How to Check Who's Connected to My Wi-Fi Using the Command Line: A Complete Guide

Have you noticed that your internet speed has suddenly dropped, and the activity indicator on your router is blinking more frequently than usual? Perhaps unauthorized devices have connected to your Wi-Fi network—neighbors, random passersby, or even hackers exploiting security vulnerabilities. Don't rush to change your password or call your provider: first, check the list of connected devices using command line.

This method works on Windows, Linux And macOS, requires no additional software installation, and provides accurate information about all active clients—including hidden devices that aren't visible in the router's web interface. In this article, you'll find:

  • 🔍 Step-by-step commands for each operating system with explanations
  • 📊 How to decipher MAC addresses and determine the manufacturer of the device
  • 🛡️ Blocking methods unwanted connections without resetting your router
  • ⚠️ Typical mistakes, due to which the command line may show incorrect data

Why the command line is better than the router's web interface

Most users log into the router control panel (usually at 192.168.0.1 or 192.168.1.1) and view the list of connected devices there. However, this method has critical drawbacks:

  • 🕶️ Hidden devices: Some routers do not show clients in bridged mode or with DHCP disabled
  • 🔄 Update delay: The web interface may display data with a delay of up to 5-10 minutes
  • 📵 Limited information: MAC addresses or IP addresses are often missing, making device identification difficult

The command line gives real-time network status, including:

  • 🖥️ IP addresses all connected devices
  • 🔢 MAC addresses (unique identifiers of network cards)
  • 📡 Connection type (wired or wireless)
  • ⏱️ DHCP lease time (helps identify "ghosts" - devices that have been disconnected for a long time, but are still listed on the network)
📊 How often do you check the devices connected to your Wi-Fi network?
Never
Once every few months
Every month
Only when I notice problems

Preparation: What you need to know before the test

Before entering commands, make sure that:

  1. Your computer is connected to the same Wi-Fi network you are testing (either via cable or wirelessly).
  2. You have administrator rights (for some commands in Windows).
  3. You know Your router's IP address (usually 192.168.0.1, 192.168.1.1 or 192.168.8.1).

If the router's IP is unknown, find it out:

  • 🪟 In Windows: open command prompt (Win + R → enter cmdEnter) and run:
    ipconfig | findstr"Default Gateway"
  • 🐧 In Linux/macOS: in the terminal, enter:
    netstat -rn | grep default

Also prepare a list allowed MAC addresses your devices (smartphones, laptops, smart speakers, etc.). They can be found:

  • 📱 On Android: Settings → About phone → General information → Wi-Fi MAC address
  • 🍎 On iPhone: Settings → General → About → Wi-Fi Address
  • 💻 On Windows: command line → ipconfig /all (look for the line "Physical address")
What is a MAC address and why is it important?

A MAC (Media Access Control) address is a unique 12-digit identifier assigned to a network card by the manufacturer. It appears as six pairs of characters separated by colons or hyphens (e.g., 00:1A:2B:3C:4D:5E). Unlike an IP address, which can change, a MAC address remains constant (unless it's spoofed). This allows for accurate identification of a device, even if its IP address has changed.

Method 1: Checking via the ARP table (Windows, Linux, macOS)

The most universal method is viewing ARP tables (Address Resolution Protocol). This table stores the mappings between the IP and MAC addresses of all devices on the local network.

For Windows

  1. Open Command Prompt as Administrator (Win + XTerminal (Administrator)).
  2. Enter the command to scan the network:
    arp -a
  3. Look for IP addresses from your subnet in the output (e.g. 192.168.0.x or 192.168.1.x).

For Linux/macOS

In the terminal, run:

arp -n

Key -n Displays addresses in numerical format (without attempting to resolve hostnames), which speeds up output.

Sample output (Windows):

Interface: 192.168.0.100 --- 0x12

Internet Address Physical Address Type

192.168.0.1 aa-bb-cc-dd-ee-ff dynamic

192.168.0.101 11-22-33-44-55-66 dynamic

192.168.0.105 ff-ee-dd-cc-bb-aa dynamic

In this example, three devices (a router and two clients) are connected to the network. Compare the MAC addresses with your list of approved devices.

