Figure: Winsock 2 Architecture (Source: Microsoft)
Introduction
Microsoft Windows Winsock provides network socket facility for Applications via Service Provider Interface (SPI) and is extensible via Layered Service Provider (LSP). A LSP is a Dynamic Link Library (DLL) that uses Winsock Application Programming Interfaces (APIs) to insert itself into the TCP/IP stack from where it can intercept and modify all the TCP/IP inbound/outbound internet traffic taking place between Internet and the Application accessing internet. In simple words, LSP typically handles low-level Internet-related tasks, and data is passed through a chain of these programs on its way to and from the Internet.
Winsock LSPs are available for a wide range of useful purposes, e.g. internet access control, web content filtering, traffic analysis etc. The Winsock API prvoides a mecahnism for layering providers to implement only higher level custom communication functions. The layering order of all providers is kept in the Winsock Catalog.
About LSP Corruption
One of the major issue with LSPs is that if they are removed or unregistered improperly or if the LSP is malformed (buggy), it could result in corruption of the Winsock catalog in the registry, the entire TCP/IP stack would break, potentially resulting in a loss of all network connectivity. Lot of Spyware, Adware & Malware may insert themselves as an LSP in the network stack to spy on the habits and data of the user and may forward all of the user's internet traffic to an unauthorized external site for data mining purpose. The problem can also be caused by any improperly written Layered Service Provider software, or the deletion of any LSP program's files. If you uninstall/delete these malformed programs (spyware, adware), it may happen that you won't be able to access Internet. This is due to the broken LSP chain.
LSP Corruption FIX
If you are running Windows XP (Service Pack 2), there are two new Netsh commands available (although Winsock self heals in XP SP2).
1. netsh winsock show catalog
This command displays the list of all Winsock LSPs that are installed on the computer. You can go through the list to find malformed LSPs.
2. netsh winsock reset catalog
This command resets the Winsock catalog to the default configuration. This can be useful if a malformed LSP is installed that results in loss of network connectivity. While use of this command can restore network connectivity, it should be used with care because any previously installed LSPs will need to be re-installed.
If you are runing Windows XP (Without Service Pack 2), you would need to manually repair winsock by deleting the corrupted registry keys and then reinstall/reset the TCP/IP protocol.
Step 1: Delete the corrupted registry keys
Warning: Backup your registry before you edit it. For more information about how to back up the registry, click here
1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. In Registry Editor, locate the following keys, right-click each key, and then click Delete:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
4. When you are prompted to confirm the deletion, click Yes.
5. Restart the computer after you delete the Winsock keys. Doing so causes the Windows XP operating system to create new shell entries for those two keys.
Note: If you do not restart the computer after you delete the Winsock keys, the next step does not work correctly.
Step 2: Reset TCP/IP Protocol Stack
1. Run the following Netsh Command
netsh int ip reset c:\resetlog.txt
2. Restart your computer.
When you run the reset command, it rewrites following pertinent registry keys that are used by the Internet Protocol (TCP/IP) stack to reach the same result as the removal and the reinstallation of the protocol.
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
SYSTEM\CurrentControlSet\Services\DHCP\Parameters\
Other Operating Systems
If your Operating System is Windows 98, 98SE or ME, You can download the following program to fix Winsock LSP.
Winsockfix
LSP-Fix
XPTCPREP
Introduction
Microsoft Windows Winsock provides network socket facility for Applications via Service Provider Interface (SPI) and is extensible via Layered Service Provider (LSP). A LSP is a Dynamic Link Library (DLL) that uses Winsock Application Programming Interfaces (APIs) to insert itself into the TCP/IP stack from where it can intercept and modify all the TCP/IP inbound/outbound internet traffic taking place between Internet and the Application accessing internet. In simple words, LSP typically handles low-level Internet-related tasks, and data is passed through a chain of these programs on its way to and from the Internet.
Winsock LSPs are available for a wide range of useful purposes, e.g. internet access control, web content filtering, traffic analysis etc. The Winsock API prvoides a mecahnism for layering providers to implement only higher level custom communication functions. The layering order of all providers is kept in the Winsock Catalog.
About LSP Corruption
One of the major issue with LSPs is that if they are removed or unregistered improperly or if the LSP is malformed (buggy), it could result in corruption of the Winsock catalog in the registry, the entire TCP/IP stack would break, potentially resulting in a loss of all network connectivity. Lot of Spyware, Adware & Malware may insert themselves as an LSP in the network stack to spy on the habits and data of the user and may forward all of the user's internet traffic to an unauthorized external site for data mining purpose. The problem can also be caused by any improperly written Layered Service Provider software, or the deletion of any LSP program's files. If you uninstall/delete these malformed programs (spyware, adware), it may happen that you won't be able to access Internet. This is due to the broken LSP chain.
LSP Corruption FIX
If you are running Windows XP (Service Pack 2), there are two new Netsh commands available (although Winsock self heals in XP SP2).
1. netsh winsock show catalog
This command displays the list of all Winsock LSPs that are installed on the computer. You can go through the list to find malformed LSPs.
2. netsh winsock reset catalog
This command resets the Winsock catalog to the default configuration. This can be useful if a malformed LSP is installed that results in loss of network connectivity. While use of this command can restore network connectivity, it should be used with care because any previously installed LSPs will need to be re-installed.
If you are runing Windows XP (Without Service Pack 2), you would need to manually repair winsock by deleting the corrupted registry keys and then reinstall/reset the TCP/IP protocol.
Step 1: Delete the corrupted registry keys
Warning: Backup your registry before you edit it. For more information about how to back up the registry, click here
1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. In Registry Editor, locate the following keys, right-click each key, and then click Delete:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
4. When you are prompted to confirm the deletion, click Yes.
5. Restart the computer after you delete the Winsock keys. Doing so causes the Windows XP operating system to create new shell entries for those two keys.
Note: If you do not restart the computer after you delete the Winsock keys, the next step does not work correctly.
Step 2: Reset TCP/IP Protocol Stack
1. Run the following Netsh Command
netsh int ip reset c:\resetlog.txt
2. Restart your computer.
When you run the reset command, it rewrites following pertinent registry keys that are used by the Internet Protocol (TCP/IP) stack to reach the same result as the removal and the reinstallation of the protocol.
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
SYSTEM\CurrentControlSet\Services\DHCP\Parameters\
Other Operating Systems
If your Operating System is Windows 98, 98SE or ME, You can download the following program to fix Winsock LSP.
Winsockfix
LSP-Fix
XPTCPREP
