How does Windows decide whether your computer has limited or full Internet access?

Raymond Chen

Windows lets you know when your computer’s Internet connection is limited or absent entirely. What is this sorcery?

Windows attempts to download a file from a dedicated Web server. Depending on which version of Windows, it’s http://www.msftncsi.com/ncsi.txt or http://www.msftconnecttest.com/connecttest.txt. If the download is successful and contains the correct contents, then Windows concludes that you have full Internet access.

If something goes wrong, Windows will report either limited or no Internet access, depending on what exactly went wrong.

You can read more details on docs.microsoft.com.

11 comments

Discussion is closed. Login to edit/delete existing comments.

  • Yuri Khan 0

    Isn’t this heuristic really easy to spoof?

    • Raymond ChenMicrosoft employee 1

      So what if somebody spoofs it? Congratulations, you tricked Windows into showing a “full internet access” icon, and then when the user tries to go to a web site, they get an error. All you’re doing is adding more support costs to deal with customers complaining “Your internet is broken.”

  • Simon Geard 1

    Linux distros do something similar… e.g. on a current Fedora version, it’s http://fedoraproject.org/static/hotspot.txt.

    Note that as with the Windows version, the protocol is HTTP, not HTTPS – because captive portals completely break TLS, but plaintext HTTP will result in a clean redirect to the portal, allowing the network service to detect the presence of the portal and to bring up a browser window to let the user authenticate.

    • Simon Farnsworth 0

      Similarly, Android and ChromeOS devices expect a HTTP 204 response from http://connectivitycheck.gstatic.com/generate_204 (also HTTP, for the same reason).

      It’s possibly the only time I’ve seen a HTTP 204 in the real world 🙂

      • Chris Warrick 0

        I’ve seen HTTP 204 in the real world a few times, REST APIs sometimes return it in response to a DELETE.

      • Justin Goldberg 0

        I use neverssl.com for wifi testing. Since finding a non ssl website becomes harder over time.

    • Danstur 0

      And as a tiny PSA: There is http://neverssl.com when you’re in a situation where your device for whatever reason can’t detect the captive portal and you need a plain text site with a relatively easy name to remember.

  • Douglas Dlutz 0

    Ok, now I’m more curious. Why two URLs split on Windows Version, why does not just using a single URL work for all versions?

    Also, these files must get a lot of traffic. I believe the connecttest.txt url is using Azure Front Door caching given that it has the x-msedge-ref headers (a callback to when we were called the Edge team for serving Bing traffic before we eventually grew to serve more of Microsoft and eventually be Azure product). But I don’t see these headers on ncsi.txt, does that file use a different CDN?

    • Chris Warrick 0

      They changed the URL from “msftncsi” to “msftconnecttest”. One of them makes its purpose obvious, the other is an obscure acronym. They probably did this to make it easier for people looking at their traffic to understand what this thing is.

      Also, do you really need a CDN to serve a 14-byte text file, even to millions of people?

      • Trevor Little 1

        A CDN has many advantages but one example is to give the smallest amount of latency to the client. The CDN has hundreds (thousands?) of “edge” servers all around the world with a copy of the file. If the “origin” server is in the middle of the U.S., and there’s no CDN, a client connecting from India would have to travel halfway across the globe and back. With a CDN, the client in India would connect to the edge CDN server in India.

      • Justin Goldberg 0

        I wonder if it’s in the windows source code. I’ll have to find it.

Feedback usabilla icon