INFO: Winsock TCP Connection Performance to Unused Ports

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q175523
This article discusses how the Winsock implementation of TCP on the variousMicrosoft platforms handles socket connections to ports that do not have aserver listening to them. It also describes the performance-relatedconsiderations and how to adjust them to suit your needs.
When a process creates a TCP socket in the Microsoft Winsock layer andissues a connect() call to some host and port number, the TCP protocolperforms its standard "three-way handshake" of a SYN packet, acknowledgedby the target host with ACK/SYN, and a final ACK from the initiatingclient. However, per the TCP specifications stated in RFC-793 (TransmissionControl Protocol), a reset (RST) might be generated if the SYN attempt isaddressed to a host which exists but the port is unused. This is bestdescribed by the following RFC quote from page 35:
Reset Generation

As a general rule, reset (RST) must be sent whenever a segment arrives which apparently is not intended for the current connection. A reset must not be sent if it is not clear that this is the case ...

If the connection does not exist (CLOSED) then a reset is sent in response to any incoming segment except another reset. In particular SYNs addressed to a non-existent connection are rejected by this means.

Reset Processing [page 36]

... In the SYN-SENT state (a RST received in response to an initial SYN), the RST is acceptable if the ACK field acknowledges the SYN.
Upon receiving the ACK/RST client from the target host, the clientdetermines that there is indeed no service listening there. In theMicrosoft Winsock implementation of TCP, a pending connection will keepattempting to issue SYN packets until a maximum retry value is reached (setin the registry, this value defaults to 3 extra times). Since an ACK/RSTwas received from the target host, the TCP layer knows that the target hostis indeed reachable and will not double the time-out value in the packet'sIP header, as is standard during connection attempts with unacknowledgedSYNs. Instead, the pending connection will wait for the base connection'stime-out value and reissue another SYN packet to initiate a connection. Aslong as an ACK/RST packet from an unused port is received, the time-outvalue will not increase and the process will repeat until the maximum retryvalue is reached.

This behavior may result in poor performance if for some reason a processrepeatedly issues connect() calls to ports with nothing listening there,resulting in the error WSAECONNREFUSED. Note that with otherimplementations of TCP, such as those commonly found in many UNIX systems,the connect() fails immediately upon the receipt of the first ACK/RSTpacket, resulting in the awareness of an error very quickly. However, thisbehavior is not specified in the RFCs and is left to each implementation todecide. The approach of Microsoft platforms is that the systemadministrator has the freedom to adjust TCP performance-related settings totheir own tastes, namely the maximum retry that defaults to 3. Theadvantage of this is that the service you're trying to reach may havetemporarily shut down and might resurface in between SYN attempts. In thiscase, it's convenient that the connect() waited long enough to obtain aconnection since the service really was there.

It contains the complete listing of NT TCP registry values. Of particularinterest is the key:

Key : TcpMaxConnectRetransmissions
Value Type : REG_DWORD - Number
Valid Range : 0 - 0xFFFFFFFF
Default : 3 (in Windows NT)
Default : 2 (in Windows 2000)
Description : This parameter determines the number of times TCP will retransmit a connect request (SYN) before aborting the attempt. The retransmission time-out is doubled with each successive retransmission in a given connect attempt (except in the situation discussed above). The initial time-out value is three seconds (since an ACK/RST was received in the case above, this is irrelevant).
For additional information on the Windows 95 TCP registry entries, click the article number below to view the article in the Microsoft Knowledge Base:
158474 Windows 95 TCP/IP Registry Entries
The following key is of particular interest:

Key : MaxConnectRetries
Value Type : DWORD - 32 bit number
Default : 3
Description : Specifies the number of times a connection attempt (SYN) will be retransmitted before giving up. The initial retransmission time-out is 3 seconds (irrelevant in the above case), and it is doubled each time (the case above is an exception) up to a maximum of 2 minutes.
Restart your computer after you adjust these registry values.

WARNING: Modifying these values affects any and all TCP outgoing connection requests from the affected computer. If all of the TCP activity on the computer has little latency and little distance to travel round-trip, reducing this as low as zero (although Microsoft does not recommend this) will make no difference. However, if applications or connection attempts fail regularly with the standard Winsock errors and the target remote servers are known to be available, it is likely that these registry entries are the cause. If so, you may have to raise the maximumretries so that TCP will double the SYN packet's time-to-live valuein its IP header at successive retries until it has a long enough life spanto reach the target host and receive an ACK/SYN.
RFC-793, Transmission Control Protocol, September 1981

Whitepaper, Microsoft Windows NT: TCP/IP Implementation Details, 1996Knowledge Base article 158474
winsock tcp connect performance

رقم الموضوع: 175523 - آخر مراجعة: 04/29/2011 22:36:00 - المراجعة: 4.0

Microsoft Win32 Application Programming Interface, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 Service Pack 2, Windows Server 2008 for Itanium-Based Systems, Windows Server 2008 Datacenter, Windows Server 2008 Enterprise, Windows Server 2008 Standard, Windows Web Server 2008, Windows Vista Service Pack 2, Windows Vista Service Pack 1, Microsoft Windows Server 2003 Service Pack 2, Microsoft Windows XP Service Pack 3, Microsoft Windows 2000 Service Pack 4, Microsoft Windows 98 Standard Edition

  • kbapi kbinfo kbnetwork kbwinsock KB175523