Update the table with the command arp -d * (Windows) or sudo ip -s -s neigh flush all (Linux)

Wait 1-2 minutes and perform arp -a again

Ping suspicious IPs (ping 192.168.0.105) - active devices will respond and update their ARP entry

Use arp -a | findstr"dynamic" (Windows) to filter only active clients

-->

Decoding the results

Field What does it mean? Example
Internet address (IP) Local IP of the device on the network 192.168.0.101
Physical address (MAC) Unique identifier of the network card 11-22-33-44-55-66
Type dynamic — the device is active, static - manual recording dynamic
Interface The network card through which the device was discovered 192.168.0.100 --- 0x12

Method 2: Scanning the network using Ping + ARP (advanced method)

The ARP table only shows devices that your computer has already communicated with. To find all active clients on the network, including those that did not exchange packets with your PC, use the combination ping And arp.

Instructions for Windows

  1. Find out the IP address range of your network. For example, if your IP 192.168.0.100, and the subnet mask 255.255.255.0, then the range is 192.168.0.1192.168.0.254.
  2. Create a file (eg. scan.bat) with the following contents:
    @echo off
    

    for /L %%i in (1,1,254) do (

    ping -n 1 192.168.0.%%i | find"TTL="

    )

    arp -a > devices.txt

  3. Run the file as administrator and wait for it to complete (it will take 2–5 minutes).
  4. Open the file devices.txt — there will be a list of all devices that responded.

Instructions for Linux/macOS

In the terminal, run:

for ip in $(seq 1 254); do ping -c 1 192.168.0.$ip | grep"bytes from" & done; arp -n

Replace 192.168.0. to your subnet.

This method forces all active devices to respond to a ping request, after which their data is entered into the ARP table. Please note:

  • ⚡ Some devices (for example, smartphones in power saving mode) may ignore ping.
  • 🛡️ Routers with enabled AP Isolation (client isolation) blocks the exchange of packets between devices on the network.
  • ⏳ Scanning 254 addresses takes time - do not interrupt the process.

How to determine the manufacturer of a device by its MAC address

The first 6 characters of the MAC address (prefix OUI) indicate the manufacturer of the network card. For example:

  • 2C:56:DCApple
  • 78:31:C1Xiaomi
  • B8:27:EBRaspberry Pi
  • 00:0A:F7Cisco

To find out the manufacturer:

  1. Take the first 6 characters of the MAC address (eg. 11:22:33).
  2. Search for them in the database MAC Vendors or enter a query like this into Google MAC vendor 11:22:33.

Example of transcript:

MAC address Prefix (OUI) Manufacturer Probable device
A4:83:E7:12:F5:89 A4:83:E7 Huawei Smartphone, router, modem
3C:5A:B4:90:21:45 3C:5A:B4 Google Google Nest, Chromecast, Pixel
74:23:44:AB:CD:EF 74:23:44 Amazon Technologies Echo Dot, Fire TV Stick

If the manufacturer is unknown or the MAC address starts with 02:00:00, 00:00:5E - it could be:

  • 🌐 Virtual device (VPN, virtual machine).
  • 🔧 Network equipment (switches, access points).
  • ⚠️ Fake MAC (some hacking tools mask addresses).
Is it possible to spoof a MAC address?

Yes, that's what it's called MAC-spoofingIn Windows this is done through Device Manager → Network Adapters → Properties → Advanced → Network AddressIn Linux - with the command sudo ifconfig eth0 hw ether 00:11:22:33:44:55However, after rebooting the router or changing the IP, the fake MAC address may disappear if it is not statically assigned.

How to block an unwanted device

If you find a foreign MAC address on your network, there are several ways to block it:

Method 1: Via the router's web interface

  1. Go to your router's control panel (usually 192.168.0.1 or 192.168.1.1).
  2. Find the section MAC Filter, Security or Access control.
  3. Add the suspicious MAC address to the blacklist (Blacklist).
  4. Save the settings and reboot the router.

Method 2: Change your Wi-Fi password

The most reliable method is to change the network password:

  1. In the router's web interface, go to Wireless → Security.
  2. Select encryption type WPA2-PSK or WPA3-PSK.
  3. Create a complex password (at least 12 characters, with numbers and special characters).
  4. Save the changes - all devices will be disconnected and will need to reconnect.

Method 3: Enable MAC address filtering (whitelist)

This is a radical method, but it ensures that only authorized devices can connect to the network:

  1. Find it in your router settings MAC Filter.
  2. Select mode Whitelist (white list).
  3. Add the MAC addresses of all your devices.
  4. Save and reboot the router.

