Optimize Your Network Settings

Want to further optimize your network settings?   Use this little known settings in Windows. (Directions are for Windows Vista and Windows 7 – settings apply to Windows XP also).

  • Open the Network and Sharing Center
  • Click on Change Adapter Settings
  • Hit the Alt Key
  • Click Advanced
  • Advanced Settings
  • Under Adapters and Bindings, Move the Network you use to the top
  • Under the Provider Order, Move Microsoft Windows Network to the Top

[Scheduled Post]

Use MAC Filtering and hide your SSID on your wireless for security- but not against a wardriver

MAC address filtering is found in your router’s settings and can be effective against the standard user that knows your password to your wireless router.    A great example of this is your children’s friends.    They may learn the password but you can put in your MAC addresses of all of the devices on your home network and prevent them from connecting if their MAC address is not in your router.

The weakness in this is that although you may do this, anyone listening to your network traffic (Wireshark and other scanning software) will see the broadcast of these devices, thus seeing your MAC address, and can then spoof one of your MAC addresses.   After that, game on.

So everyone thinks hiding their SSID (the name of your wireless) is great.  It is for most home users.   It prevents neighbors from seeing your network or if someone is doing a quick drive by.  However, anyone who has NetSurveyor, inSSIDer, Xirrus, other software or an RF analyzer (less than $75- also see our other articles on wireless) can see the network and quickly identify the SSID.   (See Microsoft’s Technet Article)

These two options are ways to hide or prevent the AVERAGE user from connecting to or detecting your network.  Strong passwords and strong encryption are your best choice.

Tweak your wireless router

Steve Mallard, IT Manager
Many people who set up their wireless routers never optimize the channel to keep from ‘bumping’ into their neighbors.  Regardless if you are a Apple, Linux or Windows user, you should select a channel as far away from your neighbors devices as you can.   Use WiFi Analyzer for Android, (Apple), or InSSIDer for a PC to see what channels are being used around your home or business.

The second tip is involves fragmentation..   We don’t have one or two internet devices anymore, we have four or more.   Computers, laptops, netbooks, e-readers such as Kindles or Nooks, iPods, iPhones, Android tablets, iPads, Android, Windows Phones, Blurays, TVs and more.    So how can this be optimized?  These devices send packets of data in frames.   Imagine you talking.   Each word is a packet and the packets together are a sentence.   In a wireless environment, each device has to wait for the other to complete their sentence before it can talk.

Computer talking to router – ” I am going to WordPress to read a blog!”

Tablet waits on router and says – “I want to go to YouTube!”

Your router listens to the computer while the tablet is waiting.   The router processes the computer’s request and then listens to the tablet.   So how can it be optimized?

The default fragmentation for routers is 2346.  Many professionals recommend to set this at 800 or 1000 if there are many devices on your network.   So your router should work like this -

Computer and Tablet say – “I am going to – I want to go to – WordPress to read – YouTube! – a blog!”

See how each device gets a small piece of what it wants to say in to the router?  The router can process the information a little at a time keeping each devices wait time down.   This in  turn works with the RTS Threshold.

The RTS Threshold is  is used as a trigger to engage the back and forth of RTS (Ready to Send – “I have something to say”) and CTS (Clear to Send – “I am listening”) messages between the wireless router  and  your device. The triggers purpose is a type of “handshaking”.   The default value for RTS is 2347.   Try 2340 and lower as necessary. 

The preamble should be set to short.   Long is for 802.11b  devices (old legacy laptops or devices).  Auto is just in case you have someone with old computers that are coming into your home.   Auto works for old and new.   Generally older devices today have 802.11g.   802.11g and 802.11n work with long.   So if you don’t anticipate someone visiting with older devices, move the preamble to short.

DTIM is a traffic indicator.  It basically says – “Yo, I got something for you” during the beacon.  Setting this 1 point higher can actually save power when devices are listening.   So the device will awaken only when DTIM tells it to.

These settings are for people who have several devices on their network and are true consumers of the internet.   They are by no means the settings for everyone.   You may have to play with the settings to get optimal throughput.  Remember, test your bandwidth with two devices side by side and simultaneously.   Have each device strain your network by testing their throughput by going to an ISP site that test download speeds or stream a video at the same time.  You’ll see a difference.   The default values very well may be what you need if you don’t have many users and devices.   Give it a try.  You can always go back to your routers default values.

Please share on your Facebook or Tweet this link!

Monitor your network adapter

AdapterWatch is a good program to monitor your network adapter.   This software program shows detailed statistics with dozens of features.   Visit NirSoft for more information.

This slideshow requires JavaScript.

Free Visual Trace Route

A free visual trace route is available at YouGetSignal. Most people don’t realize that the internet uses OSPF (Open Shortest Path First) meaning that a trace from my ISP (Use the Proxy test)  travels all over the U.S. just to get to middle Tennessee.  Greater than 7000 miles traveled.  (The actual distance 53 miles) That’s 3.3 million mph…. ~D. Babian

Open Computers and Software Inventory

Need a way to inventory your network?  OCS inventories your network and not only finds the OS, IP Address and applications but the hardware information.

