependend eventually in C:\WINDOWS\SYSTEM32\DLLCACHE, too).

Needed things:

- Windows XP SP2 (from RC2 upwards) or Windows 2003 Server SP1 beta

- patcher (2.10a)

- a small amount of time

What's been done:

To say it easy: the before 10 half-open connections are beeing increased to 50 (which should be enough for heavy users and should be save enough agains worm spreading) and the CRC is been corrected. And that's it! What exactly is changed (for build 2092-2180), can be read in the howto.

Comment:

The method described here, should only be used by users, who know how to handle all the described. With the download of the here published program the user know, that changes are made on third party files. For damages in every kind I cannot be hold responsible for. Indeed, tests worked fine here. However, nothing is impossible.

Info: When error occurs, the patcher can change the TCPIP.SYS back to the original!

Just download the patcher and execute it. It will automatically find the windows directory and ask, if it should increase/decrease. For higher values, please check the help with parameter /?.

After a successful patch, the new TCPIP.SYS will be automatically installed. After that, the computer should be restartet.

http://www.lvllord.de/4226fix/EvID4226Patch.exe

This guide has been created by LvlLord (LvlLord(at nospam)gmx.net)

FAQ - Frequently asked questions ? What's this EventID 4226?

? Which effects does this limit have?

? How can I find out, if I'm affected?

? I read something, that it's possible to change limit via regsitry. Is that true?

? 50 concurrent, half-open connections is to less for me. Is it possible to get more?

? Which other parameters does exist?

? Which languages are supported?

? I have Windows 95/98/ME/2000/XP SP1. Will these get supported soon, too?

What's this EventID 4226?

The EventID 4226 means, that there are to many concurrent TCP connection attempts. A connection attemp is a query to a computer, if it accept the TCP connection or not. If the computer is for example no more existent, it will be waited for a few seconds, until a timeout occurs and the connection attemp get canceled.

Since XP SP2 there are only 10 concurrent TCP connection attempts possible, while in SP1 it has not been limited.

Which effects does this limit have?

Applications with many connection attemps may work bad or not at all. Even web browsers, eMail clients or antivir programs can be affected and might bring a long time of waiting.

Also administrative diagnosticprograms in companies make problem. In short, there seems to be more problems than there is an advantage.

How can I find out, if I'm affected?

Just have a look at Start/Maintenance/Control Panel/Administration Management/Eventview/System if there are entries with the event id 4226. If yes, minimum one time the limit has been reached

I read something, that it's possible to change limit via registry (TcpNumConnections). Is that true?

Unfortunately not. Because the concurrent connection attemp limit has nothing to with concurrent connections, this registry-key is useless. Unfortunately there is no registry-key, which would allow the user to change the concurrent connection attemps.

EvID4226Patch /L=100 50 concurrent, half-open connections is to less for me. Is it possible to get more?

Yes! Just use as a Parameter /L=limit, where limit describes the new limit.

For example a 100 limit can be set with the command:

EvID4226Patch /L=100

Which other parameters does exist?

Not entered yet ...

Will these get supported soon, too?

Because the limit got introducted in XP SP2, the other operating systems are currently unlimited.

Exception: Windows 2003 Server seems to be limited as well since SP1 beta. An update will follow ...

Changes in 2.10a ? Supports Windows 2003 Server SP1 beta.

? If no limit is given with the parameter /L, it will be asked for during runtime

? A big part of the code changed

Hint:

There is no repatching needed on already patched TCPIP.SYS's!

Changes in 2.0c ? Fixed small bug which returned a limitposition on files without EventID 4226

? Small codechanges

Hint:

There is no repatching needed on already patched files!

Changes in 2.0b ? Added parameter /F to patch a specific file instead of whole Windows

Share this post


Link to post
Share on other sites
SOSAGES1    0

*note to self *

if one ever becomes a mod at neowin - remove all kids and adults that argue about crap all day about who knows more about IT than the next guy.

*end note*

your all weird.

i installed the patch btw but never actually ran emule on plain sp2 so dunno if it went slower or not.

Share this post


Link to post
Share on other sites
darkmark327    0

This whole thread reeks of a Win2k3 server debate. I say if the connection limit is of no use to you because you are not going to end up as a joe-user zombie machine, then there is no harm in removing the limit.

