Coming across my desktop today.. and courtesy of a posting on Slashdot.. comes a very interesting article which documents how Windows Vista and later versions of Microsoft Windows uses network location awareness and the Network Connectivity Status Indicator (NCSI) to determine aspects of your computer’s networking configuration.
From the article:
Whenever I connect to a WiFi network which requires in-browser authentication, such as university networks and hotel access points, Windows somehow magically knows. Windows also knows when your internet connection isn’t working, and can differentiate between having local LAN access, no network access at all, or full internet access. But how?
Although many readers would probably make the astute assumption that Windows makes a call out to the World Wide Web, and if you are one of those readers – you’d be right. What you may not have known is that it touches on a Microsoft managed server (http://www.msftncsi.com) which also (apparently) logs the call – in standard IIS logs. Privacy advocates may find this a little disconcerting, but there is a neat registry change which can allow you to point the test at basically any web server you’d like.
The settings are located in the Windows Registry under the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet If you would like to try your hand at setting your own destination for these NCSI queries, why not take a read of the original article.
Filed under: Things I was curious about, but never found the time to investigate.
Kudos to the author of the linked article. Extra kudos for their use of WireShark (which used to be Ethereal)