Weighing in at a hefty 101mb (zipped) download Open Computers and Software Inventory has been downloaded 1.9 million times.

Link Sourceforge

OCS Inventory NG website

Improve Vista and Windows 7 networking

A lot of discussion is always heard when ‘we’ talking about our tweaks for networking.

We have found with several networks and not just our own that disabling LLMNR (Link-Local Multicast Name Resolution)  improves network speed.

Information on LLMNR -

Link-local Multicast Name Resolution (LLMNR) is a new protocol that provides an additional method to resolve the names of neighboring computers. LLMNR is especially useful for networks that do not have a Domain Name System (DNS) server. LLMNR uses a simple exchange of request and reply messages to resolve computer names to Internet Protocol version 6 (IPv6) or IP version 4 (IPv4) addresses…more

If you use LLMNR and have a local DNS server and have network discovery on, LLMNR can work.  If you want to check to see, A LLMNR data pack is sent via a dynamic UDP port. The destination port is UDP 5355.  Therefore you can see or should see these packets if you monitor your network with Wireshark, Packetyzer , Microsoft’s Monitor or other analyzers.

Many users are reporting resolution problems and LLMNR can be disabled.  Performance increases are seen in many networks especially with SQL servers.

However, you can disable LLMNR if you are having name resolution problems with computers by -

Modify Group Policy – Go to Search – Type GPEdit.msc – Enter – Navigate to the following and make sure Enabled is checked -

Computer Configuration\Administrative Templates\Network\DNS Client
\Turn off Multicast Name Resolution = Enabled


To further optimize your network and speeds, you can also experiment with trying these settings at an elevated prompt -

netsh int tcp set heuristics disabled
netsh int tcp set heuristics disabled
netsh int tcp set global rss=enabled
netsh int tcp set global chimney=enabled
netsh int tcp set global autotuninglevel=normal
(netsh interface tcp set global autotuninglevel=highlyrestricted ) This will set the autotuninglevel to “Allow the receive window to grow beyond its default value, but do so very conservatively” and my be a better option than the ‘normal setting.

netsh int tcp set global congestionprovider=ctcp
netsh int tcp set global ecncapability=disabled
netsh int tcp set global timestamps=disabled

To return to your default settings, go to a command prompt as an administrator and type -

netsh int tcp set heuristics default
netsh int tcp set global rss=default
netsh int tcp set global chimney=default
netsh int tcp set global autotuninglevel=normal
netsh int tcp set global congestionprovider=default
netsh int tcp set global ecncapability=default
netsh int tcp set global timestamps=default

So what is heuristics?  Windows Vista/7 has the ability to automatically change its own TCP Window auto-tuning behavior.

What is RSS?  The receive-side scaling setting enables parallelized processing of received packets on multiple processor.

What is Chimney?  TCP chimney offloading enables Microsoft Windows Vista or Windows 7 to offload all TCP processing for a connection to a network adapter.

What is autotuning?  Uses a fixed value for the tcp receive window. Limits it to 64KB (limited at 65535)


Don’t forget that tweaking your MTU settings can make a difference.

(The MTU (Maximum Transmission Unit) is the size of the largest datagram that can be sent over a network. If a datagram is larger than an MTU, the datagram must be fragmented into multiple smaller datagrams.)

So what do you set your MTU to?  Normally your MTU is set to 1500.   Every connection is different.  First log into your router if you have one and set it to 1492.  Retry the sites that are timing out.  If this did not work, you may need to set the MTU on your network card (in the operating system)

How to set the MTU in Vista and Windows 7 -

netsh interface ipv4 show subinterface

(to see the name of your network Interface – it is important to write down the MTU settings and network interface name at this time)

To set the MTU value to 1492, type the following command at a a command prompt (Note: You MUST substitute the name of your network connection  -

netsh interface ipv4 set subinterface “The Name of Your Connection” mtu=1492 store=persistent

Many users have reported an increase in download and internet speeds after adjusting their MTU to 1492.

So what are some sizes for MTU?

 Ethernet                   1500
 IEEE 802.3/802.2           1492
 PPPoE (WAN Miniport)       1480

This setting  may not be the optimal setting everyone.


Link Aggregation

There is truly an advantage to adding multiple NIC cards to a computer.   It won’t speed up a single internet connection but it can help with loss of signal, detecting access points, transferring information to and  from computers.

When adding a second NIC card to a computer, you can highlight both by holding down the CTRL key and clicking on them and then right clicking to bridge the connections so they act as one…this can allow you to bridge a wireless network to a wired network or to aggregate more than one wired card.


Of course making sure that bitorrents, and other network bandwidth hogs are not on your network will greatly increase the speed. Another tip to remember is that a quality network card also makes a huge difference.

Disabling LLMNR (Below)

Professional or Enterprise (Gpedit.msc)

Home Edition

Create a registry key as follows -

A few more tips….(Best tip – Step 6!)