The point is, if you're seeing the message in your event log, then guess what...you're being affected by the limit. That means, one way or another, stuff is being slowed down because it has to be queued. Everyone can post all their crackpot theories about it affecting or being impossible to affect your programs, but if you're hitting the limit, something is being queued that would otherwise have taken effect immediately.

As for those who are attempting to debate threedays, grow up. This isn't slashdot, where everyone's a mindless linux zealot who can't think for themselves. You nutjobs are the reason why people don't take open source seriously, what with all your little idiotic ms jokes (M$, winblows, microshaft...HAR HAR!!). Open your eyes. In spite of all your psycopathic fanaticism, Linux is not the tool for every situation. Laugh at all the TCO studies, but figure it out: change is expensive. Why on earth do you think people still use NT4? Your laughable refutations of the merits of MCSEs show you have no idea how the real world works. You give the impression of being a 13-year old script kiddie who thinks because they can 0wn an unprotected Windows machine, they are teh l33t and will grow up to be a kickass Linux admin, fighting the good fight against MS.

Guess what...yes, MS software is often insecure. But I'd like to see you retain 20 years of backwards compatibility and keep it completely secure. You lunatics pick on MS no matter what they do. If they break backwards compatibility for the sake of security, you cry out "GREEDY MS IS FORCING PEOPLE TO UPGRADE", if they don't, it's "WINDOWS IS AN INSECURE POS".

Maybe if you could put aside your blind hatred for all things MS, just maybe you'd understand how things really work. If people like you continue to be at the forefront of the Linux "revolution" it will be doomed to failure; no one will ever take it seriously. People just don't take fanatics seriously (unless they themselves are off their rockers).

As you can see, threedaysdwn, I respectfully disagree with your opinion about the connection limit. But I do not let that turn me into a mindless, flaming, troll.

Edited by darkmark327

Share this post


Link to post
Share on other sites
Scorcho    1

if MS went about this move to help insulate machines against attacks, then great. i've yet to patch my machine since i installed SP2 and on and the times i've used Bit Torrent (G3 Torrent as the program and leeching through torrentbits.org) i've consistently maxed out both my download speeds (in excess of 350kb/sec) and upload (70kb/sec). i do see the error messages, but if it hasn't affected my P2P usage noticably at all.

Share this post


Link to post
Share on other sites
markjensen    101

* thread given a cleaning to remove off-topic arguing *

Please, gentlemen, if you want to hold a debate on MSCE or Open Source or other off-topic posts, please start a new topic and keep the insults down. (Y)

Share this post


Link to post
Share on other sites
darkmark327    0
if MS went about this move to help insulate machines against attacks, then great. i've yet to patch my machine since i installed SP2 and on and the times i've used Bit Torrent (G3 Torrent as the program and leeching through torrentbits.org) i've consistently maxed out both my download speeds (in excess of 350kb/sec) and upload (70kb/sec). i do see the error messages, but if it hasn't affected my P2P usage noticably at all.

Well you're lucky it hasn't affected you, noticably.

I connect to 5 P2P networks and it does affect me. If it were just a matter of it taking those downloads longer to connect, I'd not care, but it affects browsing so that's somewhat more important.

Share this post


Link to post
Share on other sites
teleguise    0

Well.. Thank you.. And i will edit accordingly

Edited by teleguise

Share this post


Link to post
Share on other sites
markjensen    101
You have to be kidding, a MOD deleted my post!

BECAUSE I SAID THIS THREAD HAS BECOME MORE ABOUT TESTOSTERONE THAN EDUCATION & INFORMATION.

Didn't realize slander was less controversial than the obvious.

All off-topic posts were removed once it became an argument.

There was one warning issued to the starter.

And, this matter is not up for discussion in the forums. Rest assured, if your post was removed, and you were NOT issued a warning, then your post wasn't removed because of anything that you did wrong. ;)

Share this post


Link to post
Share on other sites
Brandon Live    232
All off-topic posts were removed once it became an argument.

There was one warning issued to the starter.

