I noticed in connection doctor that it says "Router type: Port Restricted This computer's network setup includes one or more devices that are not fully compatible with audio and video chatting." I'm wondering if this could be the reason for, at times, poor video chat. I have an Cisco E1000 router, Att-Uverse ISP, using MBP with Lion. Please help.
Mac OS X (10.7)
Hi,
"Port Restricted" is not a block to good video chats.
I know as I have used a Netgear DG834G which said that and currently a Sagem Fast2504 which also creates that Message.
Basically there are different ways that NAT can be done.
See this Wikipedia article http://en.wikipedia.org/wiki/Network_address_translation#Methods_of_Port_transla tion
Ideally iChat would "prefer" the method to be Full Cone.
However many other methods work.
Basically if the ports iChat uses are open nad possibly some over zealous "Security" features are turned off then it will work.
If you want to iChat Screen Share then you do have to have a device that can do UPnP and have this enabled.
Cisco own Linksys and the PortForward.com site says this Cisco device is listed as a Linksys E1000
This page is sort of Info and Instructions.
You need the access Instructions.
The Pics are useful as you then need the Administration Tab (NOT Applications and Gaming) and then Enable UPnP (As it is Off by default)
In the Security tab you need to disable any Firewall that is Listed (Not all Do) as this contains both DoS and SPI filters which get in iChat's way.
Also in this page you need to disable the Block in Pings from the Internet (Anonymous requests on the WAN port) as iChat sends Pings to confirm where you sent the Visible Invite is where the acceptance is coming from.
After that it is about Internet speed.
iChat can manage with about 256kbps Upload (and download) for a 1-1 Video chat.
For a 3 or 4 way Video chat it needs about 500kbps (in the "Real World") in both directions.
If one end is much faster than the other then you can also have issues.
If you ISP offers you a very fast service then any variance in that speed can effect iChat (A 5% variance on a 10Mbps service can be as high as 500kbps in round-ish terms).
You can try the Bandwidth Limit in iChat (iChat menu > Preference > Video Section)
Set this to 500kbps at both ends.
You are much more likely to "Match" with your Buddy this way and drop below any point where variances can effect things.
(With some ISPs you can also drop below there Fair Use Policy threshold which may cap you at certain times of day - at one point Comcast would "limit" the speeds on people they though were File Sharing. Video Chats are peer-to-peer and they can't tell (or will not find out) the difference and would get limited as well. With better speeds all round this is less of an issue).
8:12 PM Saturday; April 7, 2012
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images." No, Seriously
Well I do appreciate the help, excuse my ignorance however; disabling all of the things you've said will that put my network or computer at greater risk for anything?
Hi,
It does increase the risk slightly.
If you open Network Utility in Applications/Utilities you fill find it has a PING function.
This provides a very basic check that there is something at the IP address you Ping.
Mostly you use it on your LAN.
You can use it on Public IP addresses. (http://www.whatsmyip.org/ )
This site will tell you your Public IP (The IP your router or modem gets from the ISP.)
If you don't let your computer respond or you don't let the Modem respond then people that are checking for possibe access cannot tell you are there.
However this is not the only way to check if someone or something is at a particular IP, although it can be some guess work to tell if an IP is active.
As I said earlier iChat (And Messages beta) use a Ping to confirm that were the reply to your Visible Invite (the bit that pops up on your Buddies Screen) is coming from the IP address you are expecting.
The Invites go out and are responded to (Accepted) on port 5678 using the UDP Protocol.
iChat then sends a behind the scenes invite as part of the connection Process that uses SIP (Session Initiation Protocol) on port 16402. It is this connection Process that uses Pings to check that the place the 5678 Invite went to is the same place the SIP is responding from.
DoS
Means Denial Of Service and is about stopping attacks of this nature.
This goes back to the days when lots of people (commonly called "hackers" (mistakenly) ) got together and organised all using their browser to go to the same web page.
Once there they would hit Refresh repeatedly.
This would cause a lot of traffic to the web server involved. At some point the server would be overwhelmed and crash.
DoS prevents this by cutting one port - in this case 16402 - when it feels the data stream is "too much, too quickly"
Typically the setting, which you cannot change, is a predetermined threshold of about the same a video streaming site. (Around the 1.5Gbps mark in round terms)
Typically iChat can have better resolution to a Video stream and with modern connection speeds be sending it fast than that.
Although there are people out though trying random IPs to attack most are aimed at well know sites.
I have been using iChat since 2004 and have not suffered from an attack.
SPI
Stands for "Stateful Packet Inspection"
Here the processor in the Modem tries to vet each incoming packet and tell if it is legitimate.
There comes a point when it can't keep up and then it too cuts the one port that is involved.
This effectively means it is threshold based as well.
The last two (DoS and SPI) may be circumvented, to some extent, if you Limit the Bandwidth iChat uses in iChat Menu > Preferences > Video section > Bandwidth Limit (to 500kbps).
I have used a Linksys router in the past which had a firewall that had DoS and SPI in which I used to turn Off.
I have used a Netgear DG834G which had DOS filter which I used to turn Off.
Currently I use a Sagem Fast2504 with DOS being turned Off.
My son's X Box 360, his MacBook Pro, his windows tower, my G4 tower, My Macboko Pro, my wife's PC tower and her laptop not to mention this iMac do not seem to have a problem with this.
7:11 PM Sunday; April 8, 2012
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images." No, Seriously
Ichat Port Restricted = Poor Ichat video
