Surely, every user of any Windows operating system has faced a situation when the network connection icon in the taskbar is displayed with a yellow triangle, which means there is no Internet connection.
The same can be seen in the network connection properties. How does the operating system determine whether this network interface has an Internet connection or only a local network (LAN) access?
The matter is that Microsoft operating systems starting with Windows Vista have the Network Connectivity Status Indicator, NCSI. This function is called by the Network Location Awareness service (NlaSvc) when connecting to any network.
To determine the capabilities of the network, there are a lot of different methods in NCSI, one of which is the possibility of accessing the Internet. It is checked in two steps:
- When connected to the network, the system sends an HTTP-request to http://www.msftncsi.com/ncsi.txt. This is a plain text file which contains just a single line Microsoft NCSI. In case of a successful query, the server should send back a response with the header “200 OK” containing this line.
- The DNS service health is checked in the second step with the NCSI trying to resolve the name dns.msftncsi.com to an IP address. The expected value is 188.8.131.52
If both steps have been successfully completed, the system assumes that the Internet access is available when the check is over. If ncsi.txt is not available and dns.msftncsi.com is not permitted or is permitted with another IP address, the system reports the inability to connect to the Internet. If ncsi.txt is not available, but dns.msftncsi.com is resolved to the right IP address, the system displays a message that the authentication in the browser is needed.
The NCSI settings are stored in the registry under HKLM\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet, and if necessary they can be edited. Here are the most important parameters for IPv4 (for IPv6, just add the V6 prefix):
- EnableActiveProbing – is the automatic verification of the Internet connectivity (1 — the check is enabled, 0 — the check is disabled)
- ActiveDNSProbeContent – IP address to check DNS
- ActiveDNSProbeHost - host name to check DNS
- ActiveWebProbeHost – website address for a check
- ActiveWebProbePath – path to the test file
- ActiveWebProbeContent – content of this file
Using these settings, you can change the default IP addresses to your own ones and monitor the connections of the certain computers in the log after getting up the web-server. However, I don’t think it makes much sense.