How to disconnect users from Wi-Fi via a computer: programs and methods 2026

Controlling a home or office Wi-Fi network sometimes requires drastic measures—for example, forcibly disabling individual devices. Reasons can vary, from unauthorized connections from neighbors to restricting children's access during school hours. In this article, we'll explore these options. All working methods to disconnect users from Wi-Fi via a computer — from built-in router functions to specialized programs for Windows.

It is important to understand that Blocking devices on someone else's network without the owner's consent may violate the law. (depending on jurisdiction). We only consider legal scenarios - management own network, where you have administrator rights. If you rent or use corporate Wi-Fi, check with your provider or system administrator for access rules.

The methods in the article are divided by level of complexity: from simple (via the router's web interface) to advanced (using Wireshark or NetCut). You will also learn how bypass MAC address blocking (if the provider does this) and what programs can help in analyzing the network before disconnecting.

1. Disabling devices via the router's web interface

The most reliable and legal way is to use the router control panel. Most modern models (TP-Link, ASUS, Keenetic, MikroTik) allow you to block devices by MAC address or IP in a few clicks.

To access the settings:

  • 🌐 Enter the router's IP address in your browser (usually 192.168.0.1, 192.168.1.1 or 192.168.8.1).
  • 🔑 Log in (default logins: admin/admin, admin/password or see the router sticker).
  • 📊 Find the section DHCP clients, Devices on the network or Wireless → MAC Filter.

In the interface TP-Link the path will be like this: Advanced Settings → Network → DHCP ClientsA list of all connected devices with their MAC and IP addresses is displayed here. To block a device:

  1. Copy its MAC address (eg. 00:1A:2B:3C:4D:5E).
  2. Go to Wireless Mode → MAC Filter.
  3. Add the address to the blacklist and save the settings.
⚠️ Note: Once a device's MAC address is blocked, it will not be able to connect to the network, even if it changes its IP address. To unblock it, remove the address from the list or disable filtering.

Make sure you have access to the admin panel

Check the current IP and MAC addresses of devices on the network

Create a backup copy of your router settings (if available)

Disable the guest network (if not in use)-->

2. Programs for disconnecting users from Wi-Fi on a PC

If access to the router is limited (for example, in the office), you can use Windows programs that send ARP packets or Deauth attacks to break the connection. Popular utilities:

  • 🖥️ NetCut — a simple program for blocking devices by IP/MAC (works via ARP spoofing).
  • 🛡️ Wireshark + Airgeddon — for advanced users (traffic analysis + deauthentication).
  • 🔧 WiFiKill (only for Android with root) - an alternative for mobile devices.
  • 📡 CommView for WiFi — network monitoring and packet blocking.

Let's consider working with NetCut (the most affordable option):

  1. Download the program from official website (free version with limitations).
  2. Run as administrator and select your network adapter.
  3. In the list of devices, find the target one (by name or IP) and click Cut Off.

The program sends fake ARP packets, causing the router to "forget" the route to the device. The effect is temporary—access will be restored after reconnecting or rebooting the router.

⚠️ Warning: Using ARP spoofing on other people's networks may qualify as cybercrime (Article 272 of the Russian Criminal Code – unauthorized access to computer information). Use only on your own network!

NetCut (simplicity)

Wireshark (deep analysis)

CommView for WiFi (monitoring)

Manual commands in the router

Other-->

3. Disabling via the Windows command line (ARP attack)

If you don't want to install third-party software, you can use Windows' built-in tools. The method is based on ARP cache poisoning router. You will need:

  • 🖱️ Administrator rights on PC.
  • 📋 IP address of the router and the target device.
  • 🔄 Ability to send packets to a local network.

Instructions:

  1. Open Command line as administrator (Win + X → Command Prompt (Administrator)).
  2. Find out the IP address of the router and the target device:
    arp -a
  3. Send an ARP packet to terminate the connection (replace 192.168.1.100 on the victim's IP, and 192.168.1.1 — to the router IP):
    arp -s 192.168.1.100 00-00-00-00-00-00
    

    ping -l 65500 192.168.1.100

This method works temporarily (until the router's ARP table is updated). For permanent results, you need to send packets in a loop using a script.

Why don't ARP attacks work on all routers?

Some modern routers (for example, ASUS RT-AX88U or Keenetic Ultra) have protection against ARP spoofing. They ignore forged ARP packets or block the attack source. In such cases, only router-level blocking or deauthentication (see the next section) can help.

4. Deauthentication (Deauth attack) to force shutdown

A more reliable way is to send deauthentication packages (Deauth). This method simulates a command from the router to terminate the connection. To do this, you will need:

  • 📶 Network card with support monitor mode (For example, TP-Link TL-WN722N).
  • 🐧 Utilities airmon-ng And aireplay-ng (included in the package) Aircrack-ng).
  • 🔄 Access to Linux terminal (or WSL on Windows).

