search

jee1mr / captive-portal

Tutorial on how to build a captive portal
70 stars 7 forks source link

Feedback on MSFT NCSI & Android domains #1

Open gdmeunier opened 1 month ago

gdmeunier commented 1 month ago

Hi, I want to say that the connectivitycheck.gstatic.com domain is used only on Android 6.0 (Android M) or higher, while older Android versions use connectivitycheck.android.com.

Another peculiarity of connectivitycheck.gstatic.com on Android 6.0 & later is that you must send a 'HTTP/1.1 204 No Content' response that contains a 'Content-length: 0' header (if you want to make Android phones say that Internet is OK without the portal, e.g. registered MAC addresses).

If you don't include this header, then Android will consider that you an unstable Internet connection.

I can say however that clients & clients2/3/4.google.com are never used by Google Chrome nor Android for captive portal detection.

Google Chrome uses bogus DNS requests (bogon or random invalid domains without a TLD such as .com), where if you answer with a valid IP then there's probably a captive portal in the LAN.

Windows on the other hand first uses a DNS request for dns.msftncsi.com to detect captive portals, not directly the www.msftncsi.com domain.

It wants to receive 131.107.255.255 / fd3e:4f5a:5b81::1 as the IP and requests afterwards http://www.msftncsi.com/ncsi.txt with the content Microsoft NCSI.

But that's for older Windows OSes, now it's yet again different (Win10+).

Windows 10 & later now request the IP one of these domains at random (via DNS):

131.107.255.255 ipv4.msftncsi.com
131.107.255.255 ipv6.msftncsi.com
131.107.255.255 ipv4.msftconnecttest.com
131.107.255.255 ipv6.msftconnecttest.com
131.107.255.255 win10.ipv4.microsoft.com
131.107.255.255 win10.ipv6.microsoft.com
131.107.255.255 win10.ipv4.msftconnecttest.com
131.107.255.255 win10.ipv6.msftconnecttest.com

The URL that gets requested is also now e.g. http://www.msftncsi.com/connecttest.txt or http://www.msftconnecttest.com/connecttest.txt (now also using www.msftconnecttest.com over HTTP).

gdmeunier commented 1 month ago

Nintendo also has its own Wi-Fi captive portal test domains:

ctest.cdn.nintendo.net
conntest.nintendowifi.net

(Info from CaptiveDNS and 90dns.)

jee1mr commented 1 month ago

@gdmeunier That's some useful information. Thanks for sharing :) I worked on this 7 years ago and haven't looked at since. There are many things that might be outdated.