Why doesn't Windows make requests to msftconnect Captive Portal?

0

0x70002020-11-24 21:29:08

Windows

0x7000, 2020-11-24 21:29:08

I'm trying to build a Captive Portal on the local network without raising an access point.
I restrict access to the Internet, traffic does not pass, I allowed access to port 80.53. According to the logic of Microsoft NCSI, Windows should make a request to msftconnecttest.com, and without receiving the content, call the portal. The notification about entering the network comes out only in the Firefox browser, because I redirect all dns requests to my server. For some reason, the OS itself thinks that there is access to the Internet.
iptables rules

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.2:80
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 192.168.0.2:53
iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination 192.168.0.2:53
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -i wlan0 -j DROP

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexey Dmitriev, 2020-11-25
@SignFinder

NCSI for corporate and consumer versions of WIndows 10 is different. Make sure your requests are going exactly where you think they are.
You can do this, for example, by installing Wireshark on Windows itself or a linux router to capture traffic and analyze it.