This is known OS problem (feature by MS) for XP SP2 and Vista.
From Microsoft Technet:
| Product: | Windows Operating System |
| ID: | 4226 |
| Source: | Tcpip |
| Version: | 5.2 |
| Symbolic Name: | EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED |
| Message: | TCP/IP has reached the security limit imposed on the number of concurrent (incomplete) TCP connect attempts. |
The TCP/IP stack in Windows XP with Service Pack 2 (SP2) installed limits the number of concurrent, incomplete outbound TCP connection attempts. When the limit is reached, subsequent connection attempts are put in a queue and resolved at a fixed rate so that there are only a limited number of connections in the incomplete state. During normal operation, when programs are connecting to available hosts at valid IP addresses, no limit is imposed on the number of connections in the incomplete state. When the number of incomplete connections exceeds the limit, for example, as a result of programs connecting to IP addresses that are not valid, connection-rate limitations are invoked, and this event is logged.
Establishing connection-rate limitations helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in failed connections, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.
Connection-rate limitations may cause certain security tools, such as port scanners, to run more slowly.
Please, at the next time you meet the problem do the following:
If you find other processes, but Extromatica Network Monitor, try not to start these processes with Extromatica Network Monitor. It may be, for example, torrent client or something like this.
Also, Extromatica Network Monitor may cause these problem, when it is checking many simultaneously down servers. Try to filter you interest in the way Extromatica Network Monitor is most time checking the up-and-running hosts.
Anyway, this problem persists with any other monitoring tool and depends only on the number of simultaneously checking invalid IP addresses. Viruses uses the same style probing and MS limitation blocks all indifferently whether it's bad or good process. As a result network activity will be frozen until most of SYN_SENT connections will be closed by timeout.
Unfortunately, Microsoft gives no legal way to switch off this "feature" in TCP/IP stack. There is completely unofficial patch to tcpip.sys, which is proven and work. But We cannot suggest anybody with it officially. It can be easily found by google and installed at your own risk.