Disable Gateway Smart Packet Detection

Do you have Comcast business cable internet? Do you occasionally have crazy random problems connecting to remote machines/websites and/or do you notices an very unusual number of TCP retransmits when looking at packet traces that go through your Comcast provided SMC Networks cable modem? You are not alone! And there is one checkbox to fix all of this!

Head in to your modem admin page, go to Firewall Settings and check the box next to "Disable Gateway Smart Packet Detection" and all of your problems will be solved. (No guarantees, but seriously, it should work)

How did I find this out? I was getting a lot of things delivered via UPS this week and was unable to get to their website after a few successful attempts. Things still worked through a proxy server at work, so I thought it must be them blocking my IP address due to the number of requests I made (possibly violating some AUP with them) and tcp dump showed my packets going to their webserver (on Akamai) but nothing coming back after my SYN packets went out. After 15 minutes on the phone with Comcast support, they escalated me to second level support which meant a callback in 2 days. The second level guy confirmed my ISP and told me to change this setting because they'd had a lot of problems with Comcast customers and, working with Comcast, they came up with this solution.

Um ok. Whats going on here? The best part about this is that nobody really knows! Searching around the internet about "Gateway Smart Packet Detection" doesn't lead to any documentation or any "good" answers, just lots of people having problems and this checkbox fixing all of them. I've gathered that it is some kind of Anti-DOS feature for blocking multiple attempts at something, but chances are you are better off just turning it off. Hope this helps someone as the problems that checking this box have solved for me have been frustrating me for months!

Thanks for letting us know.

Thanks for letting us know.

Comfirmed. Thanks! I was

Comfirmed. Thanks! I was having a ton of trouble as well, disabled that and the problems disappeared.

The Comcast Smart Packet

The Comcast Smart Packet Detection protocol has caused me more then a few nightmares! I work at a Help Desk Technician at a smaller car insurance company, and about twice a month I take calls from users who cannot get to our website, or get logged out of our site, 9 times out of 10 they are comcast small biz users, and I have to call Comcast and have them disable this "security feature" for our insurance agents.

Its ridiculous comcast continues to lease routers with a bugged protocol like this.

Yes this can be a issue.. I

Yes this can be a issue..

I found its easy to take care of if you simply log into the Comcast supplied Gateway modem and go to the URL and login with the username and password. 'cusadmin' and 'highspeed', respectively. Then, under the firewall tab just disable it and hit apply.

Haven't had a issue since then thankfully.

Wow - bad that comcast is

Wow - bad that comcast is still pushing out this firmware setting, but I love being a small business customer. Quick call, short phone tree, english speaking rep who corrected the issue in less than 90 seconds - total with my explanation!

Thank you very much for

Thank you very much for posting this article. We work with a large number of customers that are serviced by Comcast, and this will be extremely useful to have for troubleshooting steps when there is a web access issue.

We have had problems when

We have had problems when using phone lines via SIP trunking. Call quality would start out great, then degrade terribly. I spoke with a L1 technician who knew of no packet shaping, packet compression or any other settings that would be on the modem or on their side, switching. We escalated and the L2 tech (who spoke with a slight unidentifiable accent, but not bad) who immediately knew what the issue was and corrected it. Our modem was in bridge mode, so I wouldn't have been able to check it.

Thanks from here too. It

Thanks from here too.

It could be some kind of brain dead syn-flood protection.

It could also be trying to do P2P resets. Now that Comcast splits their net in to "queues" and routes you through a congested P2P network block if you're above 70% usage for x minutes when P2P is detected, it might be backfiring.

It could also just be an overloaded Gateway. I haven't had issues with it turned on but then I trust my Linux Firewall so I don't use the Gateway as a firewall or router.

Yeah, months of bizarre

Yeah, months of bizarre problems with our Comcast Business Internet might be fixed now. THANKS!!!

We were experiencing several types of problem, but the one I was personally experiencing the most involved downloads of large files from places with high bandwidth (e.g. Apple Software Update, Microsoft Update, updates of Firefox & Adobe software, etc. etc.) First, there would be a huge burst of data downloaded quickly -- on the order of several megabytes -- and then the updater would hang. Depending on the client, the progress bar would stop and no further data would be downloaded, or the updater would state there was a problem downloading the update. Other users experienced problems uploading files to websites over HTTP or hangs downloading other types of files.

Of course Comcast Level 1 support didn't see any problems, and basic tests (e.g. speedtest.net, traceroute, pathping) didn't show any problems.

After a handful of tests, it looks like checking THIS ONE STUPID CHECKBOX resolved those hugely annoying intermittent problems. Still going to do some more tests to verify, but it makes sense that the cable modem firmware is misinterpreting valid traffic as a SYN flood or other DoS attack.

Cable modem in question is an SMC Networks SMCD3G-CCR, hardware rev 1.01, firmware version We have Comcast's DOCSIS 3 (50 Mbit down/10 Mbit up) service.

Who do we have to contact at Comcast to get them to DISABLE this feature BY DEFAULT?

Again, THANKS for publishing this info.

Thanks, this helped me out

Thanks, this helped me out immensely. Cheers.

Well, more than 3 years after

Well, more than 3 years after the first posting here, the problem still exists and the cure appears to be the same as I found out yesterday from Comcast. No one has a clue as to why this unchecking works, but it does, at least for me. It would be nice if more people at the big C knew about it.

