courtesy of Yibbles.
If you do not patch TCPIP.sys or elect not to revert changes or not to re-patch your TCPIP.sys, you must reduce/limit to 8 this setting in your BT Client:
net.max_halfopen [limit to 8 and cannot exceed 10 if TCPIP.sys is not patched]
In uTorrent: Options > Preferences > Advanced options > net.max_halfopen
The default in Az & uT is 8 (80% limit) and this setting should never exceed 80% (and cannot exceed the total) of your total available concurrent simultaneous connections. Otherwise, your BT Client or OS will crash or your internet connection may die; at “best”, your BT Client will lose connections and operate horribly.
Yibbles’ FAQs re Patching WinXP/sp2 TCPIP.sys
Q1. Why do you say “it is critical to patch your TCPIP.sys if you run WinXP-SP2 (and now SP3) or Windows 2003” for torrenting?
A1. BT, by its very nature, kills and overloads
Windows TCP/IP which is specifically designed to handle a maximum of 10
concurrent half-open connections. BT alone is a HUGE strain on win
tcp/ip stacks (as well as most consumer oriented routers). Depending on
how much you are seeding and leeching, BT, for example, may attempt to
make 100 or more connections at once. A connection attempt is a query to
a computer. If your computer cannot send or receive a query, it is the
same as if your computer were turned off. Unpatched, your TCPIP.sys
would only be able to connect (in my example) to 10 per second so it
would take 10 seconds or an additional 9 seconds to communicate with all
100. In the meantime, ie, during these 9 seconds waiting to connect to
the remaining 90, your BT Client is no longer able to send or receive
the other 100 connections per second. Each second, your BT Client is
losing connections and losing ground.
As your concurrent half-open connections max out, your BT Client is unable to communicate with peers and/or the tracker and the result is lost connections and RED TORRENTS. XP(sp2) w/o a patched TCPIP.sys, is “throttled” in effect. Further, your BT Client is not the only program on your pc competing for limited TCPIP.sys connections. Other applications include your web browser, your email client, your antivirus program and applications depending upon network connectivity.
Q2. I haven’t patched, is that why I’m not clever and do I need to patch to be so?
A2. No. If you are not clever, it is not for failing to patch TCPIP.sys and patching is not necessary to be connectable. But, patching TCPIP.sys may improve connectivity performance. Being connectable is great (ports forwarded properly and the like), but if your OS is choked off and cannot handle the connections BT requires, you might as well be unconnectable because bottom line results can be similar.
Q3. I’ve heard that patching TCPIP.sys will increase my BT speed. Is this true?
A3. No. Patching does not directly increase speed. But, as noted above, depending upon your BT usage and needs, patching may improve performance and connectivity by relieving network congestion and bottlenecks. To some extent, those performance improvements are almost indistinguishable from speed improvements because like the connectivity discussion above, the bottom results are similar.
Q4. Will patching TCPIP.sys fix my router which is dropping connections?
A4. Absolutely & Positively No.
Relieving 1 potential connection bottleneck in your OS by patching TCPIP.sys and properly port forwarding are but 2 of the total elements in the BT “config” dynamic.” Like your OS, most consumer routers (including those using 3d party firmware like dd-wrt or tomato), also cannot handle the massive number of connections made by your BT Client. Further potentially contributing and compounding matters are USB/wireless devices, bad drivers/firmware, other failing hardware, external drives, malware etc. You can use the patcher to open TCPIP.sys to its 16777214 max, but that doesn’t mean that your router can handle it. That’s why overall config is necessary.
Router issues are beyond the scope of these FAQs, but one of the most important settings is to properly configure and limit the global max number of connections that your router and OS can handle. See generally (and this info/concepts and resources is equally generally applicable to all BT Clients and Config).
Q5. Why is the LvlLord Patcher called the “Event ID 4226″ Patcher? What’s Event ID 4226?
A5. Event ID 4226 is the entry in Event Viewer for “TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts”.
Q6. What about Windows versions pre-XPsp2 and WinXP/sp1? Do I need to patch TCPIP.sys?
A6. No. Windows versions pre-XP/sp2 do not reduce or limit the number of half-open connections to 10. Microsoft’s Service Pack 2 security update to XP and all windows versions thereafter do.
Q7. Why did Microsoft reduce or limit the number of half-open connections to 10? Shouldn’t I just trust that Microsoft did so and not use the LvlLord Patcher to change TCPIP.sys?
A7. You should trust your own judgment and make your own decision. According to Microsoft, Windows XP/sp2 cuts down the number of half-open connections to 10 to help slowdown attacks by worms, which have the tendency to connect to as many IP addresses as possible all at once. As summarized (or ranted) in an article at SpeedGuide.net, “In other words, even though it is not going to stop worm spreading, it’s going to delay it a few seconds, limit possible network congestion a bit, and limit the use of your PC to 10 connection attempts per second in the process!” Unfortunately, reducing the number of half-open connections also slows down the ability of peer-to-peer applications to make connections and BitTorrent strives on this to deliver superior speeds.
Q8. Are the changes made by the Patcher permanent?
A8. No. You can use the LvlLord Patcher to revert TCPIP.sys to its original state at any time you want.
Q9. Do I need to use the LvlLord Patcher? I read something, that it’s possible to change limit via registry (TcpNumConnections). Is that true?
A9. No, at least according the author of the LvlLord Event ID 4226 Patcher (4226 fix), who explains that “the concurrent connection attempt limit has nothing to with concurrent connections, this registry-key is useless. Unfortunately there is no registry-key, which would allow the user to change the concurrent connection attempts.” There is at least one other “competing” patcher.
Q10. What about viruses or trojans or malware?
A10. Again, you should trust your own judgment and make your own
decision. This is how the author of the LvlLord Event ID 4226 Patcher
responds to your question (broken English and all):
“Recent false virus-notifications
“Some AntiVir Software vendors added the patcher into their virus-definitions. The patcher is often detected as ‘Tool/EvID’. But as a first info: The patcher is NO VIRUS.
“Some virus and trojanwriter uses the same technique to increase the limit. After that its easier for them to spread to other computers in the internet. This runs without knowledge of the user. So he is not informed about what’s going on.
“With the patcher here, every user can decide on his own if he wants to change the file and if yes how high the limit should be. Also the user will be warned if he chooses to high limits, as already infected machines will spread existent viruses and trojans easier to the net. So everybody can choose on its own and is not forced to. The patcher itself does not contain malware.
“The virus-notification therefore should be seen as an information that this program contains the functionality to increase the limit. If that program is not known or has not been installed you can delete it.”