How To Tell If Someone Is On Your Wireless Home Network

Good article. I always advise people to either use static IP addresses in their home networks since there are not usually that many devices to maintain. If you do not want to take this approach, I would suggest that you use a subnet mask to limit the number of DHCP addresses allocated. (255.255.255.240 allows 14 usable addresses, or 255.255.255.224 allows 30 usable addresses). Most home routers will also allow you to limit the amount of DHCP addresses listed without changing the subnet mask.

This was a tad confusing. I just wish there was one mac software application that would do all of this in one place.

theres one way to help mac users, and its simpler than sumo or DOS. what may that be you ask? Its Windows 7! yay 7, with zero BSoD, zero calories, zero problems. 🙂

You also can use Mac Address Filtering and add only the Mac Addresses that you know, like your laptop's mac, your phone's mac, etc. This is good because it will be a pain in the butt for someone to simply guess your devices Mac Addresses. Mac filtering combined with WPA/WPA2 is a good method to prevent someone to mess up with your wireless home network. (sorry for my English)

Nice Work, I really appreciate your work, I am too a IT guy and I surely look for something like this.

One more thing that a network administrator to do in this regard, just to be more careful to use a wireless router for local network. Use a secure DHCP serber with MAC address security. Here is a post at itoperationz.com blog to secure the DHCP server;
http://www.itoperationz.com/2009/09/how-to-secure-a-dhcp-server-in-windows/

I can't imagine a situation where a hacker would want into the wifi network at my apartment so badly that a MAC whitelist wouldn't be sufficient security.

@Jimmy: Correct me if I'm wrong, but I believe that MAC address filtering is not a secure procedure. MAC address cloning is a trivial procedure, and built into the router firmware. WPA2 encryption with a complex, non-dictionary password is your best bet. The only known successful attack against WPA2 is a brute-force attack. Possibly using rainbow tables, or pre-computed hash tables.

Nice article. Thank you.

@upthereinthesky: P.S. MAC Address Filtering will be sufficient to keep out the good guys.

@upthereinthesky:
Actually, I think you had it right the first time. MAC address filtering is pretty easy to get around (cloning legit addresses) for anyone who has even the slightest clue as to what they are doing. Besides that, the inconvenience factor is very high. Logging into the router to add a new MAC address (or two if you have to add the wireless and wired connections your new laptop came with) is a complete PITA for most people. Not to mention it's not effective security. You are much better off relying on WPA/WPA2.

Hiding the SSID is equally pointless. Anyone with half a brain will fire up netstumbler or something similar and read the network name (hidden or not).

You know there is software that is built to solve this exact problem other than the very manual processes listed here.

You could always try "Who Is On My Wifi" by my company. We also have a few competitors if you look into it. But there is definitely software to handle this.

The basic idea is that the software scans the network every 5 minutes looking for any unknown computers that have joined and sends a notification if one is found.

It's an easier way to consistently monitor the network.

And I agree, the best way to keep people off of a network is to use WPA2.

hi ,this is a good article .it is very useful for it guys

thx.

I have a dumb question. Can someone steal your internet download usage via a wireless router. I am been trying to secure my belkin router, but have had no luck. Never had a problem with my usage being used up except for today. I got my new download usage, and within less than 2 hours, it is all gone. I have had my router for 2 years, but is says it is unsecured.

@Ann:
Yes, absolutely! In particular, if you live in an apartment complex, your router is within range of a bunch of other residents. It is so easy for someone to tap into your wireless router, if you do not turn on wireless security.

Don't use WEP. Someone with mal-intent can crack that within 60 seconds. Literally. Use WPA2, AES. Don't use TKIP unless you need it for something else. Go onto grc.com and get a nice, long, random password, say, about 63 characters long, and load that into your router and any wireless devices you may want to use. You only need to enter it once. You can copy and paste it, so you won't even have to type it. Unless you have a wireless printer like mine! But, even so, it only takes a couple minutes to type it into the printer.

Then, there's nobody who will be able to hack into your wireless network. Not only can the bad guys steal your bandwidth, who knows what else they can do once they get into your network!

Good luck.

I understand someone using someone elses Internet. Like me, I have a Modem but can't be bothered to connect to it so I connect to someone elses. Atleast I have a Modem. Some people really get me angry

Pls, I need a clearification on disabling SSID broadcast in the router. Does it mean the network has become a hidden type and will it be that we have to be configuring the client systems manually in accordance with parameters set in the wireless router e.g SSID and security type and passprase.

