why i hate windows #49152
Dec. 8th, 2005 11:52![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
piranhaXP service pack 2 quietly limits the TCP-IP stack to 10 simultaneous connection attempts. ostensibly this was done to avoid the spreading of worms, which is all good and well -- except that i fucking want to be TOLD what is being done to my system, and i want to be given the option to ignore microsoft's idea of "best practices". i know, this must be so hard for bill to believe, but some of us do know what we're doing with our systems, and -- *gasp* -- we actually know better than him!
that limit is a problem for any applications that open a lot of TCP connections -- such as p2p programs. it'll slow them down. why is that so? TCP connections are initiated with a 3-way handshake: the client sends a SYN packet, and waits expectantly for a SYN and ACK response from the server. once the client gets that, it sends back an ACK. as long as the initial response from the server hasn't been received, the connection is "half-open", and the client waits for a certain period of time before giving up (and trying again a bit later). limiting the number of half-open connections means any further attempts to initiate a connection are put into a queue and have to wait their turn. windows will also consider writing to the event log. all of this takes processing time away from actually exchanging data.
if your system event log contains several 4226 events each day, this is happening to you. there is alas no registry fix, but you might want to grab ahold of the patch that's available; it allows you to raise the limit. the defaut of 50 should work fine, and still provide protection against the fast spreading of worms (if you are worried about that), but you can rerun the patch with a higher limit if you still find a lot of 4226 events in your event log.
that limit is a problem for any applications that open a lot of TCP connections -- such as p2p programs. it'll slow them down. why is that so? TCP connections are initiated with a 3-way handshake: the client sends a SYN packet, and waits expectantly for a SYN and ACK response from the server. once the client gets that, it sends back an ACK. as long as the initial response from the server hasn't been received, the connection is "half-open", and the client waits for a certain period of time before giving up (and trying again a bit later). limiting the number of half-open connections means any further attempts to initiate a connection are put into a queue and have to wait their turn. windows will also consider writing to the event log. all of this takes processing time away from actually exchanging data.
if your system event log contains several 4226 events each day, this is happening to you. there is alas no registry fix, but you might want to grab ahold of the patch that's available; it allows you to raise the limit. the defaut of 50 should work fine, and still provide protection against the fast spreading of worms (if you are worried about that), but you can rerun the patch with a higher limit if you still find a lot of 4226 events in your event log.
no subject
on 2005-12-08 20:55 (UTC)