ArpCacheLife
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Number of seconds
Valid Range:
0–0xFFFFFFFF
Default:
In absence of an ArpCacheLife parameter, the defaults
for ARP cache time-outs are a two-minute time-out on unused
entries and a ten-minute time-out on used entries.
Description:
See ArpCacheMinReferencedLife
ArpCacheMinReferencedLife
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Number of seconds
Valid Range:
0–0xFFFFFFFF
Default:
600 seconds (10 minutes)
Description:
ArpCacheMinReferencedLife controls the minimum time
until a referenced ARP cache entry expires. This parameter
can be used in combination with the ArpCacheLife
parameter, as follows:
-
If
ArpCacheLife is greater than or equal to
ArpCacheMinReferencedLife, referenced and
unreferenced ARP cache entries expire in ArpCacheLife
seconds.
-
If
ArpCacheLife is less than
ArpCacheMinReferencedLife, unreferenced entries
expire in ArpCacheLife seconds, and referenced
entries expire in ArpCacheMinReferencedLife
seconds.
Entries
in the ARP cache are referenced each time that an outbound
packet is sent to the IP address in the entry.
ArpRetryCount
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Number
Valid Range:
1–3
Default:
3
Description:
This parameter controls the number of times that the
computer sends a gratuitous ARP for its own IP address(es)
while initializing. Gratuitous ARPs are sent to ensure that
the IP address is not already in use elsewhere on the
network. The value controls the actual number of ARPs sent,
not the number of retries.
ArpTRSingleRoute
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
Setting this parameter to 1 causes ARP broadcasts that are
source-routed (Token Ring) to be sent as single-route
broadcasts, instead of all-routes broadcasts.
ArpUseEtherSNAP
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
Setting this parameter to 1 forces TCP/IP to transmit Ethernet packets
using 802.3 SNAP encoding. By default, the stack transmits
packets in DIX Ethernet format. It always receives both
formats.
DatabasePath
Key:
Tcpip\Parameters
Value Type:
REG_EXPAND_SZ—Character string
Valid
Range:
A valid Windows NT file path
Default::
%SystemRoot%\system32\drivers\etc
Description:
This parameter specifies the path to the standard Internet
database files (Hosts, Lmhosts, Network, Protocols,
Services). It is used by the Windows Sockets interface.
DefaultTTL
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Number of seconds/hops
Valid
Range:
0–0xff (0–255 decimal)
Default:
128
Description:
Specifies the default time-to-live (TTL) value set in the
header of outgoing IP packets. The TTL determines the
maximum amount of time that an IP packet may live in the
network without reaching its destination. It is effectively
a limit on the number of routers that an IP packet is
allowed to pass through before being discarded.
DisableDHCPMediaSense
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
This parameter can be used to control DHCP Media Sense
behavior. If set to 1, the DHCP client will ignore Media
Sense events from the interface. By default, Media Sense
events trigger the DHCP client to take an action, such as
attempting to obtain a lease (when a connect event occurs),
or invalidating the interface and routes (when a disconnect
event occurs).
DisableIPSourceRouting
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid Range:
0, 1, 2
0 - forward all packets
1 - do not forward
Source Routed packets
2 - drop all incoming
Source Routed packets
Default:
1 (true)
Description:
IP source routing is a mechanism allowing the sender to
determine the IP route that a datagram should take through
the network, used primarily by tools such as tracert.exe
and ping.exe.
This
parameter was added to Windows NT 4.0 in Service Pack 5 (see
the Microsoft Knowledge Base article Q217336). Windows 2000
disables IP source routing by default.
DisableMediaSenseEventLog
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
This parameter can be used to disable logging of DHCP Media
Sense events. By default, Media Sense events
(connection/disconnection from the network) are logged in
the event log for troubleshooting purposes.
DisableTaskOffload
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
This parameter instructs the TCP/IP stack to disable
offloading of tasks to the network card for troubleshooting
and test purposes.
