There are many reasons why you'd want to check if an unauthorized party is using your wireless network. It may be that you're experiencing a slower than normal Internet connection or you simply don't want anyone getting a free ride while you pay the bill. Of course, there are also security implications if this person can somehow access files on your network, and even legal implications if he uses your connection for piracy or other illicit activities.
Whatever the case it's better to stay on the safe side. Many of you may have already taken some basic precautions when setting up your wireless network and know your way around troubleshooting these issues. This brief guide is aimed mostly at novice users in need a hand to find out if, indeed, their Wi-Fi is being stolen.
Check the devices associated with your router
The first thing you need to do is login to your router's administrative console by typing its IP address directly into the browser address bar - typically 192.168.0.1 or 192.168.1.1 depending on which router you have. If you don't know your router's default address check out this guide or simply go to the command prompt (Start > Run/Search for cmd) and enter ipconfig. The address you need should be next to Default Gateway under your Local Area Connection.
Alternatively, if you are on a Mac, you can find the default address by going to Network under System Preferences. It should be listed right next to "Router:" if you are using Ethernet, or by clicking on "Advanced?" and heading to the "TCP/IP" tab if you are using Wi-Fi. Next, point your browser to that address and enter your login details - if you haven't changed the default settings it should be a combination of "admin" and "password" or blank fields. Here's a default username and password list (PDF) you might find useful, but we recommend you change this afterwards.
Once inside your router's administrative console look for a section related to connected devices or wireless status. In my old DIR-655 from D-Link it's available under Status > Wireless but you'll find it as "Attached Devices" in Netgear routers, under DHCP Clients Table on Linksys routers, "Device List" if you are using the Tomato firmware, and so on.
This should provide a table with the IP, MAC address and other details of every device currently connected to the router. Check that list against your gear to find any intruders. You can find out the MAC/IP address of your computers by going to the Command Prompt again and entering 'ipconfig /all'. The MAC address will be shown as the physical address. I'll let you figure it out for mobile devices like smartphones and media players since I can't possibly list all options.
The best and simplest solution is to set up a strong password using WPA2 or WPA -- WEP is very easy to crack so avoid that if possible. There are some other methods you can use to beef up security, like switching off the SSID broadcast (which prevents it from advertising the name of your network to nearby Wi-Fi devices) or setup a filter for allowed or blocked devices by MAC address. It won't stop the most determined intruder but it will slow him down.
That should be more than enough for most users but if you need to actually track down who's been breaking into your network it's possible to pinpoint his physical location using a tool called MoocherHunter. You'll need to burn a Live CD to boot your laptop with and walk around to track down unauthorized wireless clients. According to the program's description, it detects traffic sent across the network and can find the source within 2 meters accuracy.
Needless to say, we're not suggesting you take matters into your own hands, but it might come in handy if someone is getting you in trouble with authorities using your network for illegal purposes - or simply to have a cool story to tell.
Scan Your Wi-Fi Network With Software On Your Computer
The ideal way to check for connected devices will generally be to use your router's web interface. However, some routers may not offer this feature, so you may want to try a scanning tool instead. This is a piece of software running on your computer that will scan the Wi-Fi network you're connected to for active devices and list them. Unlike router web interface tools, such scanning tools have no way of listing devices that have been connected, but which are currently offline. You'll only see online devices.
There are a lot of tools for doing this, but we like NirSoft’s Wireless Network Watcher . Like other NirSoft software, it's a convenient little tool without any adware or nag screens. It also doesn't even need to be installed on your computer. Download the tool, launch it, and it will watch your Wi-Fi network for active devices, displaying their device names, MAC addresses, and the manufacturer of their Wi-FI network hardware. The manufacturer name is very helpful for identifying specific devices without device name - especially Android devices.
This tool may not work properly until you specify your Wi-Fi network adapter. On our Windows PC, we had to click Options > Advanced Options in Wireless Network Watcher, check "Use the following network adapter", and choose our physical Wi-Fi adapter before performing a scan.
Once again, this isn't something you really need to worry about constantly. If you're using WPA2-PSK encryption and have a good passphrase, you can feel fairly secure. It's unlikely anyone is connected to your Wi-Fi without your permission. If you're concerned this is happening for some reason, you an always just change your Wi-Fi's passphrase - you'll have to re-enter it on all your approved devices, of course. Be sure WPS is disabled before you do this, as WPS is vulnerable and attackers could potentially use it to re-connect to your network without the passphrase.
Changing your Wi-FI passphrase can also be a good idea if you've given out your Wi-FI password - to neighbors visiting you, for example - and want to be sure they don't continue using it for years.