January 12th, 2023

How should I interpret the various values of NLM_CONNECTIVITY?

The NLM_CONNECTIVITY flags enumeration describes what types of network connectivity are available, as far as the networking infrastructure can tell.

Mind you, network connectivity is a hazy concept, because whether a particular endpoint can be reached is dependent not only on the configuration of the local system, but also on the configuration of every machine between you and the endpoint, and those configurations can change at any time. A hunter accidentally damages a power line and suddenly you lose connection to a server. The system won’t know about this until you try to contact that server.

Even for the state of the local system, it takes time for the system to re-evaluate the network connectivity after a change in configuration (such as an unplugged network cable), so you have to accept that the values you receive are based on the most recent information available, but that information may be in flux. And of course there are the shenanigans noted above.

The networking folks gave me this breakdown of what the flags mean and how apps should deal with them.

Flag Meaning Recommendation
DISCONNECTED No network interface detects any network. Treat as offline.
NOTRAFFIC An interface is connected, but it cannot send or receive network traffic.
SUBNET An interface has been configured to send traffic, but the system cannot confirm Internet connectivity. Make one attempt to contact service.
LOCALNETWORK
INTERNET The system has confirmed access
to Microsoft Internet sites.
Treat as fully online.

In the case of SUBNET or LOCALNETWORK, you can make one attempt to contact your Internet service even though Windows doesn’t think it’s going to work. This deals with the case where people employ shenanigans to prevent Windows from detecting Internet connectivity, such as blocking access to the msftconnecttest.com site, or to all Microsoft-owned IP addresses.

The IsConnected property considers your network to be connected if it is connected to a LOCALNETWORK or INTERNET. The IsConnected­To­Internet property requires INTERNET.

If the system is trapped behind a captive portal, it will report itself as LOCALNETWORK. To identify the captive portal case specifically, call INetwork­List­Manager::Get­Networks and use the IEnum­Networks to enumerate all the INetwork objects. Query each INetwork for IProperty­Bag and check the NA_Internet­Connectivity­V4 and NA_Internet­Connectivity­V6 properties. If either one has the NLM_INTERNET_CONNECTIVITY_WEB­HIJACK flag set, then you are trapped in a captive portal.

Another way to check whether you’re stuck in a captive portal is to call Connection­Profile.Get­Network­Connectivity­Level and check for Constrained­Internet­Access, which is the name Network­Connectivity­Level gives to being stuck in a captive portal.

(I’m sorry it’s so complicated, but networking is complicated.)

Topics
Code

Author

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

5 comments

Discussion is closed. Login to edit/delete existing comments.

  • Jeremy Richards

    This has been a huge nightmare at work. I hate apps that actually look at that value. Sometimes at work my PC reports as offline (or maybe subnet local) even though it is perfectly connected.

    Most apps ignore the flag and simply work, but Office flatly refuses to function.

  • skSdnW

    I just seem to get 0x40 from both NA_Internet­Connectivity­V4 and NA_Internet­Connectivity­V6 but I suppose I’m doing something wrong.

  • Dan Bugglin · Edited

    I would imagine if you're trapped in a captive portal but one that does not trap Microsoft servers that makes things extra fun since the captive portal won't be detected but connections to any non-MS server will fail.

    I've seen this happen on some public wifi on Android where Google IPs are unblocked for some reason but everything else goes to the captive portal (I want to say it was McDonald's but I'm not sure). I can only assume they are trying to force you to use a web browser to navigate to the captive portal so they can dump you...

    Read more
    • Alex Guo

      > I would think a more reliable approach would be to try to randomly generate a domain name, try to resolve it, and if it actually resolves, assume you’re in a captive portal.

      Oh oops this is actually done in Chrome, though not for detecting captive portals.
      Go search “chrome dns hijacking detection” for more info.

    • Simon Farnsworth

      One captive portal vendor I’ve seen offers a mode where you can download “security updates” without signing in, which claims to unblock IPs needed to let connected devices download OS and application updates from device vendors. I wouldn’t be surprised if enabling that caused portal detection to fail because it lets you through to the vendor’s IPs (Google, Apple, Microsoft etc) but not to the wider Internet.