DisableUserTOSSetting
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
1 (true)
Description:
This parameter can be used to allow programs to manipulate
the Type Of Service (TOS) bits in the header of outgoing IP
packets. In Windows 2000, this defaults to True. In
general, individual applications should not be allowed to
manipulate TOS bits, because this can defeat system policy
mechanisms such as those described in the "Quality of
Service (QoS) and Resource Reservation Protocol (RSVP)"
section of this paper.
DontAddDefaultGateway
Key:
Tcpip\Parameters \Interfaces\interface
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0
Description:
When you install PPTP, a default route is installed for each
LAN adapter. You can disable the default route on one of
them by adding this value and setting it to 1. After doing
so, you may need to configure static routes for hosts that
are reached using a router other than the default gateway.
EnableAddrMaskReply
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
This parameter controls whether the computer responds to an
ICMP address mask request.
EnableBcastArpReply
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
1 (true)
Description:
This parameter controls whether the computer responds to an
ARP request when the source Ethernet address in the ARP is
not unicast.
Network
Load Balancing Service (NLBS)
will not work properly if this value is set to 0.
EnableDeadGWDetect
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
1 (true)
Description:
When this parameter is set to 1, TCP is allowed to perform
dead gateway detection. With this feature enabled, TCP may
ask IP to change to a backup gateway if a number of
connections are experiencing difficulty. Backup gateways may
be defined in the Advanced section of the TCP/IP
configuration dialog in the Network Control Panel. See the
"Dead Gateway Detection" section in this paper for details.
EnableICMPRedirects
Key:
Tcpip\Parameters
Value Type:
REG_DWORD--BOOLEAN
Valid Range:
0, 1 (False, True)
Default:
1 (True) for Beta 3. Slated to change to in RC1 to 1 (True)
Recommendation: 0 (False)
Description:
This parameter controls whether Windows 2000 will alter its route table
in response to ICMP redirect messages that are sent to it by
network devices such as a routers.
EnableFastRouteLookup
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
Fast route look-up is enabled if this flag is set. This can
make route lookups faster at the expense of non-paged pool
memory. This flag is used only if the computer runs Windows
2000 Server and falls into the medium or large class (in
other words, contains at least 64 MB of memory). This
parameter is created by the Routing and Remote Access
Service.
EnableMulticastForwarding
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
The routing service uses this parameter to control whether
or not IP multicasts are forwarded. This parameter is
created by the Routing and Remote Access Service.
EnablePMTUBHDetect
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
Setting this parameter to 1 (true) causes TCP to try to
detect black hole routers while doing Path MTU
Discovery. A black hole router does not return ICMP
Destination Unreachable messages when it needs to fragment
an IP datagram with the Don't Fragment bit set. TCP depends
on receiving these messages to perform Path MTU Discovery.
With this feature enabled, TCP tries to send segments
without the Don't Fragment bit set if several
retransmissions of a segment go unacknowledged11 1. If the segment is
acknowledged as a result, the MSS is decreased and the Don't
Fragment bit is set in future packets on the connection.
Enabling black hole detection increases the maximum number
of retransmissions that are performed for a given segment.
EnablePMTUDiscovery
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
1 (true)
Description:
When this parameter is set to 1 (true) TCP attempts to
discover the Maximum Transmission Unit (MTU or largest
packet size) over the path to a remote host. By discovering
the Path MTU and limiting TCP segments to this size, TCP can
eliminate fragmentation at routers along the path that
connect networks with different MTUs. Fragmentation
adversely affects TCP throughput and network congestion.
Setting this parameter to 0 causes an MTU of 576 bytes to be
used for all connections that are not to hosts on the local
subnet.
FFPControlFlags
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
1 (true)
Description:
If this parameter is set to 1, Fast Forwarding Path (FFP) is
enabled. If it is set to 0, TCP/IP instructs all FFP-capable
adapters not to do any fast forwarding on this computer.
Fast Forwarding Path–capable network adapters can receive
routing information from the stack and forward subsequent
packets in hardware without passing them up to the stack.
FFP parameters are located in the TCP/IP registry key, but
are actually placed there by the Routing and Remote Access
Service (RRAS) service. See the RRAS documentation for more
details.
