Vista tcpip.sys Auto Patcher v2.2

[Gabe3]

I'm getting "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts" in my event viewer when I use bit torrent lately. I used the wrong vista tcpip auto patcher version and really screwed up my OS, I had to restore an image. Since I know what I did wrong I think I'll try again but use the correct auto patcher for my version of the tcpip.sys file.

Is there another way around this problem or what?

[+BudMan MVC]

Is there another way around this problem or what?

yeah correctly configure your BT client to not make so many half open connections!! A lower half open connection has no effect on your download speed.. But hitting the limit sure will.

[Gabe3]

I lowered the half open connections in utorrent from 8 to 4 and still had the same problem. I installed the tcpip auto patcher v2.2 and it fixed my problem, 50,000 connection limit or something like that now.

[Guest xiphi]

And what problem did it fix exactly? Do you have any idea why the limit is there in the first place or even what a half-open connection is?

[PermaSt0ne]

the tcpip patcher doesn't work on Vista x64 very well. it's extremely hard to get it working properly, so if you have vista x64 then give up and just set your connections lower

if you on windows xp or vista 32-bit then there are plenty of guides out there

[TurboTuna]

I have no idea why people still believe this FUD. The patch does nothing!

[+BudMan MVC]

I run utorrent, and have my net.max_halfopen set to the default 8, and have never once had the 4226 error in the event log. I just double checked -- the log goes back to 2/11/08, not one 4226 error

And utorrent is running 24/7/365 -- normally download and seeding multiple items.

if you are getting these errors, you most likely have something else running at the same time as your bt client also creating half open connections.

if you don't believe us that its FUD, here is some more info

http://www.p2pforums.com/viewtopic.php?f=111&t=32557

TCP/IP.sys Half-open connection limit guide.

Do your own research you will find that anyone telling you to install some patch has not a freaking clue to what they are talking about - PERIOD!

Does the limit in anyway actually slow down what its suppose to slow down -- I highly doubt it.. 10 half open connections a second it a lot of connections! So that worm could still find lots of machines to infect.. but hopefully the slow down it will cause in the normal traffic would alert the user that something is clearly wrong, etc.

I would suggest you look to what else might be causing your 4226 errors. Grab your fav sniffer and take a look at what is being put on the wire.. But even if you managed to remove the 10 half open connections a second limit, you did not fix anything. And only managed to mask an underlaying issue with your system.

[Gabe3]

And what problem did it fix exactly? Do you have any idea why the limit is there in the first place or even what a half-open connection is?

it fixed my error in event viewer and my internet doesn't drop when I use utorrent. I read a couple weeks ago that the limit is there because of worms that use to run IRC and make multiple connections as hosts. I'm probably wrong, I just skimmed over what I read, and I don't know what a half-open connection is.

the tcpip patcher doesn't work on Vista x64 very well. it's extremely hard to get it working properly, so if you have vista x64 then give up and just set your connections lower

if you on windows xp or vista 32-bit then there are plenty of guides out there

you can see from my last post that I got it working, and it was very easy. I just ran the batch file that installed the patched tcpip.sys file and readydriver plus to automate the disabling of digital driver signature signing check. it took less then 2 minutes, i have a true image backup in case things go wrong.

I have no idea why people still believe this FUD. The patch does nothing!

read my last post.

I run utorrent, and have my net.max_halfopen set to the default 8, and have never once had the 4226 error in the event log. I just double checked -- the log goes back to 2/11/08, not one 4226 error

And utorrent is running 24/7/365 -- normally download and seeding multiple items.

if you are getting these errors, you most likely have something else running at the same time as your bt client also creating half open connections.

if you don't believe us that its FUD, here is some more info

http://www.p2pforums.com/viewtopic.php?f=111&t=32557

TCP/IP.sys Half-open connection limit guide.

Do your own research you will find that anyone telling you to install some patch has not a freaking clue to what they are talking about - PERIOD!

Does the limit in anyway actually slow down what its suppose to slow down -- I highly doubt it.. 10 half open connections a second it a lot of connections! So that worm could still find lots of machines to infect.. but hopefully the slow down it will cause in the normal traffic would alert the user that something is clearly wrong, etc.

I would suggest you look to what else might be causing your 4226 errors. Grab your fav sniffer and take a look at what is being put on the wire.. But even if you managed to remove the 10 half open connections a second limit, you did not fix anything. And only managed to mask an underlaying issue with your system.

