Hi All

A new laptop has arrived in MD towers, and it is driving me insane! It was a competition prize, and is a fairly low-spec Packard Bell (TE69KB) running Windows 8.1, to which I have applied all updates. It connects fine to my Wi-Fi router (Eircom branded Zyxel P-660HW), but after a while stops connecting and returns timeouts. Delving into the router reveals that the client has exceeded the number of sessions allowed. The only way to resolve is to reboot the router - rebooting the laptop does not clear the problem.

Googling has suggested several options. The first was to increase the max number of sessions per user to 4096. Predictably, this just delayed the inevitable. The second was to update the firmware on the router. This was done, but had no effect on the problem. Malware and/or a virus was suggested, but a scan with Norton (it came with the machine) and Malwarebytes revealed nothing.

Last night the machine was logged off, but left running on the lock screen. As it happened I had left the router monitor on the main (ethernet) PC open, and this showed that the laptop was still attaching as a client to the route about every two seconds, and staying connected for about 30 seconds before disconnecting. This behaviour puzzled me.

This morning I have been digging round in Resource Monitor, and there were a number of entries in the TCP box with no name, just a dash. I reset the route firewall to medium (it had been low, as I run Planeplotter as a Master User and need port forwarding), and these disappeared. I have not let it run to see if this resolves it, but would appreciate any input from the assembled gurus here.

Thanks in advance.

Regards

MD

Turn off the firewall on the router.

You don't really need it anyway behind a NAT.

Get rid of UPnP unless you need it.

I would though want to know what was creating so many connections. Sysinternals (now microsoft owned who seem to have managed not to spoil it) tcpview is nice. If no process is listed for the offensive traffic you might be able to get a clue from the target address.

No installation necessary, download and run :-)

Sometimes a sloppy programmer will not bother to close the connections. The router handle this with a timeout. You may be able to reduce the timeout.

Turn off the firewall on the router.
Not really helpful, as the OP explicitly stated that he requires port forwarding for a couple of applications.

Sd

About 2 generations of router back, I set timeout to zero. The thing didn't know how to do that, so never did time out...
There again, that prolly doesn't work now

Turn off the firewall on the router.

Not really helpful, as the OP explicitly stated that he requires port forwarding for a couple of applications.

I thought it was quite a helpful idea.

In the case of Cisco routers, with which I am most familiar having build thousands of configuration files for them, the NAT and firewall functions are completely independent. On cisco you can do NAT (port forwarding) 'til the cows come home without even having firewall capable software installed.

Further perusal of the manual[1] for this router though suggests that my idea of turning off the firewall will not help. I think I have found the Sessions per user parameter and it is part of the NAT setup. "Max NAT/Firewall Session Per User".

I has not previously looked there since I was looking for firewall stuff.

Turning off the firewall is apparently entirely possible in this router while still having NAT but it is pointless in this particular case.

The manual[1] by the way seems very decent for this type of device (350 pages - with words and pictures:).

You could increase the sessions per user further in the hope that the timeout (for there surely is one) will kill them off before the device fills itself up. Just turn this up a lot. I have never configured such a limit and it seems unnecessary to me. If you turned off the firewall (that old chestnut again;-) it might well take the router longer to run out of memory since the storage required for each session will very likely be smaller.

The big question of course is, why is the PC generating so many sessions? I am not running any internet servers, only web browsing at present, and I see 50 - 100 TCP sessions on Resource Monitor. The firewall of course has to manage UDP 'sessions' too. These can only ever be released by a timeout since they don't really exist as such. A firewall (and a NATter too) has though to 'imagine' virtual UDP sessions if it is to do it's job.

I wonder if the PC is running any bit torrent software?

If it was my PC I would be very keen to identify the process(es) that was creating these sessions to eliminate the possibility of malicious code of some sort.

[1] http://www.zyxel.co.uk/upload/doc/P660HW%20User%20Guide.pdf

Thanks for the replies so far. In general answers: I have already increased the sessions allowed per user to the maximum allowed (as stated in the OP). Looking at the resource monitor, the actual TCP sessions appears to be running between 50 and 100. This implies (to me) that it is creating but not releasing connections - and I cannot find anywhere to look and see if that is the case.

Thanks for the link to the user guide. Howver, it is running an amended firmware supplied by the ISP (Eircom), which means that the pictures do not necessarily match what I see on the screen - although many of the tables match what the router help gives. I will see if their are similarities however.

The machine is brand new, and I do not use any kind of torrent software. These symptons occured from first connection. It may be some of the bloatware, but I haven't been able to identify anything which is using netwrok resources to that degree.

Any more comments gratefully welcomed!

Regards

MD

I think I have resolved this by chance! A warning came up saying the trial to Norton Live Backup had expired. As we do not use this, I have uninstalled it. Lo and behold, the machine is not now continually trying to make connections when there is otherwise no activity on the machine. Quite why Norton would be doing this, or indeed why it was not showing network activity in performance manager, I am not sure, but hopefully the problem has ow gone away!

Another reason not to use Norton I guess.

MD