November 15th, 2022

How does Windows decide whether your computer has limited or full Internet access?

Windows lets you know when your computer’s Internet connection is limited or absent entirely. What is this sorcery?

Windows attempts to download a file from a dedicated Web server. Depending on which version of Windows, it’s http://www.msftncsi.com/ncsi.txt or http://www.msftconnecttest.com/connecttest.txt. If the download is successful and contains the correct contents, then Windows concludes that you have full Internet access.

If something goes wrong, Windows will report either limited or no Internet access, depending on what exactly went wrong.

You can read more details on docs.microsoft.com.

Author

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

11 comments

Discussion is closed. Login to edit/delete existing comments.

  • Douglas Dlutz

    Ok, now I’m more curious. Why two URLs split on Windows Version, why does not just using a single URL work for all versions?

    Also, these files must get a lot of traffic. I believe the connecttest.txt url is using Azure Front Door caching given that it has the x-msedge-ref headers (a callback to when we were called the Edge team for serving Bing traffic before we eventually grew to serve more of Microsoft and eventually be Azure product). But I don’t see these headers on ncsi.txt, does that file use a different CDN?

    • Chris Warrick

      They changed the URL from “msftncsi” to “msftconnecttest”. One of them makes its purpose obvious, the other is an obscure acronym. They probably did this to make it easier for people looking at their traffic to understand what this thing is.

      Also, do you really need a CDN to serve a 14-byte text file, even to millions of people?

      • Justin Goldberg

        I wonder if it’s in the windows source code. I’ll have to find it.

      • Trevor Little

        A CDN has many advantages but one example is to give the smallest amount of latency to the client. The CDN has hundreds (thousands?) of “edge” servers all around the world with a copy of the file. If the “origin” server is in the middle of the U.S., and there’s no CDN, a client connecting from India would have to travel halfway across the globe and back. With a CDN, the client in India would connect to the edge CDN server in India.

  • Simon Geard

    Linux distros do something similar… e.g. on a current Fedora version, it’s http://fedoraproject.org/static/hotspot.txt.

    Note that as with the Windows version, the protocol is HTTP, not HTTPS – because captive portals completely break TLS, but plaintext HTTP will result in a clean redirect to the portal, allowing the network service to detect the presence of the portal and to bring up a browser window to let the user authenticate.

    • Daniel Sturm

      And as a tiny PSA: There is http://neverssl.com when you’re in a situation where your device for whatever reason can’t detect the captive portal and you need a plain text site with a relatively easy name to remember.

    • Simon Farnsworth

      Similarly, Android and ChromeOS devices expect a HTTP 204 response from http://connectivitycheck.gstatic.com/generate_204 (also HTTP, for the same reason).

      It’s possibly the only time I’ve seen a HTTP 204 in the real world 🙂

      • Justin Goldberg

        I use neverssl.com for wifi testing. Since finding a non ssl website becomes harder over time.

      • Chris Warrick

        I’ve seen HTTP 204 in the real world a few times, REST APIs sometimes return it in response to a DELETE.

  • Yuri Khan

    Isn’t this heuristic really easy to spoof?

    • Raymond ChenMicrosoft employee Author

      So what if somebody spoofs it? Congratulations, you tricked Windows into showing a “full internet access” icon, and then when the user tries to go to a web site, they get an error. All you’re doing is adding more support costs to deal with customers complaining “Your internet is broken.”