Common mistakes and how to avoid them

When checking devices via the command line, users often encounter the following problems:

⚠️ Attention: If your router issues IP addresses via DHCP, but devices with IPs outside the DHCP range appear in the ARP table (for example, 169.254.x.x), this is a sign of an IP conflict or incorrect network settings. Check the DHCP settings in the router's web interface.
  • 🔌 The computer is connected via cable, but Wi-Fi clients are not displayed.:

    The ARP table only shows devices on your subnet. If your router isolates wired and wireless clients (a feature AP Isolation), they won't be visible to each other. Solution: Connect to Wi-Fi or check the list of devices in the router's web interface.

  • There are many "dead" entries in the ARP table.:

    ARP entries are cached and may remain even after the device is disconnected. Clear the cache with the command arp -d * (Windows) or sudo ip neigh flush all (Linux), then rescan.

  • 📵 Some devices do not respond to ping:

    Modern operating systems (especially mobile ones) ignore ping by default. Use specialized utilities like nmap for deep scanning:

    nmap -sn 192.168.0.0/24

If after all manipulations unknown devices remain on the network:

  • 🔄 Check if guest devices are connected to the router via WPS (disable this feature in settings!).
  • 📡 Make sure your Wi-Fi is not being shared again Repeater or Mesh system (they can mask real MAC addresses).
  • 🛠️ Update your router firmware—older versions contain vulnerabilities that allow you to connect without a password.

FAQ: Frequently asked questions about checking Wi-Fi via the command line

Is it possible to find out what device is hidden behind a MAC address?

It's impossible to accurately determine the device model by MAC, but you can narrow it down:

  1. Check MAC prefix (first 6 characters) through the database MAC Vendors - this will show the manufacturer (for example, Apple, Samsung).
  2. Try connecting to the device via IP telnet or http (For example, enter the IP address into the browser's address bar). Some routers, printers, or IP cameras have a web interface.
  3. Use utilities like Fing (mobile application) for scanning ports and determining the device type.

If the MAC address starts with 00:00:00, 00:50:56 (VMware) or 00:0C:29 (VirtualBox) is a virtual machine.

Team arp -a Only the router shows. Why?

This happens if:

  • Your computer hasn't communicated with other devices on the network (for example, you just connected). Solution: Ping the broadcast address:
    ping 192.168.0.255

    Then repeat arp -a.

  • Client isolation is enabled (AP Isolation) — the router is blocking traffic exchange between devices. Solution: Check your router settings or connect to it via cable.
  • Devices are using static IP addresses outside the DHCP range. Solution: Check the range of addresses being assigned in the router settings (section DHCP).
How do I permanently block a device so it can't connect even after resetting the router?

Static MAC blocking is reset when the router is reset to factory settings. To permanently block the device:

  1. Change network name (SSID) And password into complex ones (for example, MyWiFi_5Ghz_2026!@#).
  2. Turn it off WPS And UPnP in the router settings.
  3. Turn on MAC filtering in whitelist mode and add only your devices.
  4. Update your router firmware to the latest version (fixes vulnerabilities that allow you to bypass blocking).
  5. If your router supports it, enable it. 802.11w (Protected Management Frames) - this protects against attacks like Deauthentication.

For maximum protection, consider using VLAN (virtual networks) or guest Wi-Fi with a separate password.

Is it possible to find out which websites a connected device is visiting via the command line?

No, the command line doesn't provide this capability. To monitor device traffic on your network, you'll need:

  • 📊 Specialized routers with support DNS logs or NetFlow (For example, Asus RT-AX88U, Ubiquiti UniFi).
  • 🛠️ Sniffer programs like Wireshark (require skills in working with network protocols).
  • 🌐 Cloud services type OpenDNS or Pi-hole (block and log DNS requests).
⚠️ AttentionTracking other devices' traffic without their consent may violate privacy laws (e.g., Article 138 of the Russian Criminal Code, "Violation of the Secrecy of Correspondence"). Use these methods only on your own devices or with the permission of their owners.
Why does the device still connect after blocking the MAC address?

Possible reasons:

  • 🔄 Device spoofs MAC address (This can be done programmatically). Solution: Use a combination of MAC blocking and network password change.
  • 📡 The router reset to factory settings, and filtering is disabled. Solution: Check the settings after rebooting.
  • 🔌 The device is connected via guest network or second access point (for example, if the router is operating in mode Repeater). Solution: Disable guest Wi-Fi or check all available networks.
  • 🛡️ It's enabled in the router DMZ or Port Forwarding for this MAC address. Solution: Check the section Redirection in the settings.

If the problem persists, try:

  1. Update the router firmware.
  2. Reset the router to factory settings and configure it again.
  3. Use third-party firmware (eg. DD-WRT or OpenWRT), if your router is supported.