Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-drive grouping of Q&A web sites.

The Question

SuperUser reader N. Hinkle poses the following question about the Windows internet check and authentication process:

Such checks are one of the many things we take for granted when using a modern operating system, but even the most taken for granted elements of the user experience have an underlying mechanism. How does Windows tell us if there is an internet connection and whether or not we need to log into a Wi-Fi authentication portal?

How does Windows know whether or not it has a successful internet connection?

Presumably it is checking some online Microsoft service to see whether it has a successful connection, gets redirected to some other page, or doesn’t get any response at all, but I haven’t seen anywhere that this process or the services used are documented. Can anybody explain how this works?

The Answer

SuperUser contributor Tobias Plutat offers some insight into the process:

Another contributor, Jeff Atwood, highlights some key quotes from the document Tobias references:

NCSI tries to load a specific page via HTTP (more precisely: a text document) and tests whether it can be retrieved. If that is not successful, Windows reports “No Internet access”.

The mechanism also checks whether the domain the document is hosted on resolves to the expected IP address. So, it might also assume proper internet access if this test is successful but the document can’t be retrieved.

The reason it reports “No Internet Access” when you haven’t authenticated on a Hotspot yet lies in the way a Hotspot works. It blocks all ports besides 80 and 443 (for HTTP and HTTPS, respectively), which get redirected to the Hotspot’s authentication server and might mess with DNS requests in one way or another. Thus, NCSI can neither resolve the domain its test file is hosted on, and even if it could it wouldn’t reach the actual file because HTTP traffic is redirected to the Authentication server.

While this entire process is usually 100% transparent to end users, occasionally after authenticating through a Wi-Fi hot spot’s web portal, you will find yourself staring at the the actual contents of NSCSI.txt. How you ended up looking at a nondescript text document instead of the web page you were attempting to load is no longer a mystery when coupled with the previous answers on the topic.

The following list describes how NCSI might communicate with a Web site to determine whether a network has Internet connectivity:

A request for DNS name resolution of dns. msftncsi. com A HTTP request for http://www. msftncsi. com/ncsi. txt returning 200 OK and the textMicrosoft NCSI

This can be disabled with a registry setting. If you set:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ NlaSvc\Parameters\Internet\EnableActiveProbing

to 0, Windows will no longer probe for internet connectivity.

Apple does something very similar in iOS to detect internet connectivity and possible hotel “login” wifi pages, etc.

Have something to add to the explanation? Sound off in the the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.