Detecting a drop in internet speed or blinking router lights when the router is idle is often the first sign that someone has connected to your network. Having neighbors or random passersby using your connection not only slows down your network but also creates serious risks of personal data leakage. Understanding How to determine whose Wi-Fi it is, is a basic home network administration skill that every owner of modern equipment needs.
There are several proven methods for identifying devices, from analyzing logs in the router's web interface to using specialized snails for deep traffic scanning. It's important not only to see a list of connected devices, but also to be able to correctly interpret technical data, such as MAC addresses and IP managers to distinguish your smart TV from someone else's smartphone. In this article, we'll cover all the stages of a security audit in detail.
It's worth starting with the most accessible methodโchecking through your router's administrative panel. This method doesn't require installing any additional software and provides the most accurate information about the current connection status in real time. However, for proper operation, you'll need physical access to the device and login credentials for the management system.
โ ๏ธ Please note: Router interfaces from different manufacturers (Keenetic, TP-Link, Asus, MikroTik) may vary significantly. Menu locations and item names may change after firmware updates, so please consult the official documentation for your model.
To access the control panel, open any browser and enter the gateway IP address in the address bar. Most often, this is 192.168.0.1 or 192.168.1.1However, in some configurations, the address can be changed by the administrator. After entering the authorization details (login and password, often found on a sticker on the bottom of the device), the main menu will open, where you should find the section related to the client list.
Depending on the equipment model, this section may be called Client List, Wireless Status, Client list or DHCP Server ListThis is where you'll see a table of all the devices that currently have an IP address from your router. The key parameter here is MAC address โ a unique identifier of the network interface, which is assigned by the manufacturer and is not repeated.
Compare the number of devices in the list with the number of gadgets you and your household actually use. If you see five connections, but you only have two phones and one laptop in your home, then three devices are excessive. Pay attention to the "Up Time" column: if a device has been active for several days without you leaving it on, this is a clear sign of unauthorized access.
One of the most reliable methods for identifying "tenants" is MAC address analysis. This 12-digit hexadecimal code (for example, 00:1A:2B:3C:4D:5E) allows you to accurately identify the manufacturer of the network module. Knowing the brand of the address allows you to quickly determine whether it's your new smartphone or your neighbor's unknown laptop.
To easily check the first six characters (OUI - Organizationally Unique Identifier), you can use online databases or built-in router functions. Many modern models, such as Keenetic or Asus, automatically pulls in vendor names (e.g., "Samsung Electronics," "Apple, Inc.", "Intel Corporate"). If you see a device listed as "Unknown" or a name that doesn't match your device, it's worth taking a closer look.
Below is a table with examples of MAC address prefixes from popular manufacturers that are most commonly found in home networks:
| Prefix (OUI) | Manufacturer | Typical devices | Probability of unauthorized access |
|---|---|---|---|
| 00:1B:63 | Intel Corporate | Laptops, PCs | Average |
| 3C:5A:B4 | Google Inc. | Chromecast, Android TV | Low (if you don't have a smart TV) |
| F4:F5:D8 | Apple, Inc. | iPhone, iPad, Mac | High (popular brand) |
| 00:26:F2 | TP-Link | IP cameras, repeaters | Average |
However, it is worth considering the MAC address randomization technology implemented in modern operating systems. iOS 14+ And Android 10+To protect privacy, smartphones can generate a random address when connecting to new networks. This means that the same device may appear in the list under different names or addresses if it has previously forgotten the network or if the "Private Wi-Fi Address" feature is enabled.
What is MAC address randomization?
This is a security feature that replaces a device's real physical address with a random character set when scanning networks or connecting. This prevents user tracking but complicates home network administration using whitelists.
If your router's built-in tools don't provide enough information, specialized utilities for PCs and smartphones can help. Third-party software often provides more detailed information, including connection speed, encryption type, and even the approximate location (by IP) of connected nodes.
For computers running Windows, an excellent tool is the utility Wireless Network Watcher from NirSoft. It scans the network and produces a report in the form of a convenient table, highlighting new devices. For macOS and Linux users, this is the ideal solution. Angry IP Scanner or console utility nmap, allowing for deep diagnostics of ports and services.