Thanks.

Send ur comments.

You are correct. You would need to manually (or by utilizing some form of portable media, e.g. thumbdrive) enter your SSID on all your wireless devices.

Keep in mind that "Security by Obscurity" is a weak defense against intruders. You might keep out your next-door neighbor, but you wouldn't even slow down a serious hacker with just this method. Though, I see you're mentioning a passphrase. You'd need to use a randomly generated, long (as long as you can, like, say, 63 characters) password, with WPA-2 encryption. Then, you'd be secure.

@ Bill Swearer If I should use randomly generated. How would I be joining new clients?

@azedas101:

OK. I didn't mean that you should have a constantly-changing key. This is a one-time process. Just go to grc.com and get a nice, long, random password. Then, plug that passkey into all your wireless devices, and lastly into your router, and enable WPA-2 encryption. Then, you'll be done. No more changes are required. That said, it's always a good idea to change that password on a regular basis for top security. Note, of course, that should you have a keystroke logger implanted on your system, all bets are off. You should use a good antivirus/anti-malware program to scan for these.

If, after doing this, you have visitors to your home to whom you wish to offer wireless access, you have a decision to make. If you trust them with your password, you can give it to them. If you follow the TNO (Trust No One) rule, you'll need to do something different. In order to have two completely isolated networks, however, your system would require three routers. Routers are getting very inexpensive. You could Google for more info on that.

Guys!

Thanks for your previous supports and I'll be loyal to you all at the time of your need if I'm in best possition to do.

Please, I have been trying to use this shutdown command on my network but whenever I did it would be showing some futher infomation and the command would not take it effect.

The command is shutdown -m\\computername then after the respond would be
Microsoft Windows [Version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\user>\\shutdown -r\\acct05
The filename, directory name, or volume label syntax is incorrect.

C:\Users\user>shutdown -r\\acct05
Usage: shutdown [/i | /l | /s | /r | /g | /a | /p | /h | /e] [/f]
[/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]]

No args Display help. This is the same as typing /?.
/? Display help. This is the same as not typing any options.
/i Display the graphical user interface (GUI).
This must be the first option.
/l Log off. This cannot be used with /m or /d options.
/s Shutdown the computer.
/r Shutdown and restart the computer.
/g Shutdown and restart the computer. After the system is
rebooted, restart any registered applications.
/a Abort a system shutdown.
This can only be used during the time-out period.
/p Turn off the local computer with no time-out or warning.
Can be used with /d and /f options.
/h Hibernate the local computer.
Can be used with the /f option.
/e Document the reason for an unexpected shutdown of a computer.
/m \\computer Specify the target computer.
/t xxx Set the time-out period before shutdown to xxx seconds.
The valid range is 0-600, with a default of 30.
Using /t xxx implies the /f option.
/c "comment" Comment on the reason for the restart or shutdown.
Maximum of 512 characters allowed.
/f Force running applications to close without forewarning users.
/f is automatically set when used in conjunction with /t xxx.
/d [p|u:]xx:yy Provide the reason for the restart or shutdown.
p indicates that the restart or shutdown is planned.
u indicates that the reason is user defined.
if neither p nor u is specified the restart or shutdown is unpl
anned.
xx is the major reason number (positive integer less than 256).
yy is the minor reason number (positive integer less than 65536).

Reasons on this computer:
(E = Expected U = Unexpected P = planned, C = customer defined)
Type Major Minor Title

U 0 0 Other (Unplanned)
E 0 0 Other (Unplanned)
E P 0 0 Other (Planned)
U 0 5 Other Failure: System Unresponsive
E 1 1 Hardware: Maintenance (Unplanned)
E P 1 1 Hardware: Maintenance (Planned)
E 1 2 Hardware: Installation (Unplanned)
E P 1 2 Hardware: Installation (Planned)
P 2 3 Operating System: Upgrade (Planned)
E 2 4 Operating System: Reconfiguration (Unplanned)
E P 2 4 Operating System: Reconfiguration (Planned)
P 2 16 Operating System: Service pack (Planned)
2 17 Operating System: Hot fix (Unplanned)
P 2 17 Operating System: Hot fix (Planned)
2 18 Operating System: Security fix (Unplanned)
P 2 18 Operating System: Security fix (Planned)
E 4 1 Application: Maintenance (Unplanned)
E P 4 1 Application: Maintenance (Planned)
E P 4 2 Application: Installation (Planned)
E 4 5 Application: Unresponsive
E 4 6 Application: Unstable
U 5 15 System Failure: Stop error
E 5 19 Security issue
U 5 19 Security issue
E P 5 19 Security issue
E 5 20 Loss of network connectivity (Unplanned)
U 6 11 Power Failure: Cord Unplugged
U 6 12 Power Failure: Environment
P 7 0 Legacy API shutdown