Step-by-step instructions:

  1. Install Aircrack-ng (for Windows - via WSL or Kali Linux).
  2. Put the network card into monitoring mode:
    sudo airmon-ng start wlan0
  3. Run a network scan:
    sudo airodump-ng wlan0mon

    (find the target network by BSSID and the channel CH).

  4. Send deauthentication packets (replace BSSID And CLIENT_MAC):
    sudo aireplay-ng --deauth 10 -a BSSID -c CLIENT_MAC wlan0mon

This method Works even on WPA2/WPA3 secured networks, since deauthentication doesn't require knowing the password. However, it's temporary—the device can connect again.

⚠️ Warning: Deauthentication on public networks (cafes, airports) may result in blocking your MAC address router security system. Use only in a controlled environment.

5. Scheduled blocking (Parent Control)

If your goal is to restrict access at specific times (such as at night or during school hours), use the Parental control (Parent Control) in the router. It's present in almost all modern models:

Manufacturer Path to settings Peculiarities
TP-Link Additional settings → Parental controls MAC or IP blocking, flexible schedule
ASUS Administration → Parental Controls Integration with ASUS Router App, website blocking
Keenetic Home Network → Devices → Restrictions Whitelist support, internet pause
MikroTik IP → Firewall → Filter Rules Requires manual configuration of rules

Example setup for Keenetic:

  1. Open the web interface and go to Home Network → Devices.
  2. Select the device and click Restrictions.
  3. Set a schedule (for example, blocking from 11:00 PM to 7:00 AM).
  4. Save the settings and the device will automatically turn off at the set time.

6. How to bypass the block (if you are a victim of the shutdown)

If you've been disconnected from Wi-Fi, there are several ways to regain access:

  • 🔄 Changing the MAC address: Use programs like Technitium MAC Address Changer (Windows) or commands in Linux:
    sudo ifconfig wlan0 down
    

    sudo ifconfig wlan0 hw ether 00:11:22:33:44:55

    sudo ifconfig wlan0 up

  • 📡 Connecting via another deviceIf only your PC is blocked, use your phone as a modem.
  • 🔌 Resetting the router: Briefly powering off the router will reset the ARP table (but will not help with MAC filtering).
  • 🛠️ VPN or Proxy: If the blocking is at the IP level, try changing it via VPN (for example, ProtonVPN).

If blocking is configured at the router level (for example, through MAC Filter), the only legal way is to negotiate with the network administrator. Attempts to bypass protection may violate the provider's user agreement.

7. Legal aspects and ethics of device disconnection

Before blocking devices on your network, please consider:

  • 📜 LegalityIn Russia, unauthorized access to computer information (Article 272 of the Russian Criminal Code) is punishable by a fine of up to 500,000 rubles or imprisonment for up to four years. This also applies to interference in other people's networks.
  • 🏠 User consent: On your home network, notify family members of the block (for example, via a note on the refrigerator or a message in a family chat).
  • 🛡️ ExceptionsIn the office, blocking should be regulated by the company's internal rules.

If you rent a place and want to limit your neighbors' network access, it's best to:

  1. Change your Wi-Fi password to a complex one (for example, W7#pL9!kQ2@mN5).
  2. Turn on WPA3 (if the router supports it).
  3. Disable WPS (vulnerable to brute force).
  4. Create a guest network with limited speed.
⚠️ Please note: Some providers (eg. Rostelecom or Beeline) block changes to router settings if it's rented. In this case, please contact support to set up parental controls.

FAQ: Frequently Asked Questions

Is it possible to disconnect a user from Wi-Fi without knowing the password?

Yes, but only if you are connected to this network. Methods:

  • ARP spoofing (temporary effect).
  • Deauth attack (requires adapter with monitor mode).

Without a network connection, it is impossible to turn off the device (unless you control the router remotely).

How do I know who is connected to my Wi-Fi?

Methods:

  • Router admin panel (DHCP Clients).
  • Programs: Wireless Network Watcher, Fing (mobile version).
  • Command in Windows:
    arp -a
Why does the device still connect after blocking the MAC?

Possible reasons:

  • The device has changed its MAC address (many smartphones can do this automatically).
  • The router does not support MAC filtering (check settings).
  • The network is on DHCP Reservations (IP to MAC binding bypasses the filter).

Solution: Use a MAC + IP blocking combination or configure a firewall on your router.

Is it possible to disable the device permanently?

No, all methods provide a temporary effect:

  • MAC filtering remains in effect until the router is reset.
  • ARP/Deauth attacks require constant sending of packets.
  • Parental control works on a schedule.

To permanently block, you need to physically restrict access to the network (for example, turn off Wi-Fi on the router or change the password).

Which routers are best protected from unauthorized shutdown?

Models with advanced protection:

  • ASUS RT-AX88U (AI Protection, ARP attack blocking).
  • Netgear Nighthawk RAX120 (built-in firewall).
  • Ubiquiti UniFi (centralized management, anomaly detection).
  • MikroTik hAP ac³ (flexible firewall rules).

These routers are more difficult to hack, but they also cost more (from 10,000 rubles).