FFPFastForwardingCacheSize
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Number of bytes
Valid Range:
0–0xFFFFFFFF
Default:
100,000 bytes
Description:
This is the maximum amount of memory that a driver that
supports fast forwarding (FFP) can allocate for its
fast-forwarding cache if it uses system memory for its
cache. If the device has its own memory for fast-forwarding
cache, this value is ignored.
ForwardBufferMemory
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Number of bytes
Valid
Range:
network MTU– some reasonable value smaller than
0xFFFFFFFF
Default:
74240 (enough for fifty 1480-byte packets, rounded to a
multiple of 256)
Description:
This parameter determines how much memory IP allocates
initially to store packet data in the router packet queue.
When this buffer space is filled, the system attempts to
allocate more memory. Packet queue data buffers are 256
bytes in length, so the value of this parameter should be a
multiple of 256. Multiple buffers are
chained together for larger packets. The IP header for a
packet is stored separately. This parameter is ignored, and
no buffers are allocated if the IP routing function is not
enabled. The maximum amount of memory that can be allocated
for this function is controlled by MaxForwardBufferMemory.
GlobalMaxTcpWindowSize
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Number of bytes
Valid Range:
0–0x3FFFFFFF (1073741823 decimal; however, values greater
than 64 KB can only be achieved when connecting to other
systems that support RFC 1323 window scaling, which is
discussed in the TCP section of this document. Additionally,
window scaling must be enabled using the Tcp1323Opts
registry parameter.)
Default:
This parameter does not exist by default.
Description:
The TcpWindowSize parameter can be used to set the
receive window on a per-interface basis. This parameter can
be used to set a global limit for the TCP window size on a
system-wide basis. This parameter is new in Windows 2000.
IPAutoconfigurationAddress
Key:
Tcpip\Parameters\Interfaces\<interface>
Value Type:
REG_SZ—String
Valid
Range:
A valid IP address
Default:
None
Description:
The DHCP client stores the IP address chosen by
autoconfiguration here. This value should not be altered.
IPAutoconfigurationEnabled
Key:
Tcpip\Parameters, Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
1 (true)
Description:
This parameter enables or disables IP autoconfiguration. See
the "Automatic Client Configuration and Media Sense" section
of this paper for details. This parameter can be set
globally or per interface. If a per-interface value is
present, it overrides the global value for that interface.
IPAutoconfigurationMask
Key:
Tcpip\Parameters, Tcpip\Parameters\Interfaces\interface
Value Type:
REG_SZ—String
Valid
Range:
A valid IP subnet mask
Default:
255.255.0.0
Description:
This parameter controls the subnet mask assigned to the
client by autoconfiguration. See the "Automatic Client
Configuration and Media Sense" section of this document for
details. This parameter can be set globally or per
interface. If a per-interface value is present, it overrides
the global value for that interface.
IPAutoconfigurationSeed
Key:
Tcpip\Parameters, Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORD—Number
Valid Range:
0-0xFFFF
Default:
0
Description:
This parameter is used internally by the DHCP client and
should not be modified.
IPAutoconfigurationSubnet
Key:
Tcpip\Parameters, Tcpip\Parameters\Interfaces\interface
Value Type:
REG_SZ—String
Valid
Range:
A valid IP subnet
Default:
169.254.0.0
Description:
This parameter controls the subnet address used by
autoconfiguration to pick an IP address for the client. See
the "Automatic Client Configuration and Media Sense" section
of this document for details. This parameter can be set
globally or per interface. If a per-interface value is
present, it overrides the global value for that interface.
IGMPLevel
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Number
Valid Range:
0,1,2
Default:
2
Description:
This parameter determines to what extent the system supports
IP multicasting and participates in the Internet Group
Management Protocol. At level 0, the system provides no
multicast support. At level 1, the system can send IP
multicast packets but cannot receive them. At level 2, the
system can send IP multicast packets and fully participate
in IGMP to receive multicast packets.
IPEnableRouter
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
Setting this parameter to 1 (true) causes the system to route IP
packets between the networks to which it is connected.
