If you’ve noticed a slowdown in your Netflix streaming or web browsing, there’s a chance that you’ve got someone mooching off your internet. While it may just be a neighbor who’s too cheap to buy their own plan, you’ll want to find out for sure if someone’s stealing your wifi and upgrade your security accordingly. Here’s how.
Dear Lifehacker,
Lately it seems like my high-speed connection is bogged down, and I’m getting a creepy feeling that someone’s stealing my bandwidth on my wifi network. How can I find out if other people are leeching my wifi, and how do I stop them if they are?
Signed,
Paranoid or Not?
Dear PoN,
Besides the fact that your wifi-moocher may be slowing down your connection, people connected to your network may also have access to some of your shared folders (depending on what security measures you use), and someone might even be using your connection to do illegal things. That could cause some difficulty for you if, say, you get an angry letter from your ISP about all the BitTorrenting you aren’t doing.
Don’t worry, though, we can help you find out if someone is stealing your wifi and help you put an end to it. (Note: If it turns out that no one’s using your wifi, you may want to check out our guide to fixing your slow wifi connection.)
Without further ado, there are a few methods for sniffing out wireless intruders.
Low-tech method: Check your wireless router lights
Your wireless router should have indicator lights that show internet connectivity, hardwired network connections, and also any wireless activity. One way you can see if anyone’s using your network is to shut down all wireless devices and go see if that wireless light is still blinking. The trouble with this method is that you may have many other wifi devices (e.g., your TV, smartphone, or gaming console) to unplug, and this process doesn’t give you much additional information.
It’s still a quick-and-dirty way to confirm your at-the-moment suspicions. For more details, follow up with either the administrative console check or software tool suggestion below.
Network admin method: Check your router device list
Your router’s administrative console can help you find out more about your wireless network activity, and it’s where you’ll need to go to change your router’s security settings. To log into the console, enter your router’s IP address into a web browser window. Some routers have default IP addresses (assuming you didn’t change any settings) that you can use to access your admin panel.
Otherwise, you can find this address on Windows by going to a command prompt (press Win+R then type cmd) and then typing ipconfig in the window followed by Enter. The number next to “Default Gateway” or “IPv4 Address” is what you’re looking for.
On a Mac? Open the System Preference > Network. Toggle over your active connection (indicated by a green dot) and look for the long string of numbers underneath“Status.” You can also click Advanced... > TCP/ICP and grab the number next to “IPv4 Address.”
Next, type in that IP address in a browser window. You’ll be prompted to log in to your router. If you haven’t changed the default settings, your router documentation will have the login information, which typically uses a combination of “admin” and “password” or blank fields. (Note: for security’s sake, you should change the login as soon as you get into your router console so a hacker can’t do it for you.)
Attached devices
All routers are different, but once you’re in yours, you’ll want to look for a section related to connected devices (Device Manager, Connected Devices, My Network, etc.). It should provide a list of IP addresses, MAC addresses, and device names (if detectable) that you can look up. Compare the connected devices to your gear to find any unwanted users.
Note: A DHCP list on routers doesn’t show all attached devices, but rather only DHCP clients—devices that got their IP address automatically from the router. A stealthy hacker, however, can get into your network with a static IP address, bypassing that DHCP table. So you’ll need to refer to the actual wireless client list, not the DHCP list. On Linksys routers, for example, you can find it behind the wireless MAC address filter function, which needs to be enabled so you can show the MAC list of all connected devices (static or DHCP).
What to do if you find an unauthorized device
As mentioned below, making sure your wireless security is using WPA2 encryption (and setting up a new password) will prevent unauthorized users from accessing your wifi network (and kick off any who are on your network until they provide the new security key). The IP addresses and MAC addresses alone won’t really help you identify the perpetrators, though.
Detective method: Use a network monitoring software tool
It’s good to know how to get into your network admin panel, but maybe you also want more advanced network auditing or sleuthing. That’s where MoocherHunter comes in. Part of the free OSWA (Organizational Systems Wireless Auditor)-Assistant wireless auditing toolkit, MoocherHunter has been used by law enforcement organizations to track wifi leechers. The software description says it can geo-locate the wireless hacker from the traffic they send across the network, down to a two-meter accuracy.
The software doesn’t run as an executable in Windows; rather it needs to be burned to a CD, then used to boot the computer. The idea is that you would walk around and use your laptop (and the directional antenna on your wireless card) to triangulate the physical location of the wifi moocher.
We’re not advocating you use the tool to take any actual action (like knocking on your neighbor’s door and having a physical confrontation) based on the software’s results, but it is another way to learn more about who, if anyone, might be using your wireless network.
If you have a newish router or one that relies on a mesh network setup (like the Eero, Google, or Luma routers) you should do a quick search in your app store of choice to see if there’s a corresponding network management app.
While your router might not have debuted with a partner app, companies like Asus, D-Link, Netgear, and Linksys all have network management apps designed to make controlling your wireless network easier than looking up your IP address and router login information. These router apps will show you what devices are connected to your network, which ones are hogging the bandwidth, and scan for potential issues (like unwanted guests on your network). You can even run firmware updates from some apps, helping to keep your network’s security up to date.
Moving forward: Beef up your wifi security
You didn’t mention what kind of wireless security your network uses. Ancient security protocols like WEP and WPA should be avoided, as they are fairly insecure. If you’re using the more modern WPA2, make sure you’re using WPA2-AES instead of the less reliable WPA2-TKIP.
If your connection isn’t protected with a strong password and a modern encryption scheme, your wifi is very vulnerable to anyone looking for a free ride. (If you’re not sure which type of encryption your network is using, go to your wireless connection properties, which should identify the security type.)
If you’ve gone through all the steps, you can’t identify any wifi leechers, and your browsing still seems slow, you may want to turn your thoughts to other options for speeding up your internet.
Here’s to knowing everyone who’s connecting to you...
Love,
Lifehacker
This article originally ran in January 2011, and was updated with new information in August 2017, and again in October 2019.