Fixed it for me too

Fixed it for me too

Believe it or not, this

Believe it or not, this problem still plagues Comcast customers! I spent a few hours on the phone with NOCs and web admins yesterday trying to troublshoot after Comcast passed the buck. Traceroutes showed that the traffic was leaving Comcast's network, so they didn't admit any fault.
Today, the problem got worse - this time it was USPS that I couln't get to. 2 minutes on the phone today, and the comcast support rep had checked this box. I spent more time describing the problem than he did troubleshooting and fixing it!

It's now 12/27/2011, and I

It's now 12/27/2011, and I had this problem 2 days ago. So it's still out there!!

Just had 2@50/10 circuits

Just had 2@50/10 circuits brought in by Comcast to support a one day event for our client. Both circuits worked perfect until about 100 users started doing light use of the Internet. Packet loss jumped to 50-70% and ping times to test locations went from 20ms to 1800ms to 28000ms (yes... 28 seconds!) I called tech support and they said that it was probably the modem so I should reboot it and the router. Connected directly to the modem and could not even get their speedtest site to come up in under a minute. Rebooted the modem and the technician said that the public IP addresses did not come back online properly and that a technician would need to be sent out. I told them that the circuits were only being used for ONE DAY and that the technician is worthless if he can't come today. I started to route some of the traffic over to the secondary circuit and then I started to experience the same problems with the second modem. When I plugged directly into the SMC, I was getting ping times of 800ms to and could not even access the GUI. I had to reboot the modem again and then quickly go through the menu items to see if there was anything else that I could have missed. I found the "Disable Gateway Smart Packet Detection" and googled to this site. My ping times immediately went from 2000+ms to 20ms. My graphs showed that the highest sustained traffic I could achieve was 3M and immediately after I peaked around 20M. The technician showed up right after I made the change. I told him what I did and the result and he got his dispatch/tech support on the phone. He put the call on speakerphone and the tech started telling me that it could be my "NIC Card" or that I had a bad cable. I explained EXACTLY what happened on both networks both through my router and connected directly to the modem and he asked his tech to take him off of speakerphone. I overheard the technician saying "I don't think he wants to change anything back, it's working now..." I showed the tech where I made the change and all of the postings about that setting and how Comcast does not know about it. They had no idea that it was the default setting in their business class modem!

Interesting bit of info on

Interesting bit of info on the Comcast front. I just ordered two more temporary circuits from them for another 1 day event and was very surprised that the "Disable Gateway Smart Packet Detection" was set by default. Maybe they finally figured it out...

I work for a small business

I work for a small business that provides an internet-based product and this specific issue with Comcast has been the bane of my existence. We've had days when not a single Comcast Business user on the west coast can access our website it's been that bad. At first, disabling this option on the various client's modems seemed to work but over time the exact same symptoms return. There doesn't appear to be any options to completely disable whatever "intelligent" packet-blocking behavior these things do and so more than once I've had to tell our customers that their only choice is to have Comcast come out and replace the modem. Of course, our customers hate hearing that because it's a hassle that takes days and in the end Comcast just replaces it with the same faulty hardware so it's a problem just waiting to happen again.

Whatever is going wrong with these modems, Comcast doesn't seem to know how to fix it (no matter who I talk to over there) and they have continued to use hardware that causes this issue for years now. At this point I just wish there were something someone could do to resolve it once and for all.

Solved my problem I can't

Solved my problem

I can't even begin to tell you how much I appreciate you posting this solution! For months I had trouble loading certain websites. Most would load instantly and some just refused. It was very random. The only way to get operational again would be to reboot my modem. Calls to Comcast proved useless. They even sent out a tech to see what was going on but inevitably they blamed it on my computers (hardware, firewalls, antivirus etc). Then I come across your post.

As you stated, "Head in to your modem admin page, go to Firewall Settings and check the box next to "Disable Gateway Smart Packet Detection" and all of your problems will be solved. (No guarantees, but seriously, it should work)

One checkbox is all it takes and all the sites that wouldn't open two minutes ago all open just fine now. WOW! Thanks!

I had high hopes that I'd get

I had high hopes that I'd get home and try this and all my problems would go away, but alas no. I have occasionally (infrequently) had to clear up a network issue by rebooting the Comcast Business Gateway (CM/router). This wasn't a *big* problem, but annoying. Then as of the past 48hrs it's started doing it within under 12 hours.

I was hopeful that "Disable Gateway Smart Packet Detection" would be the answer, but I logged into the CM and it's already checked (d'oh!).

The massive increase in frequency would appear to correlate with when we added web site blocking to the CM firewall for about 15 domains (temporarily--and it'll be *very* temporary if I have to reboot the CM twice or more times a day!).

So ... I suspect it's got memory leaks, connection table overflow issues, or some other form of resource problem that is exacerbated by adding web site blocking to the mix. Perhaps I should see if there's a firmware update available.

2013 and this is still an

2013 and this is still an issue. I messed with DNS and host file and site certificates. At least the resolution seems to have trickled down to L1 support. I asked the first person I talked with to ping the IP I couldn't reach, he said "I can ping it" and when I asked what he did to fix it he admitted it was this great feature.

Wow - that fixed THAT !!!

Wow - that fixed THAT !!!

I love you... I've been

I love you... I've been fighting this for months.