IPEnableRouterBackup
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
Setup writes the previous value of IPEnableRouter to this key.
It should not be adjusted manually.
KeepAliveInterval
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—time in milliseconds
Valid Range:
1–0xFFFFFFFF
Default:
1000 (one second)
Description:
This parameter determines the interval between keep-alive
retransmissions until a response is received. Once a
response is received, the delay until the next keep-alive
transmission is again controlled by the value of
KeepAliveTime. The connection is aborted after the
number of retransmissions specified by
TcpMaxDataRetransmissions have gone unanswered.
KeepAliveTime
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—time in milliseconds
Valid Range:
1–0xFFFFFFFF
Default:
7,200,000 (two hours)
Description:
The parameter controls how often TCP attempts to verify that
an idle connection is still intact by sending a keep-alive
packet. If the remote system is still reachable and
functioning, it acknowledges the keep-alive transmission.
Keep-alive packets are not sent by default.
This feature may be enabled on a connection by an
application.
MaxForwardBufferMemory
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number of bytes
Valid
Range:
network MTU–0xFFFFFFFF
Default:
2097152 decimal (2 MB)
Description:
This parameter limits the total amount of memory that IP can
allocate to store packet data in the router packet queue.
This value must be greater than or equal to the value of the
ForwardBufferMemory parameter. See the description of
ForwardBufferMemory for more details.
MaxForwardPending
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORD—number of packets
Valid Range:
1–0xFFFFFFFF
Default:
0x1388 (5000 decimal)
Description:
This parameter limits the number of packets that the IP
forwarding engine can submit for transmission to a specific
network interface at any time. Additional packets are queued
in IP until outstanding transmissions on the interface
complete. Most network adapters transmit packets very
quickly, so the default value is sufficient. A single RAS
interface, however, may multiplex many slow serial lines.
Configuring a larger value for this type of interface may
improve its performance. The appropriate value depends on
the number of outgoing lines and their load characteristics.
MaxFreeTcbs
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid Range:
0–0xFFFFFFFF
Default:
The following default values are used (note that small
is defined as a computer with less than19 MB of RAM,
medium is 19–63 MB of RAM, and large is 64 MB or
more of RAM. Although this code still exists, nearly all
computers are large now).
For
Windows 2000 Server:
-
Small
system—500
-
Medium system—1000
-
Large
system—2000
For
Windows 2000 Professional:
-
Small
system—250
-
Medium system—500
-
Large
system—1000
Description:
This parameter controls the number of cached (pre-allocated)
Transport Control Blocks (TCBs) that are available. A
Transport Control Block is a data structure that is
maintained for each TCP connection.
MaxFreeTWTcbs
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid Range:
1-0xFFFFFFFF
Default:
1000
Description:
This parameter controls the number of Transport Control
Blocks (TCBs) in the TIME-WAIT state that are allowed on the
TIME-WAIT state list. Once this number is exceeded, the
oldest TCB will be scavenged from the list. In order to
maintain connections in the TIME-WAIT state for at least 60
seconds, this value should be >= (60 * (the rate of
graceful connection closures per second) for the computer.
The default value is adequate for most cases.
MaxHashTableSize
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number (must be a power of 2)
Valid
Range:
0x40–0x10000 (64-65536 decimal)
Default:
512
Description:
This value should be set to a power of 2 (for example, 512,
1024, 2048, and so on.) If this value is not a power of 2,
the system configures the hash table to the next power of 2
value (for example, a setting of 513 is rounded up to 1024.)
This value controls how fast the system can find a TCP
control block and should be increased if MaxFreeTcbs
is increased from the default.
MaxNormLookupMemory
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid
Range:
Any DWORD (0xFFFFFFFF means no limit on memory.)
Default:
The following default values are used (Small is defined as a
computer with less than19 MB of RAM, Medium is 19–63 MB of
RAM, and Large is 64 MB or more of RAM. Although this code
still exists, nearly all computers are Large now).
