SP2 TCPIP.SYS

By pineapples52
in Microsoft (Windows)

 Share

Recommended Posts

Rookie

nick99exb

Posted
Posted

I patched the TCPIP.SYS file successfully to unlimited half open connections but when I run Edonkey2000 v1.0 with the windows firewall activated edonkey gets blocked from uploading and downloading after about 15 min. the only way i can successfully run edonkey is by deactivating the windows firewall. Isnt this patch supposed to fix this problem?

Mentor

bkellner

Posted
Posted (edited)

Please learn how the Internet works before you go editing system files.

THIS DOES NOT LIMIT THE MAX CONCURRENT TCP CONNECTIONS. It would be impossible for Microsoft to release anything that does that and still call XP a Network Operating System.

Proof:

Take an "unpatched" version of SP2 and connect to an IRC Server, AIM, and browse a few websites -- maybe download a file.  Open command prompt and type netstat -a, how many TCP connections do you count?

WHAT IT REALLY DOES:

SP2 limits the number of new tcp connections your computer will establish per second. It will not affect downloads or games. It will not even stop viruses from spreading, or spam from being delivered for that matter, though it will slow them down and relieve network and internet congestion.

You see, once the max number of connections per second is reached, additional connections are queued and processed at the specified max rate. This means when you connect to P2P networks (Kazaa, Bittorrent, etc..), you will connect to the same amount of people overall and receive the same download speads you would otherwise. If you are having problems not connecting to as many people since installing SP2, try disabling SP2's new Firewall.

EventID 4226

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts

As you can see, this just states that you have reached the limit. What it doesn't tell you, is that it has put the remaining tcp connections in a queue and will process them at the specified max rate. Don't get your panties in a bunch, all your tcp connections will be processed and most likely will be done so at an unnoticable rate.

"SO WHY SHOULDN'T I PATCH?"

This feature is to slow down worms which spread by opening connections to random addresses at a really fast rate. This will give anti-virus companies more time to create a fix for the worm before it becomes an epidemic, allowing them to stop the spreading at 10,000 infected computers rather than 500,000. Not to mention it can reduce network and internet congestion. Why would you want to mess with that?

If you still want to patch, go ahread. I'm sure there are some cases which warrent it, such as hosting large webservers those extra connections per second could make your website load faster for a lot of users. Though, at the same time increasing the load on your server.

Edited by krazie
Grand Master

Malisk

Posted
Posted

Thanks krazie for saving me from typing that. :)

This patch or any other patch of this kind does very little to a normal user, even if that user is a hardcore P2P user.

If you got probs in SP2 with P2P apps, it's probably because of some other problem.

I suggest everyone leave this system file untouched to help making Internet a better place with less efficient worms. :)

Mentor

dreamthief

Posted
Posted

there's a new patcher update in http://www.lvllord.de/4226fix/4226fix.htm.

Doesn't require running in safe mode and etc. Just double click and patch it. Restart computer after that and voila. Problem solved.

Sorry if you think i hijacked your thread but i think other neowinians deserve to have choices. This also could reduce the "OMG, not another tcpip.sys sp2 issue thread, please make it stop" :)

Mentor

dreamthief

Posted
Posted
Thanks krazie for saving me from typing that. :)

This patch or any other patch of this kind does very little to a normal user, even if that user is a hardcore P2P user.

If you got probs in SP2 with P2P apps, it's probably because of some other problem.

I suggest everyone leave this system file untouched to help making Internet a better place with less efficient worms. :)

Yah, it is caused by that tcpip.sys change. I think there is other alternatives or workaround p2p developers can come up with. The kazaa lite 2.4.3 was the only p2p that didn't have any problem after sp2 was installed and i was still able to have fast download and upload.

But till there's a workaround patch, i'll patch the tcpip.sys. Besides, i'm not a newbie. No worm is going to go out or come in my computer system.

Grand Master

Malisk

Posted
Posted
there's a new patcher update in http://www.lvllord.de/4226fix/4226fix.htm.

Doesn't require running in safe mode and etc. Just double click and patch it. Restart computer after that and voila. Problem solved.

*sigh* What problem?

eMule etc works just fine without this (at least according to users on their forum), Windows XP isn't dropping any connections, etc.

Mentor

dreamthief

Posted
Posted
*sigh* What problem?

eMule etc works just fine without this (at least according to users on their forum), Windows XP isn't dropping any connections, etc.

Maybe it's my configuration, i'm not sure.

Limewire refused to get connected, Emule was fine, edonkey V1 is always at the connecting phase, doesn't want to connect. Bit torrent was normal, kazaa lite as i mentioned was fine as well.

Mentor

bkellner

Posted
Posted

As with most P2P networks, the beginning of the download is when you will gain the most tcp connections. During the rest of the transfer you'll gain or lose a few every now and then. If you check your event viewer, you'll notice the EventID 4226 occurs when you start the download, and maybe a few times during. But the tcp connections that it's talking about ARE being queued and will be connected.

This does not affect any P2P downloads mostly for the reason stated above.