I did some research, and its a common problem on vista as well as XP. I reformatted to see if I receive the error on a fresh install, and I did. So I ruled out a possible infection. I have suspicion that my onboard NIC is going bad, so that could be my underlaying cause.

[+BudMan MVC]

I don't know what a half-open connection is.

Then it's quite clear you did not even make a half ass attempt at any research to what your issue really is.. Just as the rest of the lemmings out there following the FUD about the so called "patch" Who then pass on the nonsense to their buddy :rolleyes:

Did you even bother reading the info I linked to?

[Gabe3]

Then it's quite clear you did not even make a half ass attempt at any research to what your issue really is.. Just as the rest of the lemmings out there following the FUD about the so called "patch" Who then pass on the nonsense to their buddy :rolleyes:

Did you even bother reading the info I linked to?

I probably read what it is but I didn't remember. You could be right, or you could be wrong, it just depends what site you get your info on, if you google the problem theres a wealth of information. I could find 20 links that agree with you or 20 that don't. But I have nothing to prove, if my problem creeps back, then I have images to restore to. My PC is clean, with eset smart security 3.0, spybot, and windows defender so I'm not worried about a malware infection.

[39 Thieves]

I probably read what it is but I didn't remember. You could be right, or you could be wrong, it just depends what site you get your info on, if you google the problem theres a wealth of information. I could find 20 links that agree with you or 20 that don't. But I have nothing to prove, if my problem creeps back, then I have images to restore to. My PC is clean, with eset smart security 3.0, spybot, and windows defender so I'm not worried about a malware infection.

Rest assured, in this area, if Budman says you're wrong...you're wrong.

[+BudMan MVC]

I agree with you there are plenty of sites that promote the patch -- and I will state again, none of them have a clue to WTF they are talking about.. Heres a hint -- there is lots of FUD out there!!!

But it's common sense in understanding your not fixing anything -- why do you think you need to make more than 10 HALF OPEN connections a second?

Half open connections are connections that do not answer.. Your machine should not be trying to connect to IPs that do not answer.. When you try to make connections to IPs that do not answer faster than 10 a second, you end up filling up the queue, and now all new connections - even ones that would answer will be slower, since they have to wait their turn in the queue to be created..

This is really what would help find infections, not the limiting to 10 connections a second factor. Since if there are process(es) on your machine looking at random IPs (that do not answer) to infect -- it will fill up the queue, and you will NOTICE the slow down in your internet connection -- ie just browsing can be really slow when your queue is full.. You would then look into WHY this is happening and correct it from doing it -- not just hack it so you do not see the symptom of the problem anymore, like your doing.

If you want to see which process is doing this -- a simple quick easy way to verify that its your BT client doing it.. Then from a command line do a netstat -ano -- this will show you your connections that are half open. Ie they will be in the SYN_SENT state

You can create an example by trying to make a connection to an IP that you know will not answer..

In one command prompt I tried to telnet to this IP, that I know does not listen on telnet, From another command prompt I can see that it is in the half open state.

Active Connections

Proto Local Address Foreign Address State PID

TCP 10.40.0.4:1163 10.10.10.10:23 SYN_SENT 932

The 932 is the PID of the process trying to make the connection. You can then find this processing using your task manager or tasklist from the command line, or just doing a -b on netstat will give you the process name (but can be slow to finish)

If your BT client is in fact doing it, then lower the half open setting again.. Some people run it at 1, due to the fact they use other software at the same time that creates half open connections. This is in no way going to slow down downloads -- since half open connections are not helping you download anything anyway ;) It might just take a few extra seconds to make valid connections is all. If some other process is creating lots of half open connections -- look to why it would be doing that.

It could be your nic I guess -- if your connection attempts are not actually going out on the wire, or your not seeing the answer then your OS would think the connection is half open.. I tend to doubt that -- but sure it could happen I guess, if you have a faulty nic -- that does not put connection requests on the wire, or that does not see the answer.. Don't you think you should FIX THAT vs just masking the issue.

Hacking the stack to remove this limit is like pulling out the check engine light when it comes on vs looking to WHY it is coming on. Like I said before if you managed to remove the limit, you did NOT FIX ANYTHING you masked the issue from you noticing it -- just like pulling out the check engine light on your car cause you don't like it flashing at you ;)

[zhangm Supervisor]

You could be right, or you could be wrong, it just depends what site you get your info on, if you google the problem theres a wealth of information. I could find 20 links that agree with you or 20 that don't. But I have nothing to prove, if my problem creeps back, then I have images to restore to. My PC is clean, with eset smart security 3.0, spybot, and windows defender so I'm not worried about a malware infection.