For
Windows 2000 Server:
-
Small
system—150,000 bytes, which accommodates 1000 routes
-
Medium system—1,500,000 bytes, which accommodates 10,000
routes
-
Large
system—5,000,000 bytes, which accommodates 40,000 routes
For
Windows 2000 Professional:
-
150,000 bytes, which accommodates 1000 routes
Description:
This parameter controls the maximum amount of memory that
the system allows for the route table data and the routes
themselves. It is designed to prevent memory exhaustion on
the computer caused by adding large numbers of routes.
MaxNumForwardPackets
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid Range:
1–0xFFFFFFFF
Default:
0xFFFFFFFF
Description:
This parameter limits the total number of IP packet headers
that can be allocated for the router packet queue. This
value must be greater than or equal to the value of the
NumForwardPackets parameter. See the description of
NumForwardPackets for more details.
MaxUserPort
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—maximum port number
Valid
Range:
5000–65534 (decimal)
Default:
0x1388 (5000 decimal)
Description:
This parameter controls the maximum port number used when an
application requests any available user port from the
system. Normally, short-lived ports are allocated in the
range from 1024 through 5000. Setting this parameter to a
value outside of the valid range causes the nearest valid
value to be used (5000 or 65534).
MTU
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORD—number
Valid
Range:
88–the MTU of the underlying network
Default:
0xFFFFFFFF
Description:
This parameter overrides the default Maximum Transmission Unit (MTU)
for a network interface. The MTU is the maximum packet size,
in bytes, that the transport can transmit over the
underlying network. The size includes the transport header.
An IP datagram can span multiple packets. Values larger than
the default for the underlying network cause the transport
to use the network default MTU. Values smaller than 88 cause
the transport to use an MTU
of 88.
Note
Windows 2000 TCP/IP uses PMTU detection by default and
queries the NIC driver to find out what local MTU is
supported. Altering the MTU parameter is generally not
necessary and may result in reduced performance. See the
PMTU detection discussion in the TCP section of this
document for more details.
NumForwardPackets
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid
Range:
1—some reasonable value smaller than 0xFFFFFFFF
Default:
0x32 (50 decimal)
Description:
This parameter determines the number of IP packet headers that are
allocated for the router packet queue. When all headers are
in use, the system attempts to allocate more, up to the
value configured for MaxNumForwardPackets. This value
should be at least as large as the ForwardBufferMemory
value divided by the maximum IP data size of the networks
that are connected to the router. It should be no larger
than the ForwardBufferMemory value divided by 256
because at least 256 bytes of forward buffer memory is used
for each packet. The optimal number of forward packets for a
given ForwardBufferMemory size depends on the type of
traffic that is carried on the network and is somewhere
between these two values. This parameter is ignored and no
headers are allocated if routing is not enabled.
NumTcbTablePartitions
Key:
Tcpip\Parameters\
Value Type:
REG_DWORD—number of TCB table partitions
Valid Range:
1-0xFFFF
Default:
4
Description:
This parameter controls the number of TCB table partitions. The TCB
table can be portioned to improve scalability on
multi-processor systems by reducing contention on the TCB
table. This value should not be modified without a careful
performance study. A suggested maximum value is (number of
CPUs) times 2.
PerformRouterDiscovery
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORD
Valid Range:
0, 1, 2
0 (disabled)
1 (enabled)
2 (enable only if
DHCP sends the router discover option)
Default:
2, DHCP-controlled but off by default.
Description:
This parameter controls whether Windows 2000 attempts to perform router
discovery per RFC 1256 on a per-interface basis. See also
SolicitationAddressBcast.
PerformRouterDiscoveryBackup
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
none
Description:
This parameter is used internally to keep a back-up copy of the
PerformRouterDiscovery value. It should not be modified.
PPTPTcpMaxDataRetransmissions
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number of times to retransmit a PPTP packet
Valid Range:
0–0xFF
Default:
5
Description:
This parameter controls the number of times that a PPTP packet is
retransmitted if it is not acknowledged. This parameter was
added to allow retransmission of PPTP traffic to be
configured separately from regular TCP traffic.
