Tutorial Thursday
When Microsoft released Windows XP SP2, (as well Vista) they imposed a connection limitation on the operating system. It’s not something that you can readily notice without digging to see if it occurs, but the chances are good that your computer has hit this limit at some time or another.
–What is the Limitation?–
Microsoft put it in place to prevent spammers, viruses, malware, and malicious applications from being able to use your computer as a hub to quickly replicate itself across networks. It also keeps your computer from being able to start a DDoS (distributed denial of service) attack which could single handedly destroy the Internet as we know it.
In Windows XP Pro SP2, your computer is allowed 10 concurrent connections per second, while the Home edition is limited to just 5 connections. In XP Pro if you try to load up more than 10 websites at the same time, for example, you will more than likely hit the limit which means some of your requests will get queued. Windows Vista Basic is even more restrictive with a limitation of just 2 concurrent connections per second, while Vista Ultimate peeks at 25 connections.
This is something that will slow down your file sharing applications, such as uTorrent and Azureus, since they prosper the most out of having a large number of connections to work with. Before this limitation had come about in XP SP2, there were over 65,000 connections allowed at a single time. I’ll admit that 65,000 may be a little over the edge, but limiting someone to 2 concurrent connections is equally insane.
–Recognize the Problem (Event ID 4226)–
You can quickly tell if you’ve had this problem by opening up the built-in Windows Event Viewer (opening in XP/opening in Vista). There you’ll be looking for a warning with the Event ID 4226, and the description will say:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
If you see that then you’ve hit the limit on the number of connections you can have per second. When I pulled up my Event Viewer I ran a filter on that particular Event ID, and came up with 36 results which all appear to have happened when doing BitTorrent downloads:
I’m also running Vista Ultimate which allows for the most connections per second out of all the different versions, and as you can see I still had the warnings. So we’ve identified that the problem exists…now let’s fix it!
–Patching the TCPIP.sys File–
Fixing the problem is actually extremely easy thanks to a few people that have done some hard work putting patches together:
- Windows XP: Get the patch (Download Mirror) and run EvID4226Patch.exe. This increases the number of simultaneous connections to 50 which is much more reasonable.
- Windows Vista: Get the patch (Download Mirror) and run InstallPatch32.bat for 32-bit versions of Vista and InstallPatch64.bat for 64-bit versions of Vista. If for some reason things aren’t working right you can uninstall the patch by running UndoPatch.bat. This will increase the number of connections allowed to 500.
–Overview–
Now you know how to patch the TCPIP.sys file so that the number of connections isn’t nearly as restrictive as Microsoft thinks it should be. I understand that it is limiting the spread of viruses, and could quite possibly save the world, but I like to make sure that my downloads go as fast as they can. 
when I downloaded the WinXP via DivShare Trend Office Scan says it’s a virus! (HKTL_EVID.AF)
Symantec AntiVirus Corporate Edition 9.x doesn’t find any virus.
Also is Windows 2003 Versions also affect by this limitation? Because we could just imagine how horrible this would be for a web server.
I think some antivirus scanners would see it as a virus since it has to modify a system file. And no, Windows 2003 isn’t affected by this as far as I know. The last I remember setting up Windows 2003 it prompted you during the setup routine to pick the maximum number of connections that you wanted to allow.
This is actually a bit of a myth that spread when SP2 first came out.
Contrary to popular belief, it is not a hard limit on the number of simultaneous connections. It is actually a limit on the number of half-connections (or connection attempts allowed per second). So in terms of torrents, all it means is that you’re given ten attempts at connecting to peers per second. When this error pops up in the Event log, it simply means any connections that weren’t made in the previous second, those attempts are queued and should be made in the next.
At most, this limit may slow down the speed of your initial startup of connections to peers by a few seconds but it has no real impact on the total speed of the download itself.
Personally, I use linux for all of my downloading… works much better, and there’s no chance of viruses.
There’s always a chance of a virus, no matter the OS. There are much fewer written for Linux because it does not have a huge share of the OS market.