What is that, Internet Logic? Here's one for you:

5 + 5 = 10 (citing Neowin.net, this post).

5 + 5 = 11 (citing Neowin.net, this post).

One of the above statements is clearly wrong, since they directly contradict each other. Reality does not depend on "what site you get your info on". Realize that you're experiencing a problem, and have addressed the symptoms because that involves double-clicking on some executable file that you downloaded off the Internet, as opposed to actually taking time to diagnose the cause of the issue.

Here's some more food for thought - if you're going to download and run some executable from the Internet without knowing exactly what it does, or why it is useful/not useful, then why exactly do you expect your security software to protect you from malware? Most malware infections these days aren't the fault of the software - they're the fault of the idiot with the admin password, sitting at the keyboard.

[+BudMan MVC]

^ well said!

And I completely agree with this "fault of the idiot with the admin password, sitting at the keyboard."

But they do not always need the admin password to screw it up.. So you could shorten it to "Fault of the idiot sitting at the keyboard"

Or to really shorten it up -- "PEBKAC" ;)

[unknownsoldierX]

While I agree that half-op[en connections shouldn't matter, I have had the same experiences as these guys. On multiple machines, Vista and XP. Even after a fresh install.

The patch does something. How else can it be explained that applying the patch fixes the slowdown issues so many users have while using BT?

I recently set up a new Vista box for a friend. The first thing they did was to start downloading a bunch of stuff using uTorrent. Not long after, the web browsing became very slow. The uTorrent D/L and U/L rates where appropriately capped and all other settings where set correctly. Did the TCP/IP patch and everything has been smooth since.

[Eric Veteran]

The patch sometimes makes the first minute or two of a torrent transfer seem a bit quicker because it can increase the amount of unanswered connections you can make, but it can also overwhelm many routers.

[Raa]

It DOES provide a benefit, albeit a small one, for a small period of time.

I used to use it on my XP system, but didn't bother after reformatting. I only notice BT is slow to get connections for the first minute or so, then it's established and running. I've repeated that behaviour a few times on various systems.

While I agree it does help, it's not really a good solution because of other reasons. (Refer to Budman's post/s)

[stormfrog]

...

Half open connections are connections that do not answer.. Your machine should not be trying to connect to IPs that do not answer.. When you try to make connections to IPs that do not answer faster than 10 a second, you end up filling up the queue, and now all new connections - even ones that would answer will be slower, since they have to wait their turn in the queue to be created..

...

Thanks for clearing that up BudMan. I was just sitting here with the patch ready to go resting my finger on executing it. Well, it seems I have no reason to.

If I understand correctly then I should be able to lower my halfopen connections setting in Utorrent down to... 4? Because if a computer doesnt answer within 4 seconds when I am using a 100Mbit connection then I definately dont wont anything to do with that connection(?).

Anyone kno if Uttorrent recently change their setting for half open connections? Ive never had this problem before and just recently updated Utorrent.

[+BudMan MVC]

Not sure where you came up with the doesn't answer in 4 seconds? Setting it to 4 does not mean that is how long it waits.

As to the comment "While I agree it does help" -- BS plain and simple.

edIt: @ "The patch does something. How else can it be explained that applying the patch fixes the slowdown issues so many users have while using BT?"

What part do you not understand about if you go over 10 half open connections a second your new connections have to get queued?????? Yes if you have hit the limit, ie a 4226 error -- then yes everything can become slow as Molasses.. Does not matter what you limited the upload/download or number of connections too.

As I thought I clearly went over, and the link I provided also goes over --- correct you application to not create so many freaking half open connections and you will never hit the error limit.. And you will not start queue up new connections.

How you set your bandwidth limits or max number of connections on your application has NOTHING to do with the number half open connections it might try to make. Utorrent defaults to 8, you can lower it if you have other applications running that might also create half open connections or that setting still puts you over the limit -- ie 4226 errors in the event log.. The latest version makes mention of something so it will never go over the half open limits -- the details I am not sure on yet.. But you can lower it to 1 if you need too.. It will not slow down your torrent speeds at all.

Edited October 10, 2008 by BudMan