SackOpts
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
1 (true)
Description:
This parameter controls whether or not Selective
Acknowledgment (SACK, specified in RFC 2018) support is
enabled. SACK is described in more detail in the
"Transmission Control Protocol (TCP)" section of this paper.
SolicitationAddressBcast
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORDBoolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
This parameter can be used to configure Windows to send router
discovery messages as broadcasts instead of multicasts, as
described in RFC 1256. By default, if router discovery is
enabled, router discovery solicitations are sent to the
all-routers multicast group (224.0.0.2). See also
PerformRouterDiscovery.
SynAttackProtect
Key:
Tcpip\Parameters
Value Type:
REG_DWORD
Valid Range:
0, 1, 2
0 (no synattack protection)
1 (reduced
retransmission retries and delayed RCE (route cache entry)
creation if the
TcpMaxHalfOpen and TcpMaxHalfOpenRetried
settings are
satisfied.)
2 (in addition to 1 a
delayed indication to Winsock is made.)
Note When
the system finds itself under attack the following options
on any socket can no longer be enabled: scalable windows
(RFC 1323) and per adapter configured TCP parameters
(Initial RTT, window size). This is because when protection
is functioning the route cache entry is not queried before
the SYN-ACK is sent and the Winsock options are not
available at this stage of the connection.
Default:
0 (false)
Recommendation: 2
Description:
Synattack
protection involves reducing the amount of retransmissions
for the SYN-ACKS, which will reduce the time for which
resources have to remain allocated. The allocation of route
cache entry resources is delayed until a connection is made.
If synattackprotect = 2, then the connection indication to
AFD is delayed until the three-way handshake is completed.
Note that the actions taken by the protection mechanism only
occur if
TcpMaxHalfOpen and TcpMaxHalfOpenRetried settings are exceeded.
Tcp1323Opts
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number (flags)
Valid Range:
0, 1, 2, 3
0 (disable RFC 1323 options)
1 (window scale
enabled only)
2 (timestamps enabled
only)
3 (both options
enabled)
Default:
No value; the default behavior is as follows: do not
initiate options but if requested provide them.
Description:
This parameter controls RFC 1323 time stamps and window-scaling
options. Time stamps and window scaling are enabled by
default, but can be manipulated with flag bits. Bit 0
controls window scaling, and bit 1 controls time stamps.
TcpDelAckTicks
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORD—number
Valid Range:
0–6
Default:
2 (200 milliseconds)
Description:
Specifies the number of 100-millisecond intervals to use for the
delayed-ACK timer on a per-interface basis. By default, the
delayed-ACK timer is 200 milliseconds. Setting this value to
0 disables delayed acknowledgments, which causes the
computer to immediately ACK every packet it receives.
Microsoft does not recommend changing this value from the
default without careful study of the environment.
TcpInitialRTT
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORD—number
Valid Range:
0–0xFFFF
Default:
3 seconds
Description:
This parameter controls the initial time-out used for a TCP connection
request and initial data retransmission on a per-interface
basis. Use caution when tuning with this parameter because
exponential backoff is used. Setting this value to larger
than 3 results in much longer time-outs to nonexistent
addresses.
TcpMaxConnectResponseRetransmissions
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid Range:
0–255
Default:
2
Description:
This parameter controls the number of times that a SYN-ACK is
retransmitted in response to a connection request if the SYN
is not acknowledged. If this value is greater than or equal
to 2, the stack employs SYN-ATTACK protection internally. If
this value is less than 2, the stack does not read the
registry values at all for SYN-ATTACK protection. See also
SynAttackProtect, TCPMaxPortsExhausted,
TCPMaxHalfOpen, and TCPMaxHalfOpenRetried.
TcpMaxConnectRetransmissions
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid
Range:
0–255 (decimal)
Default:
2
Description:
This parameter determines the number of times that TCP
retransmits a connect request (SYN) before aborting the
attempt. The retransmission time-out is doubled with each
successive retransmission in a given connect attempt. The
initial time-out is controlled by the TcpInitialRtt
registry value.
