Maximum Half-Open TCP Connections
Explains what the half-open TCP limit is and how to alter it.
Windows XP Service Pack 2 (available here) includes an array of new security “enhancements”. One of these so called enhancements limits the number of simultaneous incomplete outbound TCP connection attempts (’half-open connections’) per second to 10. This is supposed to slow down certain viruses because their spreading strategy is to try to connect to a high amount of random IP numbers. While this limit will slow down viruses, it will also slow P2P (peer-to-peer) applications that establish lots of connections over a short period of time. BitComet is one such application.

When the half-open connection limit is reached, new connections will be queued until some of the current connections are established. The 10 half-open connection limit applies to Windows, not just BitComet, so if BitComet is using all 10 half-open connections and you try to load a page in your web browser it may take a long time to connect, or even time out.

Please don’t get the half-open connection limit confused with BitComet’s “Connections per task” — once connections are established they’re no longer bound by this limit.

How do I tell if I’m reaching the 10 half-open connections limit?

Go to Start > My Computer > Control Panel > Administrative Tools > Event Viewer > System

Click the Event column so it’s sorted by the Event ID and look for 4226, like this:

If you right-click the 4226 warning and select Properties it will show you a brief description of the warning, like this:

I’m getting this warning, so what do I do about it?

If you’ve received a 4226 warning, or want to ensure you won’t get any, you can alter the maximum connection limit using LvlLord’s TCPIP.SYS patcher available from the official website:

For vista, try here (by ionstorm) download mirrors are available for v2.23d (1st May 2005):

Mirror 1 Adelaide, South Australia (Thanks to Dragosani)
Mirror 2 Adelaide, South Australia (Thanks to D-503)
Mirror 3 Texas, USA (Thanks to Dragosani)
Mirror 4 Texas, USA (Thanks to Dragosani)

What should I change the limit to?

It’s recommended that you set it to 50, then reboot, start up your normal internet programs and check the Event Viewer. If you’re still receiving 4226 warnings, run the patch again and increase the limit by small increments until you are no longer receiving warnings. I run 2-3 different P2P applications along with my web browser and a couple of chat programs all simultaneously so I have set mine to 100.

If you want to change the limit back to default(10), just run the patch again.

NOTE: Some Windows Critical Updates change this limit back to 10 (with no notification), so after installing windows updates you should either check the Event Viewer or run the patch to make sure you’re not limited to 10 again.

Media Lab Overview
LIACS Homepage
MM Conf
ACM Multimedia
Science Direct
IEEE Library
LIACS Publications
ACM Digital Library