And, this matter is not up for discussion in the forums. Rest assured, if your post was removed, and you were NOT issued a warning, then your post wasn't removed becuause of anything that you did wrong. ;)

Aw shucks, that's a lot of wasted time that went into those posts! Too bad you couldn't have just split the thread off or something. Oh well, not like I had anything better to do at the time :rolleyes:

Share this post


Link to post
Share on other sites
aniv    32

i dont think there is any need to patch the original sp2 tcpip.sys file, i havent noticed any difference with browsing or p2p apps. they were as fast as they used to be... as somebody already mentioned sp2 tcpip.sys only limits no of incomplete concurrent connections to 10 per second i dont know what difference it makes if you remove the limit !! in the process exposing your box to worms and DoS? or is there a common philosophy of disabling things M$ has implemented even if they are good? atleast do not misguide people who dont understand why they are patching their boxes by giving misguiding reports about improved connectivity and speeds. my friend is a senior level engineer with M$ and i have confirmed it with him since these rumours started spreading. so be rest assured and stick to the original sp2 tcpip.sys file.

Share this post


Link to post
Share on other sites
Protocol    0

Well if you fire up eDonkey or eMule, with your tcpip.sys set at 10 you will see lots of ID 4226 occuring. Set it higher and ID 4226 disappears.

Share this post


Link to post
Share on other sites
darkmark327    0

It wouldn't affect your throughput, as eventually everything will connect; that doesn't bother me, but it started affecting other things as well as those connections became queued.

Why can't the bottom line just be, "do what you think is right?"

Share this post


Link to post
Share on other sites
Brandon Live    232
Well if you fire up eDonkey or eMule, with your tcpip.sys set at 10 you will see lots of ID 4226 occuring. Set it higher and ID 4226 disappears.

Yeah, as a few requests will be delayed an ENTIRE ONE SECOND. Oh no, not an extra second!

Share this post


Link to post
Share on other sites
medafor    0
That's a stupid fix. This limitation is actually a good thing and doesn't affect the average user AT ALL! But now all the people who don't need this fix will in a rush of panic (OMG need fix) apply it and make the world a less safe place. Most don't even understand how it works, it DOES NOT limit the connections.

HOW COULD YOU DARE SAY THIS IS STUPID? i couldn't even pull up my email when i had my P2P software running. this "stupid fix" is a god send to us p2p users. i didnt realize how much of a problem the limit was till i couldnt connect to my email server. close my P2P software and boom, my email worked again. thank god i dont have to kill my p2p connections anymore just to check my email. limiting our connection and calling it a security fix? back to the drawing board microsoft, cause thats lame. my friend has a mac with unlimited connects and no threat to worms. LOL.

Share this post


Link to post
Share on other sites
+John Teacake    454
my friend has a mac with unlimited connects and no threat to worms. LOL.

I realy hope you were taking the **** when you posted that.

Share this post


Link to post
Share on other sites
darkmark327    0
HOW COULD YOU DARE SAY THIS IS STUPID? i couldn't even pull up my email when i had my P2P software running. this "stupid fix" is a god send to us p2p users. i didnt realize how much of a problem the limit was till i couldnt connect to my email server. close my P2P software and boom, my email worked again. thank god i dont have to kill my p2p connections anymore just to check my email. limiting our connection and calling it a security fix? back to the drawing board microsoft, cause thats lame. my friend has a mac with unlimited connects and no threat to worms. LOL.

Yeah, same thing with me, but with web sites too.

Yeah, as a few requests will be delayed an ENTIRE ONE SECOND. Oh no, not an extra second!

Don't be an ass. Like I would give a damn about P2P connections taking an extra second. But I do very much give a damn about sites taking about 15-30 seconds to connect.

Share this post


Link to post
Share on other sites
taureanz    0

Hi,

I have patched TCPIP.SYS using the batch file in sp2tcpnolimit.rar. This link was given earlier in this post itself (Page1). Well, I need to know, if I need to go back to the original version .... Is that possible ?

If it helps ..... just prior to the patching of the file, I made a windows explorer of TCPIP.SYS. Only one file game up in the search ...... I guess that was the original TCPIP.SYS. Anyway its safely backed up.

Please help!

Share this post


Link to post
Share on other sites
taureanz    0

"I made a windows explorer of TCPIP.SYS" ...... That's not possible, is it :D.

Anyway, that line is supposed to mean - "I made a windows explorer SEARCH of TCPIP.SYS" ....

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.