TcpMaxDataRetransmissions
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid Range:
0–0xFFFFFFFF
Default:
5
Description:
This parameter controls the number of times that TCP
retransmits an individual data segment (not connection
request segments) before aborting the connection. The
retransmission time-out is doubled with each successive
retransmission on a connection. It is reset when responses
resume. The Retransmission Timeout (RTO) value is
dynamically adjusted, using the historical measured
round-trip time (Smoothed Round Trip Time, or SRTT) on each
connection. The starting RTO on a new connection is
controlled by the TcpInitialRtt registry value.
TcpMaxDupAcks
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid Range:
1–3
Default:
2
Description:
This parameter determines the number of duplicate ACKs that must be
received for the same sequence number of sent data before
fast retransmit is triggered to resend the segment that has
been dropped in transit. This mechanism is described in more
detail in the "Transmission Control Protocol (TCP)" section
of this paper.
TcpMaxHalfOpen
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid Range:
100–0xFFFF
Default:
100 (Professional, Server), 500 (Advanced Server)
Description:
This parameter controls the number of connections in the SYN-RCVD state
allowed before SYN-ATTACK protection begins to operate.
If
SynAttackProtect is set to 1, ensure that this value is
lower than the AFD listen backlog on the port you want to
protect (see backlog parameters in Appendix C, below, for
more information).
See the
SynAttackProtect parameter for more details.
TcpMaxHalfOpenRetried
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid Range:
80–0xFFFF
Default:
80 (Professional, Server), 400 (Advanced Server)
Description:
This parameter controls the number of connections in the SYN-RCVD state
for which there has been at least one retransmission of the
SYN sent, before SYN-ATTACK attack protection begins to
operate. See the SynAttackProtect parameter for more
details.
TcpMaxPortsExhausted
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid Range:
0–0xFFFF
Default:
5
Description:
This parameter controls the point at which SYN-ATTACK protection starts
to operate. SYN-ATTACK protection begins to operate when
TcpMaxPortsExhausted connect requests have been refused
by the system because the available backlog for connections
is set at 0.
TcpMaxSendFree
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid Range:
0–0xFFFF
Default:
5000
Description:
This parameter controls the size limit of the TCP header table. On
machines with large amounts of RAM increasing this setting
can improve responsiveness during synattack.
TcpNumConnections
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—number
Valid Range:
0–0xFFFFFE
Default:
0xFFFFFE
Description:
This parameter limits the maximum number of connections that TCP can
have open simultaneously.
TcpTimedWaitDelay
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—time in seconds
Valid
Range:
30-300 (decimal)
Default:
0xF0 (240 decimal)
Description:
This parameter determines the length of time that a connection stays in
the TIME_WAIT state when being closed. While a connection is
in the TIME_WAIT state, the socket pair cannot be reused.
This is also known as the 2MSL state because the value
should be twice the maximum segment lifetime on the network.
See RFC 793 for further details.
TcpUseRFC1122UrgentPointer
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
This parameter determines whether TCP uses the RFC 1122 specification
for urgent data or the mode used by BSD-derived systems. The
two mechanisms interpret the urgent pointer in the TCP
header and the length of the urgent data differently. They
are not interoperable. Windows 2000 defaults to BSD mode.
TcpWindowSize
Key:
Tcpip\Parameters, Tcpip\Parameters\Interface\interface
Value Type:
REG_DWORD—number of bytes
Valid
Range:
0–0x3FFFFFFF (1073741823 decimal). In practice the TCP/IP
stack will round the number set to the nearest multiple of
maximum segment size (MSS). Values greater than 64 KB can be
achieved only when connecting to other systems that support
RFC 1323 Window Scaling, which is discussed in the
"Transmission Control Protocoal (TCP)" section of this
document.
Default:
The smaller of the following values:
-
0xFFFF
-
GlobalMaxTcpWindowSize
(another registry parameter)
-
The
larger of four times the maximum TCP data size on the
network
-
16384
rounded up to an even multiple of the network TCP data
size
The
default can start at 17520 for Ethernet, but may shrink
slightly when the connection is established to another
computer that supports extended TCP head options, such as
SACK and TIMESTAMPS, because these options increase the TCP
header beyond the usual 20 bytes, leaving slightly less room
for data.
