Browsing is slow even though you’ve checked your computer for viruses; speed tests say your network is fast enough but streaming a video takes forever; and your data plan keeps running out even though you’re pretty sure you haven’t hit the maximum limit.
There’s something strange in your neighbourhood. Who you gonna call?
No-one. You’re going to get to the bottom of this yourself.
Box: What you’ll need:
Admin privileges to install software
Router admin id and password
About five minutes
By the end of this tutorial, you’ll know how to regularly scan your Wi-Fi network and block selected devices from connecting to it. Don’t want to set up a scanner? I don’t know why you’d think keeping an eye on your network is a bad idea but if you do, skip to Step 3.
Step 1: Monitor your Wi-Fi network
If you suspect bandwidth theft, the first thing to do is monitor your network. My favourite tool to do this is Wireless Network Watcher — it’s simple, lightweight, portable so no installation necessary, and totally free. Other popular (and not so barebones) options for home users are Who’s On My Wi-Fi? and Softperfect Wi-Fi Guard.
Whichever option you pick, the first thing you’ll have to do is configure the program to use your network adapter.
Once the scanner is up and running, it will check your network for any devices that connect to it. It will notify you if it detects something new or unknown.
Did it beep? Check the list of devices for ones you don’t recognise. If your entire family shares the same network, there may be a lot of devices but it should be simple enough to recognise your sister’s phone from a stranger’s laptop. If in doubt, just ask them to disconnect and repeat the scan — the device should disappear from the list.
Step 2: Find the Intruder’s MAC address
So you’re sure you’ve caught the intruder. Time to ban them from the network! Check the device list for their MAC address. ‘MAC’ stands for ‘Media Access Control’, which is Ancient Geek for a unique hardware id built into every device capable of connecting to another device; it can be used as a physical address (and for, you know, access control) in a network. Fun fact: According to whistleblower Edward Snowden, ‘MAC address monitoring’ is one of the ways the National Security Agency (NSA) tracks the movements of everyone in a city.
MAC addresses look like a long row of numbers and letters, usually written in a format like 12:3A:B4:56:C7:8D or 12-3A-B4-56-C7-8D. Dashes and colons don’t matter, but the numbers and letters do. Copy down the one you want to block.
Step 3: Access your router settings
Once you have the MAC address you want (or if you skipped Steps 1 and 2) it’s time to check out your router settings. You can do this by opening up your internet browser (Chrome if you’re Web 2.0, Firefox if you’re old-school, Internet Explorer if you’re no-school) and typing your router’s home IP address into the URL bar.
The default IP for most routers is 192.168.1.1. If you think your router IP might be different, but aren’t sure what it is, then you can confirm it by contacting your Internet Service Provider or by downloading a program that finds it for you. (That is, if you aren’t comfortable using command prompt to find it.) You’ll also need your user id and password for the router. If you don’t already have those, call up your ISP.
Make sure you’re connected to the network you want to block the intruder from — this is important if you have multiple networks, such as a wired internet connection and a portable internet dongle. The default IP will take you to whichever router is responsible for the connection you’re currently on. Changes will not be applied to the other network.
Optional Step 4: Check your Router’s DHCP Leases
Success! Now that you’re in your router’s settings, you might want to check out which devices were granted access to your computer recently. (This step is optional unless you skipped Steps 1 and 2.) Look for DHCP somewhere in dashboard navigation. It should pull up a list of recently obtained DHCP Leases.
‘DHCP’ stands for ‘Dynamic Host Configuration Protocol’ and it is responsible for assigning devices an IP address on the network. A DHCP Lease is like an entry ticket to the grand old opera that is the internet, and most are set to automatically expire after 24 hours unless renewed. The IP address is dynamic, meaning it’s plucked out from a pool of available addresses and can change upon renewal.
Since the lease is assigned to a specific device each time, it will list MAC addresses as well. Here’s where you can find out the MAC address of any unknown devices that connected to your network within a 24-hour period.
Step 5: Find the MAC filter
Now that we’re all on the same page, and armed with the offender’s MAC address, it’s time to look for the MAC filter. This will probably be tucked somewhere under Wireless settings.
Once you’ve found the MAC filter, select your router from the list. Remember, these settings are not stored locally and through this screen you’re actually communicating with your router, so you have to already be connected to the correct one for it to appear in the list.
MAC filtration is a simple way to control which devices can access a Wi-Fi network but it is not a security protocol. It will keep your neighbour’s computer out — but not their smartphone or tablet, unless you add those to the filter too, and certainly not a hacker who knows advanced methods of bypassing the filter. Don’t rely on a MAC filter to be what it’s not; make sure you’re using a good password and the right kind of encryption.
Step 6: Add the intruder’s MAC address
Click the button and type in the MAC address you found earlier. Save it once you’re done.
Step 8: Enable MAC filtering
Now that there’s an address or two in the list, just switch on MAC restriction.
The filter will ask you to decide if you want to only Allow the listed addresses or if you want to only Deny the listed addresses. If you select “Allow” and your neighbour’s address is the only address in the list, you’ll effectively ban yourself from your own Wi-Fi network and will have go over to their house to access the router* and fix the settings, which will be embarrassing. So choose carefully.
For the purpose of this tutorial, select “deny” to block the intruder’s MAC address. That’s it! You’re done.
Or you could just reset the router to factory settings, but where’s the fun in that?
Step 9: Brag to your non-techie friends
Now all that’s left for you to do is throw some of these terms around and start earning your geek credentials, one befuddled non-techie at a time. And remember to use your powers for good, not evil.
Published in Dawn, Sunday Magazine, July 26th, 2015
On a mobile phone? Get the Dawn Mobile App: Apple Store | Google Play
Dear visitor, the comments section is undergoing an overhaul and will return soon.