There are many reasons why you would like to check if someone is using your wireless network (Wi-Fi) without permission. It may have already happened and you usually understand it by the speed of your connection starting to "crawl." Of course, we should also mention the implications for the security of your data, as an experienced and malicious user can somehow gain access to your network files. You could even have legal consequences if someone uses your connection for piracy or other illegal activities.
Many of you may have already taken some basic precautions when setting up your wireless network and have a way to deal with these issues. Below is a short guide that is intended primarily for novice users who need help in verifying whether their Wi-Fi is stolen.
Check the devices that are connected to your router
The first thing you need to do is to log in to your router's management console by typing the IP address in the browser's address bar (usually: 192.168.0.1 or 192.168.1.1 depending on which router you are using.) If you do not know the default address your router go to the command line from
Start / Run / Search for cmd run the exe and type ipconfig. The address should be next to the Default Gateway of your local network.
Alternatively, if you use Mac, you can find the default address by going to the Network under System PreferencesSystem Preferences). The IP should be listed right next to "Router:" if you are using Ethernet, or by clicking on "Advanced…" and go to the "TCP / IP" tab if you are using Wi-Fi. Then enter the address in the browser and you will be asked for your login details - unless you have changed the default settings the username and password should be on the back of your router. If you do not find it download this file default names and passwords (PDF). Alternatively you can search hereOr from here or search for it on Google. We recommend that you change your name and password immediately.
Once you see the inside of your router management console look for a section that will show you connected devices or wireless status. In the router we used we found the list in the DHCP Clients List section. Sometimes it is available from the Status / Wireless path, and you will find it as "Attached Devices".
Check the list for any intruders among the listed devices. You can find the MAC / IP address of your computers from the Command Prompt by typing, 'ipconfig / all' The MAC address will be displayed as a physical address.
What am I doing next?
The best and simplest solution is to create a powerful password using WPA2. WPA - WEP encryption is very easy to break and should be avoided if possible. There are some other methods you can use to enhance your security, such as disabling your SSID (this prevents your network name from appearing on nearby Wi-Fi devices), or setting up a filter to get the ability to block devices from the MAC address. This, of course, will not stop an experienced intruder but will delay it.
The above steps should be more than enough for most users, but if you really need to find out who has broken your network and find its physical location you can use a tool called MoocherHunter. You will need to burn a Live CD and boot your computer from it. From the Live CD you will be able to locate all unauthorized users of your wireless network. According to the description of the program, it detects the traffic sent over the entire network and can find the source with 2 measure accuracy.
MoocherHunter is included in the OSWA Assistant. You can download it OSWA Assistant from here.
Alternatively you can use the application Wireless Network Watcher. It will alert you whenever someone connects to your network.
Because the static IP address is likely from the attacker, if your router also has the ability to view the ARP table or even better some way of viewing statistics per IP address (eg NetFlow) then you can use these methods to find out.