Explorer

FBtje

Posted
Posted (edited)
As with most P2P networks, the beginning of the download is when you will gain the most tcp connections. During the rest of the transfer you'll gain or lose a few every now and then.? If you check your event viewer, you'll notice the EventID 4226 occurs when you start the download, and maybe a few times during. But the tcp connections that it's talking about ARE being queued and will be connected.

This does not affect any P2P downloads mostly for the reason stated above.

so why is everyone (including the staff) on the shareaza forum suggesting you must install the patch? of course the p2p programmers can come up with a workaround, but it doesn't do any good to the p2p client..

Connections are not only made with the beginning of a download as far as I know..

there are enough security programs on the market to undo the possibility of a worm spread or whatever..

Edited by FBtje
Mentor

bkellner

Posted
Posted (edited)
so why is everyone (including the staff) on the shareaza forum suggesting you must install the patch? of course the p2p programmers can come up with a workaround, but it doesn't do any good to the p2p client..

Connections are not only made with the beginning of a download as far as I know..

there are enough security programs on the market to undo the possibility of a worm spread or whatever..

Did you even read the post you responded to? I didn't say connections are ONLY made at the beginning. If you've ever used a P2P program to download you'd know that MOST of the connections you connect to throughout the download ARE connected at the beginning.

Since the release of this patch people have been misinformed. I'm just simply explaining the truth of the matter. You can install the patch for all I care, but you won't see much or any difference. With 10 seconds per second limit you'd be able to connect to 600 people in one minute, is that not enough for your P2P needs?

Where have you been for the past year, do you not remember Blaster, MyDoom or others? Maybe you should read this, http://216.239.41.104/search?q=cache:BvmCZ...rnet+worm&hl=en

Edited by krazie
Mentor

bkellner

Posted
Posted
I still have the original sp2 tcpip.sys (check the date) and look how many users i het on Kazaa Lite.

The first sp2 install i done it would only connect to 89,000.  :blink:

BTW, what is tcpip6.sys?

tcpip6.sys is a standard windows service. It probably has to do with IPv6.

Also another note for people only connecting to 89,000 users, you may be connecting to an unlinked server on Kazaa, much how IRC has NetSplits. When you connect, you don't always connect to the same server. Sometimes you'll be fowarded to a new server, if that server isn't connected to the rest of the network at the moment you will have less people. If you manually change the server you connect to, or try reconnecting a few times it could clear up.

It could also be the new SP2 firewall, make sure that's disabled or set up to allow Kazaa.

Explorer

FBtje

Posted
Posted
You can install the patch for all I care, but you won't see much or any difference between 10 or even 50 connections. You probably won't even notice a difference between unlimited connections for that matter. With 10 seconds per second limit you'd be able to connect to 600 people in one minute, is that not enough for your P2P needs?

only 600 people? no, that's not enough.. without the patch Shareaza doesn't connect to Gnutella1 and Gnutella2 if you have many downloads open.. it only connects to eDonkey2000...

there is nothing wrong with your explanation in what way tcp connections are being restriced, but for me: I cannot use Shareaza without the patch.. I've tried it, saw the difference ;) If it doesn't affect you that much, lucky you..

Mentor

bkellner

Posted
Posted (edited)

With 10 tcp connection attempts per second you could theoretically have 600 tcp connections sending you the file in one minute. Most of the time you probably won't even have over 100. Most P2P programs have default settings for how many people can send you a file, and set it around 50 -- It would take 5 seconds to deplete that queue. This limit does not affect how you connect to the server at all.

TCP connections are not being restricted, they simply are being put on hold for a second. Everything it was doing before you upgraded to SP2, it is still doing after you upgrade.

Edited by krazie
Neowinian

carstereos

Posted
Posted

I wrote to the Register.com and got this response...

"SP2 limits the number of *incomplete* outbound connections, NOT "the number of simultaneous TCP connections a program can make." It is an important distinction. I can still have a program make as many connections to as many ports to as many IP's as I want, as long as they connect.

This is really a good thing, though someone on a newsgroup somewhere misinterpreted the meaning of the change, and started going off on it. If anything, eMule will probably perform better in the case that a peer-to-peer client is unavailable. I know it may not be the response you were looking for, but limiting incomplete connections by default, I think, is great."

Proficient

Kussie

Posted
Posted

You also need to keep in mind that if a program crosses the limit to much it will be blocked i believe. I remember reading this somewhere i forget where though. On a different note i was getting extremely slow speeds and such on both Edonkey and BitTorrent until i applied the patch and it jumped right back up to fast speeds.

Edit:

Like the guy above me said it will cause problems with unestablished connections. Because most of my Edonkey and Bittorrent downloads were connecting continously to other users and servers the slow speeds would have been caused by this limit. The patch fixed it but it could also be fixed via reconfiguring my programs as well i believe, but oh well

Rising Star

helmers

Posted
Posted

Perhaps the first post should be edited, since it doesn't change the "limit of 10 Concurrent TCP Connections" but rather the "limit of opening 10 new TCP Connections per second".

There is a huge difference, and given that the people who install this probably will know little about networks, they are likely to spread worms and virii.

But it *is* funny when people claim enormous speed increases tho'. ;)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.