And nothing would be acheived and while I want to use this command is to shutdown an authorised host detected on my network.

Send your comments.

Thanks.

Hi, my boy friend hacked into my computer through my network (I think) cause he knows my wifi password as well as my computer ip or mac address. He did this to my home computer and my office's computer for he is also my boss at work. How I knew? He told me he can see everything I did on my computer. He even have print screen of all the activities that I've done. I'm pretty sure he didnot install hacking software to both my computer cause he told me he has a friend who helped him to installed a software to his computer to hack me. I asked him if he can see my password but he said he can't. I don't think its true. I am so upset n felt so helpless of what he was doing. What can I do to prevent him from hacking me? Even when I use other laptop(but still using my home's wifi), he still can see what I was doing. Pls help!

Carrie - Get a new boyfriend! He sounds like a right little worm.

@carrie hi what he has done what we call in the world of tech is cmd surfing he has found your mac and ip whileyou have been on the net so now he has used windows remote desktop and with out you knowing got on it and can control and see everything like a normal pc user.

just do it to him get on to cmd and type in net stat and do the same.

Guy

Thanks Guy, but how can I do the same to him? Can u show me how? Anyway thanks for answering my question. Really appreaciated. Thanks again

That is some terrible (and incomplete) advice. First of all, even Google hasn't heard of "cmd surfing" which doesn't make a lot of sense anyway unless you are using lynx to browse the net from the command line.

What Carrie's boyfriend has done is immature and illegal, so to advise her to retaliate in a similar fashion is a poor suggestion. While I echo the opinion that's it's time for a new boyfriend, that's not my call. What I can advise you to do is to change and harden your wireless security at home and make sure to block RDP in case he is using that for remote access.

Use the webpage above to change all your wireless settings (being sure to use WPA2-AES in the process) and use whatever firewall you can (in the OS or via your router) to block the ports that RDP uses.

At work you are stuck if he is the boss. But I would assume he is not legally allowed to spy on even the workers without filling out some paperwork somewhere. I know we are not allowed to do that at work without significant notifications being sent out. I would mention to another manager what has taken place so that at least they know you are aware shady things are going on.

Actually, the guide above is a little dated. Suggestions like using WEP and hiding your SSID are actually not very good suggestions anymore.

Try something like this to re-setup your wireless network at home.
http://www.wikihow.com/Secure-Your-Wireless-Home-Network

Important steps are setting encryption to WPA2 using AES, setting a new wireless password, and setting new router password(s). You don't want people to be able to jump onto your home network OR to be able to remotely access the router. You may want to disable wireless login to the router if possible. To change router settings you would have to connect via a cable. At least this way you know no one can remotely look at your router easily.

Thanks K. Really appreaciate ur advice. I will try to re-setup my wireless. One problem is that he was the one who setup my router. Does that mean he still can access to my network after I have re-setup my wireless?

Hey Carrie,

So long as you don't reuse passwords from before, once you change your wireless security he should not be able to get in any longer (assuming you set up the wireless in a safe manner - the online guide should help with that). Basically the whole point of these guides is to prevent exactly what happened to you. Even when you do everything right though, if someone else is doing the wireless setup for you…..there is always a chance they can get on. That is why I would recommend YOU do the wireless setup or have a trusted person do it for you. (Can't really fault you for having the boyfriend do it before, but this time make sure the person setting it up is trustworthy 😉

Thank you so much for ur reply, K. I will try to do the setup myself. BTW, he also knew my my pc ip address and most probably mac address as well. Now that I re-setup the network, is it possible that he still access to my computer using other method?

The IP doesn't really matter. The internal IP for your computer is irrelevant and subject to change. The IP for your house (really for your cable modem) usually is also subject to change depending on your ISP (online provider). So neither of those things is very important. You could ask your ISP to change your IP if you are worried for some reason, but anyone with access to a computer in your house can easily find it out again.

