Difference between revisions of "FAQ: Missing open ports"
From Angry IP Scanner
(→Windows Vista) |
(→Windows XP) |
||
| (One intermediate revision by one user not shown) | |||
| Line 11: | Line 11: | ||
However, especially on '''Windows''' platforms, the problem can also be caused by TCP connection rate limiting. | However, especially on '''Windows''' platforms, the problem can also be caused by TCP connection rate limiting. | ||
| − | Starting from Windows XP SP2 (and on through Vista), Microsoft has crippled down consumer versions of Windows, officially in order to limit the possibilities of insecure Windows machines to act as hosts for Internet attacks executed by worms and trojans. Unfortunately, these changes also made non-server editions of Windows a lot less capable for doing network administrations tasks, such as scanning. | + | Starting from Windows XP SP2 (and on through Vista SP1), Microsoft has crippled down consumer versions of Windows, officially in order to limit the possibilities of insecure Windows machines to act as hosts for Internet attacks executed by worms and trojans. Unfortunately, these changes also made non-server editions of Windows a lot less capable for doing network administrations tasks, such as scanning. |
Windows implementation of '''TCP connection attempt rate limiting''' limits the number of simultaneous connection attempts to 10 on XP SP2 or 2 to 25, depending on the edition of Vista. The previous limit was over 65,000. You can check if you reach this limit by examining the ''Event Log'' after scanning: look for the '''Event ID 4226''', which corresponds to this problem. | Windows implementation of '''TCP connection attempt rate limiting''' limits the number of simultaneous connection attempts to 10 on XP SP2 or 2 to 25, depending on the edition of Vista. The previous limit was over 65,000. You can check if you reach this limit by examining the ''Event Log'' after scanning: look for the '''Event ID 4226''', which corresponds to this problem. | ||
| + | |||
| + | This limitation has been removed in Vista SP2 and later releases (Server 2008 SP2 and Windows 7). | ||
For scanning purposes, that means you can have at most this number of scanning threads if you want to get reliable results. The number of scanning threads affects the maximum number of hosts scanned simultaneously and therefore the maximum number of connections made at each moment. | For scanning purposes, that means you can have at most this number of scanning threads if you want to get reliable results. The number of scanning threads affects the maximum number of hosts scanned simultaneously and therefore the maximum number of connections made at each moment. | ||
| Line 30: | Line 32: | ||
Read [http://www.speedguide.net/read_articles.php?id=1497 more information about the problem], which describes how to patch manually. The automatic patcher is available from [http://www.lvllord.de/ this site]. | Read [http://www.speedguide.net/read_articles.php?id=1497 more information about the problem], which describes how to patch manually. The automatic patcher is available from [http://www.lvllord.de/ this site]. | ||
| + | |||
| + | |||
| + | please informe me how can i check it? | ||
| + | |||
| + | Habib | ||
| + | Bangladesh | ||
| + | rhabibr_hr@yahoo.com | ||
| + | Mobile: +8801710288422 | ||
==== Windows Vista ==== | ==== Windows Vista ==== | ||
Latest revision as of 02:08, 22 February 2011
Sometimes Angry IP Scanner can not detect open ports and will consider them filtered.
Contents |
[edit] Timeouts
This problem can always be 'fixed' by changing some scanning preferences, like timeouts and number of scanning threads.
The cause of the problem is that Angry IP Scanner doesn't wait for responses from the hosts to arrive long enough: if the network is congested with packets or hosts just reply slowly for any reason, the roundrip time of TCP handshake can exceed the configured port timeout (see Preferences dialog, Ports tab). The default waiting time is 3 seconds, but it is decreased automatically for each host if ping packets went through quickly enough and timeout adaptation is enabled (see the corresponding check box).
[edit] Rate limiting on Windows
However, especially on Windows platforms, the problem can also be caused by TCP connection rate limiting.
Starting from Windows XP SP2 (and on through Vista SP1), Microsoft has crippled down consumer versions of Windows, officially in order to limit the possibilities of insecure Windows machines to act as hosts for Internet attacks executed by worms and trojans. Unfortunately, these changes also made non-server editions of Windows a lot less capable for doing network administrations tasks, such as scanning.
Windows implementation of TCP connection attempt rate limiting limits the number of simultaneous connection attempts to 10 on XP SP2 or 2 to 25, depending on the edition of Vista. The previous limit was over 65,000. You can check if you reach this limit by examining the Event Log after scanning: look for the Event ID 4226, which corresponds to this problem.
This limitation has been removed in Vista SP2 and later releases (Server 2008 SP2 and Windows 7).
For scanning purposes, that means you can have at most this number of scanning threads if you want to get reliable results. The number of scanning threads affects the maximum number of hosts scanned simultaneously and therefore the maximum number of connections made at each moment.
If you have more threads, then even successful connection attempts will be blocked by the TCP stack, so Angry IP Scanner will reach port timeouts and think the ports are closed.
The limit affects all network-intensive applications: scanners, file sharing software, or a combination of network applications that a power user may be using (VPN, FTP, p2p, RDP, SSH, "Firefox on steroids" and more).
Current versions of Angry IP Scanner will warn you about this then first run on Windows platforms.
[edit] Patching Windows
Although, Windows is anyway not the best platform for scanning, this concrete limitation can be removed by patching your system files. The limitation is built into the tcpip.sys driver, and the limit is not configurable by default.
[edit] Windows XP
Read more information about the problem, which describes how to patch manually. The automatic patcher is available from this site.
please informe me how can i check it?
Habib Bangladesh rhabibr_hr@yahoo.com Mobile: +8801710288422
[edit] Windows Vista
See information about patching Vista. The site is about increasing the performance of BitTorrent downloads, but the same patch will dramatically improve scanning speed as well - just don't forget to increase the number of threads in Angry IP Scanner's preferences after applying the patch.
This limitation is removed in Vista SP2, so no patching will be required.