Dear Lifehacker, Lately it seems like my high speed connection is bogged down, and I'm getting a creepy feeling that someone's stealing my bandwidth on my Wi-Fi network.
How can I find out if other people are leeching my Wi-Fi, and how do I stop them if they are? Signed, Paranoid or Not?
Besides the fact that your WiFi moocher may be slowing down your connection, people connected to your network may also have access to some of your shared folders (depending on what security measures you use), and if someone's using your connection to do illegal things, like hack the smart devices in your home, it could even bring the authorities to your doorstep. Don't worry, though, we can help you find out if, indeed, your WiFi is being stolen and help you put an end to it. (Note: If it turns out that no one's using your WiFi, you may want to check out our guide to fixing your slow WiFi connection.)
Without further ado, there are a few methods for sniffing out wireless intruders.
Low-Tech Method: Check Your Wireless Router Lights
Your wireless router should have indicator lights that show Internet connectivity, hardwired network connections, and also any wireless activity, so one way you can see if anyone's using your network is to shut down all wireless devices and go see if that wireless light is still blinking. The trouble with this is that you may have many other WiFi devices (e.g., your TV, smartphone, or gaming console) to remember to unplug, and it doesn't give you much other information. It's still a quick-and-dirty method, though, that can confirm your at-the-moment suspicions; for more details, follow up with either the administrative console check or software tool suggestion below.
Network Admin Method: Check Your Router Device List
Your router's administrative console can help you find out more about your wireless network activity and change your security settings. To log into the console, go to your router's IP address. You can find this address on Windows by going to a command prompt (press Win+R then type cmd) and then typing ipconfig in the window, then find the "Default Gateway" IP address. On a Mac? Open the Network Preference pane and grab the IP address listed next to "Router."
Next, type in that IP address in a browser window. You'll be prompted to login to your router. If you haven't changed the default settings, your router documentation will have the login information, which typically uses a combination of "admin" and "password" or blank fields. (Note: for security's sake, you should change the login as soon as you get into your router console, before a hacker does it for you.)
All routers are different, but once you're in yours, you'll want to look for a section related to connected devices. This could be called "Attached Devices" (Netgear) or "My Network" (Verizon routers), "Device List" on the awesome Tomato firmware, or something similar. It should provide a list of IP addresses, MAC addresses, and device names (if detectable) that you can check against. Compare the connected devices to your gear to find any unwanted users.
Note: DHCP list on routers doesn't show all attached devices, but rather only DHCP clients — devices that got their IP address automatically from the router. A stealthy hacker, however, can get into your network with a static IP address, bypassing that DHCP table. So you'll need to refer to the actual wireless client list, not the DHCP list. On Linksys routers, you can find it behind the wireless MAC address filter function, which needs to be enabled so you can show the MAC list of all connected devices (static or DHCP).
What to do if you find an unauthorised device
As mentioned below, changing your security to WPA2-AES (or setting up a new password) will prevent access to your WiFi network from unauthorised users (and kick any who are on your network now off until they provide the new security key). The IP addresses and MAC addresses alone won't really help you identify the perpetrators themselves, though, if that's what you're looking for. If you want more information about where these moochers are, you can also try the software tool below.
Detective Method: Use a Network Monitoring Software Tool
It's good to know how to get into your network admin panel where you can change settings and view logs, but maybe you also want more advanced network auditing or sleuthing. That's where MoocherHunter comes in. Part of the free OSWA (Organizational Systems Wireless Auditor)-Assistant wireless auditing toolkit, MoocherHunter has been used for law enforcement organisations in Asia to track WiFi moochers. The software description says it can geo-locate the wireless hacker from the traffic they send across the network, down to 2 meters accuracy.
The software doesn't run as an executable in Windows; rather it needs to be burned to a CD, then used to boot the computer. The idea is, with your laptop (and the directional antenna on your wireless card), you'd walk around to triangulate the physical location of the WiFi moocher.
We're not advocating you use the tool to take any actual action (like knocking on your neighbour's door and having a physical confrontation) based on the software's results, but it is another way to learn more about who, if anyone, is using your wireless network.
If you have a router created within the last four years or so, or one that relies on a mesh network setup (like the Eero, Google, or Luma routers) you should do a quick search in your app store of choice to see if there's a corresponding network management app.
While your router might not have debuted with a partner app, companies like Asus, D-Link, Netgear, and Linksys all have network management apps designed to make controlling your wireless network easier than looking up your IP address and router login information. These router apps will show you what devices are connected to your network, which ones are hogging the bandwidth, and scan for potential issues (like unwanted guests on your network). You can even run firmware updates from some apps, helping to keep your network's security up to date.
Moving Forward: Beef Up Your Wi-Fi Security
You didn't mention what kind of wireless security your network uses. Security protocols like WEP and WPA should be avoided, as they are considered insecure. If you're using the more modern WPA2, make sure you're using WPA2-AES instead of the less reliable WPA2-TKIP, primarily used to connect to older devices.
Security protocols like WPA and WEP are older, and less secure, than WPA2. If your only option is WPA2, chances are it's using the AES encryption standard. Using a mixed security network isn't recommended, as hackers can enter your network through the insecure security protocols.
If you've gone through all the steps and your browsing still seems slow, you may want to turn your thoughts to speeding up your web browsing. If your connection isn't encrypted or if you're using WEP — which is very easy to crack — your WiFi is fairly vulnerable to anyone looking for a free ride. (If you're not sure which type of encryption your network is using, go to your wireless connection properties, which will identify the security type.)
Just remember: Whether you discovered a leecher or not, you should still use WPA2-AES encryption, and tackle other wireless router setup essentials. If, for some reason, you want to run an open wireless network or have to use WEP because some devices (e.g., the Nintendo DS) won't work over WPA, your best bet is to add a new, separate and secured wireless network for important stuff and only open the unsecured one for guests and WEP-only devices when needed (you can also get a router that broadcasts a separate wireless signal for guests only).
Here's to knowing everyone who's connecting to you...