Smartphone owners can install applications like Fing or WiFi AnalyzerThey work directly with the phone's wireless module and create a network map, showing not only the connected devices but also the signal strength of each one. This helps determine where exactly the intruder isโbehind a neighbor's wall or right in your apartment.
- ๐ฑ Fing โ a leader among mobile scanners, it can identify the device model and operating system.
- ๐ป Advanced IP Scanner โ a fast scanner for Windows, requires no installation and shows shared folders.
- ๐ Network Analyzer Lite โ a powerful tool for iOS with Ping and Traceroute support.
- ๐ง Nmap โ a professional tool for in-depth security auditing, requires command line skills.
โ ๏ธ Warning: Using port scanners and traffic sniffers (such as Wireshark) on other people's networks without permission may be considered an attempt to gain unauthorized access. Use these tools only for auditing your own infrastructure.
Once you've successfully identified the intruder, you need to immediately block their access. Simply changing the password can be inconvenient, as it requires reconfiguring all your devices. A more effective and targeted method is to use MAC filtering.
This feature allows you to create a "whitelist" (Allow List) containing only trusted devices. All others, even with the password, will be unable to connect to the access point. An alternative option is a "blacklist" (Deny List), where you add the MAC address of an intruder, permanently blocking them from accessing the network.
โ๏ธ Algorithm for blocking an intruder
To activate filtering, go to the wireless network section of your router. Typically, the path looks like this: Wireless โ Wireless MAC FilteringEnable the feature, select the "Deny" rule, and add the intruder's MAC address. Once the settings are applied, the connection on their end will be terminated immediately.
However, an experienced user could attempt to clone the MAC address of your authorized device. Therefore, the best solution remains comprehensive protection: change the password to a complex one (at least 12 characters, including special characters), disable WPS (a quick connection technology that has vulnerabilities), and hide the SSID (network name) so it doesn't appear in the list of available networks.
Sometimes the list of connected devices may contain "ghost" entriesโentries that remain in the router's DHCP table even though the device has long since left the coverage area. This doesn't mean you've been hacked right now, but it does require clearing the leases cache for accurate diagnostics.
It's also worth checking your DHCP server settings. If the address lease time (Lease Time) is set too long (for example, a week), even disabled devices will remain active until the lease time expires. The optimal value for a home network is between a few hours and a day.
It's important to distinguish between an active connection and a simply reserved IP address. Static assignments can create the illusion of extra equipment. Carefully examine the "Online/Offline" or "Active/Idle" status in the router interface, if the manufacturer offers this option.
Regular network monitoring is the best preventative measure. Don't wait for the internet to completely disappear; instead, periodically, once a month, check your router settings. It only takes a couple of minutes, but it will save you from prolonged downtime and potential data leaks.
Modern routers such as Keenetic or systems Mesh, often have mobile apps that send push notifications when a new device is connected. Be sure to enable this feature in your device's security settings.
Remember that securing your network isn't a one-time action, but a process. Update your router firmware, use strong passwords, and don't share your Wi-Fi information with strangers unless necessary. Managing your client list is your primary tool for managing your home internet.
Can my neighbor steal my internet if I changed my password?
If you've changed your password to a strong one and MAC address filtering is enabled, it's virtually impossible to steal your internet connection. However, if your neighbor still has your old password and you haven't changed it, or if you have WPS enabled, access can be gained by brute-forcing your PIN. There's also a risk if one of your devices is infected with malware that transmits saved passwords.
Why does the device list show "Unknown" or strange characters?
This means the router can't automatically identify the device's manufacturer based on the MAC address. This often happens with budget Chinese gadgets, older phone models, or IoT devices (smart plugs, light bulbs) that don't transmit the correct hostname. In this case, rely solely on the MAC address.
Is it dangerous if someone else's phone connects to my Wi-Fi?
Yes, this carries risks. Firstly, your internet speed will decrease. Secondly, an attacker on the same local network could try to scan your open ports, access your network-attached storage (NAS), or intercept unencrypted traffic (if you visit websites without HTTPS). Thirdly, the owner of your ISP contract is formally responsible for your online activities (even illegal ones).
How to hide your Wi-Fi from neighbors?
To do this, disable SSID broadcasting in your router's wireless settings. This will make the network "hidden" and won't appear in the general list. To connect, you'll have to manually enter the network name and password on each new device. This won't provide 100% protection from hackers, but it will deter most casual users.