Sunday, 10 June 2012

How Does Windows 7 Determine Internet Access Status

So I was curious on how Microsoft is managing to determine the status of internet access. I am a linux user and I have been thinking of having something similar to windows in ubuntu as well. Due to curiosity, I was tempted to dig further upon this and here is my finding.

What tool would be better than wireshark to analyze network traffics so I fired up wireshark in my friend's laptop. I took out the ethernet cable, started the capture in the ethernet interface, and then plugged in the ethernet cable back. I waited till the internet access status was shown at the right bottom(right part of taskbar) and stopped the live capture.

Now to the fun part, I analyzed the capture with my noob skill.

One particular entry was the DNS query for . Curios, I opened the site to find 403 forbidden error. I was now starting to think that Microsoft does the DNS lookup for this particular site and if it fails, Windows shows No Internet Access sign.

Wait!!! There's something more. Further analysis showed that a GET request is made for the file ncsi.txt to that website. Following the stream, I found out that the page contained the text Microsoft NCSI.

So this is what I concluded after this analysis:

Windows performs a dns lookup for then after it succeeds, a request is made to which should contain the text Microsoft NCSI.

I did a google search on Microsoft NCSI and THIS PAGE gives a detailed description on NCSI which stands for Network Connectivity Status Indicator.

If you guys have researched on this and found something different, please let us know by throwing a comment.