I wouldn't worry about IPs, whether they are internal (your network inside the house) or external (your address to the world).
1) Have someone check your router to make sure it isn't providing easy outside access. (Or simply restore it to defaults to clear anything someone has put in there purposely). Then set it up securely (this takes into account setting up the wireless in a secure fashion).
2) Have someone take a look at your computers in the house to make sure nothing was put on them that will allow easy remote access. Things like LogMeIn will run as a service in the background and will likely still allow someone to get in even after you secure everything else.
After that you should be fine. At work is another story though ;(

Thanks K, u really dont know how much I appreciated what u have told me or guided me. I felt so helpless until u show up. Even now when I come to this website, I have to use public's network to get online with my galaxy tab. I dont dare to do anything with my home computer nor office's computer. You really taught me alot. Thanks K! 🙂

@Mike Boyds:

Guy!!!!!!!!!! I have done it severally but I am still encountering the same issue even when syntax error is not involved does it means one cannot shut down remote systems for security reasons.

Guys reply. I am really having a bug in achieving this task.

Thanks………….!!!!!!!!!!!!!!!!!!!!!!!!!

@Jimmy:

It is possible bcos hacker can easily use any of your shut down IP and MAC address to access ur network and u will still be assuming it is still in the range of ur IP and MAC.

This bring about vivid physical seeing working system on the network b4 confirming systems on ur network through router record.

@K:

Disabling wireless login to a router means u have to disable http in the router?

Guys!!! I have a question that is bugging my mind and the question is "Is it possible to clone a laptop WLAN(wifi) MAC address?

Carrie: You are quite welcome! You are wise not to do anything important on your own computers until you are reasonably sure they are secure again. Hopefully you feel confident about your own hardware soon, once someone looks it over 🙂

Azedas: Most routers have a setting to disable wireless login. This simply disallows wireless clients from logging into the router to manage it, it doesn't affect http traffic. With this enabled (in theory), the only way to change settings on the router is to use a computer physically cabled to it. As for MAC whitelisting, I think it's largely a waste of time and it's annoying to deal with from an admin perspective. Any competent intruder will simply MAC spoof anyway. You are banking on complex AES encrypted keys to keep out intruders, though mostly you are simply hoping to offer a more annoying target than your neighbors.

Have a great weekend everyone.

@K:

Okay, but I still need a clarification of this issue. Please, do you mean there would be an optional setting for disabling remote access of a network PC to router of once http is disable all PC on the network would be denied from having admin access or are there any update u can give me on new routers.

Azedas: Sorry, I am not quite sure what you are asking me. All I am saying is that on some routers you can configure a setting so that only WIRED clients are allowed to login to the router. Which means that someone will have to have physical access to your router to make changes to it (normally a good thing).

So yes, remote access to the router is denied when trying to make that connection wirelessly, but it will be allowed if the machine is cabled to the router. This does not affect any http traffic otherwise.
I know a few Netgear routers DO NOT let you do this, but many others do.

Here's a link that will hopefully offer some visual explanation for you and help to clarify.
http://www.watchingthenet.com/how-to-disable-access-your-linksys-administration-interface-over-wireless-connection.html
(Didnt' even realize the link was from this same site…..that's handy!)

I am tapping into someone else's wireless connection. Are they able to see my history and the sites I have been visiting easily? I am not worried about being hacked, but just wonder if they can see the history and what sites I am on throughout the day.

Any time you connect to someone else's network, there is always the possibility that they are tracking your every move…..so yes. Depending on what their setup is between your computer and their internet connection, they could have a complete history of your internet use.

If they are sharing the internet with you willingly, you need to decide how much you trust that person. Otherwise….bad boy! You take your chances…

Any chance you'd know how to do this on a mac os x?
My wireless network has been abused by neighbors who've been streaming videos non-stop.. 250$ bills.
I think the problem is my router's been on 'linksys' for so long without our family knowing and our actual secured wireless network hasn't been in function, to our mistake.

There is no reason setup should be any different on an Apple machine (to the best of my knowledge) vs a Windows (or whatever) one, but here is a link designed for using Safari to get into a fairly mainstream Linksys router.
http://www6.nohold.net/Cisco2/ukp.aspx?pid=80&vw=1&articleid=15841

If you are really in doubt, you should visit the linksys support page for your specific model router (should be on a sticker on the bottom of the device) and follow those instructions to setup a nice secure WPA2 encrypted connection (or the highest level of encryption you can use given the devices that will need to connect).

