Let’s see if using our router we could see if an intruder can enter my Wi-Fi network without appearing anywhere. We will also see if it is possible to do the same using a Windows computer, both natively and through the use of additional software. In addition, we will see if through the use of applications with Android we have any possibility to carry out this task. Finally, we will end with a series of basic tips to prevent cybercriminals from entering my WiFi wireless network.
The ARP protocol in Windows 10
One way to check if someone can access my Wi-Fi in Windows 10 is by using the command prompt “ARP”. In case you don’t know, this command is in charge of displaying the list of entries in the ARP table of our equipment, the protocol ARP (Address Resolution Protocol) or also known as address resolution protocol is responsible for finding the MAC address or physical address that corresponds to a specific IP address. Its way of working is by sending an “ARP request” packet to the broadcast address of the network that contains the IP address for which it is asked. Then, we wait for that machine or another to respond with “ARP reply” with the Ethernet address it has established.
In summary, the purpose of the ARP protocol is to allow a device connected to a local network to obtain the MAC address of another computer that is connected to the same local network whose IP address is known, in order that communications work correctly and have connectivity in the local network. Without the ARP protocol, a computer could connect to the network without problems, but could not send any type of traffic.
If we want to use the ARP protocol in Windows, we will have to do it through a command that is executed in a command prompt window. To do this, we will follow these steps:
- We are going to Start Menu Windows.
- We wrote run and we press enter.
- We type CMD and we touch enter again.
Then a command prompt window will appear where we can execute our commands. In this case the one we are going to use is «arp »If we write it and press “enter” it will give us its available options.
In this case we are going to use the command «harp»Which will show us all the current ARP entries.
Here we see the different results in which we see the IP and the physical address of each of the devices that it has detected in the local network. In this case, the arp command was run from the local IP 192.168.1.41 which is a laptop with Wi-Fi. If we look closely, the IP 192.168.1.2 also appears there along with the physical address of another computer on my LAN. The router is also displayed on the IP 192.168.1.1 and other network equipment. As you can see, using the “arp” command you can see who is currently on the wireless and wired network of the home local network.
How do I know what my MAC address is that appears in ARP?
The easiest way to identify them would be by knowing the MAC address of each computer or device. In Windows it is also done in a command prompt window with the command «ipconfig / all»Where the MAC would correspond to the physical address.
However, it is quite a complex form since it requires a good use of the ARP command and its parameters together with the knowledge of MAC addresses for the identification of equipment. From the image above you can get the default gateway or router IP. This later will help us to enter the router configuration.
In Android operating systems, this information is obtained directly from the “Settings / About phone / Networks” menu, where we must see the MAC address of the WiFi card, Bluetooth and even the IMEI of the smartphone itself. On Android tablets you would look at the same menu, and on iOS you will also have to go to “Settings” and “About” to see this MAC address information.
In the event that you have IP cameras or smart plugs connected, these types of devices usually have their MAC address on a sticker on the device itself, and even in the documentation of the product box, that is, we will always have information about the address MAC of the different WiFi devices.
Windows programs to view connected computers
We could also use specific programs to see all the devices that are connected to our local network. His way of working usually consists of pinging each of the IP addresses of our LAN. They are generally known as a network scanner. One of the easiest to use and free programs is Angry IP Scanner. This program can be downloaded from your official website and it is compatible with Windows 7/8/10, and also requires the installation of Java for its use. This would be an example where a local network is being scanned.
Another program that we could use would be Advanced IP Scanner which is also a free and reliable network scanner that we can use to scan a LAN. This software will detect all the local subnets of the different interfaces of both physical and virtual networks installed on our PC. This would be an example of what it offers us:
If you want to try it, you can download it from here.
Both tools are the most recommended if you have a Windows operating system, they are totally free and will allow us to know in detail what devices we have connected, showing us the host name (if it has it), its IP address and also the MAC address of the device, something very important to check if a certain device is ours or is unknown. In the event that it is unknown, it is likely an intruder on our wireless network, so we should take steps to prevent it.
Use Android apps to find out who can access my Wi-Fi
Some Android apps also contain a number of networking tools. Thanks to them we can ping our computers or scan our LAN. One of them for example is Fing Here is an example of how to perform a network scan:
As you can see, it detects both wireless devices and network cable. You can download it from here:
You also have another alternative like NetX Network Tools:
The third we could use is Network Scanner that you can download from the Google Play Store from here:
Use the router to see the devices connected via WiFi
Perhaps the easiest way to know if someone tries to access my Wi-Fi is to go to the router configuration through the web. The first thing we have to do is open our browser and put the default gateway in the address bar. In the ARP section we explain how to obtain it. Then we have to put our username and password, if you have not changed it, it is usually on a sticker that comes under the router. In RedesZone, for security, we recommend changing the password.
In the previous methods showing the ARP and also using programs, we do not have the possibility to differentiate the connected equipment from the wireless ones. However, if we use routers with a very complete firmware such as those of the AVM FRITZ! Box, we will be able to see in detail all the wireless clients that are currently connected to the wireless network, and also all the wireless clients that have connected in the past to the wireless network, in order to detect possible past intrusions that could be reconnected at any time.
The section we have to access will vary depending on the brand of our router, but it is usually located in the “LAN / Local network or Wi-Fi” section. In the case of the FRITZ! Box router that we have used, you can look at both sides. In section Local network Both the devices that are connected by network cable would appear as by Wi-Fi:
We could also do it in Wifi to show only the ones that are connected wirelessly:
The advantage that good brand routers offer is that they give you the ability to name each device. Thus, if someone tries to access my Wi-Fi, it is easier to detect that intruder because the rest of the devices will have a personalized name, and the intruder will not.
As you have seen, even if an intruder is able to connect to our network, we can detect it using various methods, either through the ARP protocol, with specific programs for Windows, with free applications for Android and even directly through our router. . This last option is the best if your router has a very complete firmware, otherwise it will surely simply show you the current ARP table and not all the devices that have been connected previously.
If you don’t want to have intruders on your WiFi network, we are going to make you a total of three basic recommendations to keep your WiFi network secure:
- Disable the WPS (Wi-Fi Protected Setup) protocol on your router.
- Have the WPA2-Personal protocol configured with AES, or use WPA3-Personal.
- Use a strong access password greater than 15 alphanumeric characters.
With these easy-to-follow tips, you will have the wireless network highly protected against possible intruders, and if they are able to crack the wireless network password, you will be able to detect it with these methods that we have explained to you.