Description:
This parameter determines the maximum TCP receive window
size offered. The receive window specifies the number of
bytes that a sender can transmit without receiving an
acknowledgment. In general, larger receive windows improve
performance over high-delay, high-bandwidth networks. For
greatest efficiency, the receive window should be an even
multiple of the TCP Maximum Segment Size (MSS). This
parameter is both a per-interface parameter and a global
parameter, depending upon where the registry key is located.
If there is a value for a specific interface, that value
overrides the system-wide value. See also
GobalMaxTcpWindowSize.
TrFunctionalMcastAddress
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
1 (true)
Description:
This parameter determines whether IP multicasts are sent using the
Token Ring Multicast address described in RFC 1469 or using
the subnet broadcast address. The default value of 1
configures the computer to use the RFC1469 Token Ring
Multicast address for IP multicasts. Setting the value to 0
configures the computer to use the subnet broadcast address
for IP multicasts.
TypeOfInterface
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORD
Valid Range:
0, 1, 2, 3
Default:
0 (allow multicast and unicast)
Description:
This parameter determines whether the interface gets routes plumbed for
unicast, multicast, or both traffic types, and whether those
traffic types can be forwarded. If it is set to 0, both
unicast and multicast traffic are allowed. If it is set to
1, unicast traffic is disabled. If it is set to 2, multicast
traffic is disabled. If it set to 3, both unicast and
multicast traffic are disabled. Since this parameter affects
forwarding and routes, it may still be possible for a local
application to send multicasts out over an interface, if
there are no other interfaces in the computer that are
enabled for multicast, and a default route exists.
UseZeroBroadcast
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
If this parameter is set to 1 (true), IP will use 0s broadcasts
(0.0.0.0) instead of 1s broadcasts (255.255.255.255). Most
systems use 1s broadcasts, but some systems derived from BSD
implementations use 0s broadcasts. Systems that use
different broadcasts do not interoperate well on the same
network.
Parameters Configurable
from the User Interface
The
following parameters are created and modified automatically
by the NCPA as a result of user-supplied information. There
should be no need to configure them directly in the
registry.
DefaultGateway
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_MULTI_SZ—list of dotted decimal IP addresses
Valid
Range:
Any set of valid IP addresses
Default:
None
Description:
This parameter specifies the list of gateways to be used to
route packets that are not destined for a subnet that the
computer is directly connected to, and for which a more
specific route does not exist. This parameter, if it has a
valid value, overrides the DhcpDefaultGateway
parameter. There is only one active default gateway for the
computer at any time, so adding multiple addresses is only
done for redundancy. See the "Dead Gateway Detection"
section in this paper for details.
Domain
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_SZ—character string
Valid
Range:
Any valid DNS domain name
Default:
None
Description:
This parameter specifies the DNS domain name of the interface. In
Windows 2000, this and NameServer are per-interface
parameters, rather than system-wide parameters. This
parameter overrides the DhcpDomain parameter (filled
in by the DHCP client), if it exists.
EnableDhcp
Key:
Tcpip\Parameters\Interfaces\interface
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
If this parameter is set to 1 (true), the DHCP client service attempts
to use DHCP to configure the first IP interface on this
adapter.
EnableSecurityFilters
Key:
Tcpip\Parameters
Value Type:
REG_DWORD—Boolean
Valid
Range:
0, 1
(false, true)
Default:
0 (false)
Description:
If this parameter is set to 1 (true), IP security filters are enabled.
See TcpAllowedPorts, UdpAllowedPorts, and
RawIPAllowedPorts. To configure these values, on the
Start menu, point to Settings, then click
Network and Dial-up Connections, right-click Local
Area Connection, and then click Properties.
Select Internet Protocol (TCP/IP), and click
Properties, then click Advanced. Click the
Options tab, select TCP/IP filtering, and click
Properties.
Hostname
Key:
Tcpip\Parameters
Value Type:
REG |