Good luck!

i love wireless

@Robert: Yeah. It is possile to view your browsing history if Log is enable in the wireless router..

Guys!!!!!!!!!!!

I need a simplified guide on how to configure RADMIN 2 and 3 for remote support on a network and not Advance IP scanner.

Thanks in advance your contribution would be appreciated.

@azedas101: http://support.radmin.com/index.php?/Knowledgebase/Article/View/124/9/radmin-installation-guide

Great page. thank you!

I don't know if anyone mentioned this or not but there is a free program called Look@Lan, that with only a few clicks will not only tell you if anyone is connecting but will give a sound notification when they connect to your network.
For those who don't know the latest threat to your wifi security is WPS (wifi-protected-setup), its how hackers can get into your WPA/WPA2 protected router almost with 100% success regardless of how obscure your password is. Find out if your router uses this type setup, if it does, learn about it and the flaw thats in your security. Videos can be seen on youtube on how they do this, type: crack wpa2 with reaver in youtube.

I love what you guys are usually up too. Such clever work and exposure!
Keep up the great works guys I've you guys to my personal blogroll.

thanks foor the great info

Thanks for finally writing about >How To Tell If Someone Is
On Your Wireless Home Network <Loved it!

Hello I am for sure being hacked I just dont know who or why 100%. But their is now no doubt in my mind that I am being hacked down to my cell connection. I have open ports being established through apps on my phone that I have disabled. People have thought I was crazy for months but they now see it too. My friends internet for her whole house is down, and im assuming its my ex. He is very very good with computers. It was a bad breakup, but Its given me a lot of problems. If anyone can help, Please…

@Joey - We would need more device details (phone and router would be helpful) to offer specific help but here are some general suggestions:
1) If your ex has "hacked" your cell phone, assuming you are correct he has probably installed some sort of back-door on it. I would suggest resetting your cell to factory defaults using the most destructive method possible to ensure that all data that can be wiped IS wiped. Obviously you should backup pictures and the like beforehand so that you can carefully restore your personal data back later.
I don't really understand the part about disabled programs opening ports. a - why not DELETE programs you aren't using rather than "disabling" them (again, what does that mean?), b - if you have "disabled" programs that are opening ports then they aren't properly disabled. I imagine you have a rooted android and have frozen them with something like Titanium Backup but I could be misunderstanding your verbiage.
2) Tell us what model router you have (so we can check for known vulnerabilities) and reset it to defaults. Disable WPS and UPNP, change the default passwords, and disable any services that you don't need (USB sharing, HNAP, etc). Create your WLAN with WPA2-AES and use a reasonably long password. If you need something easier for guests, create a guest network with a shorter/easier password.
This site is somewhat alarmist with their thinking but they offer some good suggestions.
https://www.tomsguide.com/us/home-router-security,news-19245.html

I would do ANYTHING FOR SOMEONE WOULD HELP ME. I KNOW soon to be ex has been in my computer for 5 years. I moved out and he's in my router. I am tracked, listened to, watched. I have run all of your software your talking about but Niobe will help me. He timurnes car alarms on while I'm driving, put cameras in my lightbulbd to listen and watch after I left him. ( he broke in to do this of course) this has gone on so long I whisper everywhere I go, I checked my car, I am to a point I see no future no help. All I want is some help. Someone to believe me and look into him. And usually when I answer questions like these on the Internet people tell me to contact my local authorities I have and they tell me there's no way to prove it will give you a report but there's not a think we could do. I am so sick of this. So I am basically being told I will be cyber stock the rest of my life. I took a CPO out of him for verbal emotional and psychological abuse I am trying to protect my children and no one including the court systems or the law will listen to me. You can do see what I do in network trace that he is the Gayway I am the guest. He has routed everyone of my computers. He read all of my text all of my emails. Turns on the speaker and the cameras. I need help but everyone think I'm nuts. I have taken pictures of every way he has done this since 2014. Because each time I get close he changes it up.

@Lesley Shackelford: Did you find someone to help you? I know its been awhile,..

Let's hope after almost 5 years that her boyfriend gave up. If she hasn't figured it out by now (cameras, private investigator, whatever) then it's probably never going to happen.