System limitations on scanning TCP/IP opened ports
Microsoft introduces a limit (of 10) to restrict number of allowed simultaneous outgoing half-open TCP connections in Windows XP SP2(x86,x64)/SP3, 2003 Server SP1(x86)/SP2(x86,x64), Vista without SP(x86,x64) and with SP1(x86,x64) to prevent virus or malicious program to make unlimited infectious connections to other systems. These operating systems slow down the IP address range scanning through the connection to a TCP port for all running applications (the ICMP ping is not affected) on a PC. Our program can be affected by this limitation.
When this limitation occurs, you will see the event ID 4226 with error message "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts" in the application Event Log.
The network scanning results provided by our program can be affected by this limitation. Some hosts may not be found and the program can be locked by the system for 10 seconds or more periodically.
If this does happen, please consider the following solutions:
- Close other programs that can generate many outgoing half-open TCP connections.
- When you are creating a new network map or scanning IP address ranges for new devices, increase timeouts for TCP port scanning in the Network Scanning Wizard to several seconds so no more than 10 IP addresses to be checked per 10 seconds.
- Disable TCP port checking when it is not necessary during the network scan or host monitoring.
- Learn more about disabling the limit below.
The complete removal of the limit for half-open outbound TCP connections, which is defaulted to 10, was finalized with the release of Windows Server 2008 and Vista SP2 Build 17506. In fact, the half-open outgoing TCP connection limit has been bypassed by default since Windows Vista SP2 RC Build 16670.
Microsoft adds a registry key that allows user or administrator to enable (turn on) or disable (turn off) the half-open TCP connections limit in Windows Vista with Service Pack 2 and in Windows Server 2008 with Service Pack 2.
There are a lot of patches for the tcpip.sys driver that disable the limit or raise the number of allowed connections. You can search the Internet for the "half-open TCP connections limit " phrase and find the patches.