Do you have a computer that responds slow on the network or hesitates?  Follow these steps and you will see a significant difference. (Because we have not shown how to disable advanced settings in your network card, simply go to your device manager and double click on your network card – disable TCP offload and any advanced settings such as proxy and other settings that may make the card hesitate)

  1. Remove any add-ins on your Browsers that you don’t need
  2. Remove Toolbars
  3. Adjust your MTU Settings
  4. Adjust your Network Speed
  5. Disable LLMNR
  6. Disable all advanced settings on your card
Advanced settings example

Capture Data on Your Network

Often as a systems administrator we will analyze packets of data that travel through our network.  Packetyzer allows you to follow the TCP flow, Edit packets, filter sources, watch ports and more.

Packetyzer is a network protocol analyzer for Windows, also know as a packet sniffer. It is based on the Ethereal project, but provides a native Windows GUI. Packetyzer can capture from virtually any network adapter and supports many advanced features. (You will also download the latest version of WinPCap)

World’s Smallest USB Wireless-N Adapter

Although laptops and netbooks have wireless built onboard, you may need an additional Wireless Adapter for a desktop or for the aforesaid two types of computers.   Mvix makes the world’s smallest wireless N adapter.  At only 18mm (.7 inches)after insertion, this powerful little adapter ads functionality to any computer.

Building a Network in an Enterprise

This small tutorial will be an on going project.

The internet to your location is provided by your ISP.  Generally a router is supplied but a ‘heavier’ router may be required by your organization (i.e. Cisco)

Several static ip addresses should be supplied to your organization for remote logins or for webservers.

A load balancer can be used to have dual ISP lines for redundancy and increased bandwidth.

Load balancers will have more than one IP address (load balancers are NOT used at all locations)

A firewall (hardware) should be put into place.

Firewalls will have more than one IP address.  Generally a firewall will have a public and a private IP address.

Managed Switches should be put into place to monitor and control computers. (Cisco)  Manage switches allow ports to be turned on or off and network traffic and utilization to be montiored.

A Small Tutorial on Networking

The server room is environmentally controlled and should be secured both physically and logically.

DHCP Servers give out IP addresses to your network.  Generally through a process of Network Address Translation and private networking, DHCP Servers give out IPs in the 10.x.x.x or 172.16.x.x or 192.168.x.x range.   Each of these IP address ranges can give out 16 million, 65,000 or 254 ip addresses(in the order found above).

The DHCP server should have a static IP address and hand out a group of IP addresses beginning several numbers ‘up’ the ip addresses.  Example:   If your network has several switches, servers, critical comptuers, wireless access points or printers that need an IP address, the DHCP server on a 172.16 network should begin handing out numbers (presuming you have a network that requires 50 static ip addresses) around –   Workstations booting up will begin receiving the ip address of 0.100 and continue through 31.254.

The DHCP Server should also give out as the gateway (called your router in DHCP, this item will be your firewall), the DNS numbers supplied to you by your ISP and the WINS server address.

WINS Servers help to hold down network traffic and relate NetBIOS names to IP addresses.  When your computer boots up, the wins server address is given to your computer.  Thus your computer will not broadcast across the network.  A network with many computers would be ‘busy’ broadcasting and affecting network throughput and bandwidth.

Active Directory Servers help to manage policies on a network.  Client computers logging into Active Directory are controlled by Active Directory Servers.

File Servers are Windows Server 2003 or Windows Server 2008.  Folders and Resources are shared for end-users on these servers.

SQL (database) Servers are Windows Server 2003 or Windows Server 2008 and require the installation of SQL.  Generally Microsoft’s SQL 2005 or 2008 is installed as a package.  Databases are developed and front end software is installed on each client computer to access the database.

Although there are Exchange Servers, Web Servers (IIS or Apache), these are used for public access to a website (and should have dedicated IP addresses from your ISP)  or for sending email and generally connect directly to the firewall’s DMZ.

Generally network cable (CAT 5 or CAT 6) interconnect each server via the switch.  The switch in turn has a cable going to the firewall.  The firewall is then connects to the load balancer.  The load balancer is then connected to two or more ISP routers.

A long stretch of cable (backbone) will run from the switch to another switch in a room where computers are connected.  Workstations are then wired into this switch using CAT 5 or CAT 6 cabling.  As they boot up, the grab IP information from the DHCP server, are generally required to login to the Active Directory Server (Domain) and then can use network resources.

Connecting to the LAN (Local Area Network) can be backbones from the server room to Wireless Access Points (WAPS).   These devices allow wireless devices on a network to use the network and internet.

While this is a very simple breakdown, there are hundreds of other devices and roles that computers take on in the workplace.

Test Your Network Security with Umit

I recently wrote a small business article on network security and a good way to test workstations, servers and firewalls.  Using Nmap and Umit,  these tools allow you to ‘see’ what your weaknesses are and how you can overcome these weaknesses….more


I will add more to this blog on security in the next several months.

Networking TCP/IP for Absolute Beginners

Recently I wrote several articles on TCP/IP.  It amazes me that most people try to make it difficult and break out with some form of mathmatical calculations and talk bytes and bits with personnel who are green to IT / IS.  I tried to make these tutorials simple for the beginner.  Later in someone’s career you can break out the crazy math behind TCP/IP.   Check it out.