Dear Lifehacker, Lately it seems like my high speed connection is bogged down, and I'm getting a creepy feeling that someone's stealing my bandwidth on my Wi-Fi network. How can I find out if other people are leeching my Wi-Fi, and how do I stop them if they are? Signed, Paranoid or Not?
Besides the fact that your Wi-Fi moocher may be slowing down your connection, people connected to your network may also have access to some of your shared folders (depending on what security measures you use), and if someone's using your connection to do illegal things, it could even bring the authorities to your doorstep. Don't worry, though, we can help you find out if, indeed, your Wi-Fi is being stolen and help you put an end to it. (Note: If it turns out that no one's using your Wi-Fi, you may want to check out our guide to fixing your slow Wi-Fi connection.)
Without further ado, there are a few methods for sniffing out wireless intruders.
Low-Tech Method: Check Your Wireless Router Lights
Your wireless router should have indicator lights that show internet connectivity, hardwired network connections, and also any wireless activity, so one way you can see if anyone's using your network is to shut down all wireless devices and go see if that wireless light is still blinking. The trouble with this is that you may have many other Wi-Fi devices (e.g. your TV or gaming console) to remember to unplug, and it doesn't give you much other information. It's still a quick-and-dirty method, though, that can confirm your at-the-moment suspicions; for more details, follow up with either the administrative console check or software tool suggestion below.
Network Admin Method: Check Your Router Device List
Your router's administrative console can help you find out more about your wireless network activity and change your security settings. To log into the console, go to your router's IP address. You can find this address on Windows by going to a command prompt (press Win+R then type cmd) and then typing ipconfig in the window, then find the "Default Gateway" IP address. On a Mac? Open the Network Preference pane and grab the IP address listed next to "Router:".
Next, type in that IP address in a browser window. You'll be prompted to login to you router. If you haven't changed the default settings, your router documentation will have the login information, which typically uses a combination of "admin" and "password" or blank fields. (Note: for security's sake, you should change the login as soon as you get into your router console, before a hacker does it for you.)
All routers are different, but once you're in yours, you'll want to look for a section related to connected devices. This could be called "Attached Devices" (Netgear), "Device List" on the awesome Tomato firmware or something similar. It should provide a list of IP addresses, MAC addresses and device names (if detectable) that you can check against. Compare the connected devices to your gear to find any unwanted users.
Note: DHCP list on routers doesn't show all attached devices, but rather only DHCP clients — devices that got their IP address automatically from the router. A stealthy hacker, however, can get into your network with a static IP address, bypassing that DHCP table. So you'll need to refer to the actual wireless client list, not the DHCP list. On Linksys routers, you can find it behind the wireless MAC address filter function, which needs to be enabled so you can show the MAC list of all connected devices (static or DHCP).
What to do if you find an unauthorised device As mentioned below, changing your security to WPA2 (or setting up a new password) will prevent access to your Wi-Fi network from unauthorised users (and kick any who are on your network now off until they provide the new security key). The IP addresses and MAC addresses alone won't really help you identify the perpetrators themselves, though, if that's what you're looking for. If you want more information about where these moochers are, you can also try the software tool below.
Detective Method: Use a Network Monitoring Software Tool
It's good to know how to get into your network admin panel where you can change settings and view logs, but maybe you also want more advanced network auditing or sleuthing. That's where MoocherHunter comes in. Part of the free OSWA (Organizational Systems Wireless Auditor)-Assistant wireless auditing toolkit, MoocherHunter has been used for law enforcement organizations in Asia to track Wi-Fi moochers. The software description says it can geo-locate the wireless hacker from the traffic they send across the network, down to 2m accuracy.
The software doesn't run as an executable in Windows; rather it needs to be burned to a CD, then used to boot the computer. The idea is, with your laptop (and the directional antenna on your wireless card), you'd walk around to triangulate the physical location of the Wi-Fi moocher.
We're not advocating you use the tool to take any actual action (like knocking on your neighbour's door and having a physical confrontation) based on the software's results, but it is another way to learn more about who, if anyone, is using your wireless network.
Moving Forward: Beef Up Your Wi-Fi Security
You didn't mention what kind of wireless security your network uses. If you're using the more secure WPA2 (or, to a lesser extent, WPA), you're likely pretty secure. If you've gone through all the steps and your browsing still seems slow, you may want to turn your thoughts to speeding up your web browsing. If your connection isn't encrypted or if you're using WEP — which is very easy to crack — your Wi-Fi is fairly vulnerable to anyone looking for a free ride. (If you're not sure which type of encryption your network is using, go to your wireless connection properties, which will identify the security type.)
Just remember: Whether you discovered a leecher or not, you should still use WPA2 encryption, use a non-default SSID and tackle other wireless router setup essentials. If, for some reason, you want to run an open wireless network or have to use WEP because some devices (e.g. the Nintendo DS) won't work over WPA, your best bet is to add a new, separate and secured wireless network for important stuff and only open the unsecured one for guests and WEP-only devices when needed (you can also get a router that broadcasts a separate wireless signal for guests only).
Here's to knowing everyone who's connecting to you...