How Windows 7 Knows My Network Connection Status?

0

Have you ever wondered how Windows 7 is smart enough knowing so much about my network connections, whether a popup balloon telling that the WiFi network requires an in-browser authentication or a disconnect icon indicating that the internet connection isn’t working?

image

If you do, check out this great post from Superuser blog that explains in detail what’s behind the scene that makes this all magically happened.

Basically, it’s the Network connectivity status indicator (NCSI) service that does the trick. According to Microsoft, NCSI makes 2 type of requests that both need an active internet connection to be able to receive the predefined results.

  • NCSI makes a request for http://www.msftncsi.com/ncsi.txt expecting receive a plain txt file ncsi.txt stored on msftncsi.com website containing the plain text “Microsoft NCSI”.
  • NCSI makes a DNS request for a name resolution of dns.msftncsi.com expecting the resolution of the DNS name to a specific IP address 131.107.255.255.

In detail, as SuperUser guy revealed,

It appears that on any connection, the first thing NCSI does is requests the text file (step 1 above). NCSI expects a 200 OK response header with the proper text returned. If the response is never received, or if there is a redirect, then a DNS request for dns.msftncsi.com is made. If DNS resolves properly but the page is inaccessible, then it is assumed that there is a working internet connection, but an in-browser authentication page is blocking access to the file. This results in the pop-up balloon above. If DNS resolution fails or returns the wrong address, then it is assumed that the internet connection is completely unsuccessful, and the “no internet access” error is shown.

It’s quite obvious, if you noticed, that NCSI requires a phoning-home procedure in order to make it work. While the feature is quite important and very useful indeed  in terms of usability, it also could be a concern of revealing the privacy, though the volume of information revealed is quite minimum.

For those who are concern about the privacy issue, there are two options you can get around with it, enjoying the benefits that NCSI brings without loosing any privacy information. Both options are involved with the registry changes. Simply navigate to the following registry first,

HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet

Option 1, to redirect the request to your own server.

The designated registry contains a number of keys as below:

image

Changing both ActiveWebProbeHost and ActiveWebProbePath settings to your own web server will make the phoning-home request a truly home call process which eliminates the concern of privacy leak. There is a benefit bonus from this change, according to the post.

As an added benefit, this could be used as a tracking mechanism to see where your computer goes, particularly should it get lost or stolen, since any connection attempt will result in your server being requested.

This indeed is a great tip. However, if you don’t have the luxury of owning a web server, you can simply go to the next option, which is

Option 2, completely turning NCSI off

It was enabled by default but can be turned off by changing a registry key.

Changing EnableActiveProbing from 1 to 0 will completely shut this service down. Turning off this service will not harm your real network connection. However, you will not be able to know when the connection gets into any problem.

SHARE

LEAVE A REPLY

Please enter your comment!
Please enter your name here