A sudden drop in internet speed or intermittent connection interruptions are often the first warning signs for home network owners. When you're not downloading large files, watching 4K videos, or playing online games, and your router's lights continue to flash wildly, it can only mean one thing: someone is using your WiFi. Unauthorized access access to your access point not only steals the megabytes you've paid for, but also puts personal data stored on computers and smartphones within the local network at risk.
Modern hackers or simply the freeloaders from the next door apartment can use sophisticated methods to bypass simple passwords. Understanding that How to check who is using your WiFi, is a basic digital hygiene skill for every user. In this article, we'll explore professional traffic analysis methods, using built-in router tools, and third-party software to give you complete control over your home network's perimeter.
The first step should always be to diagnose the current situation without panicking. Background operating system updates are often the cause of the load. Windows or syncing photos to the cloud on a smartphone. However, if after checking all legitimate devices, the "extra" clients persist, it's necessary to take active steps to identify the offender.
Analysis of indicators and primary diagnostics
Before running complex port scanners or delving into your router's settings, it's worth paying attention to the device's physical interface. A WLAN or WiFi indicator that stays lit or flashes even when all your devices are off or in airplane mode clearly indicates activity on the air. primary signal, requiring further research.
Modern routers from manufacturers like TP-Link, Asus or Keenetic Wi-Fi networks often have dedicated buttons for quickly checking their status. Pressing the WiFi button or using the manufacturer's mobile app can instantly display the number of active connections. If the number exceeds the number of devices you have, the problem is confirmed.
β οΈ Important: Don't rely solely on blinking lights, as some router models may display status incorrectly due to software issues. Always double-check the data using software.
For an accurate diagnosis, it's important to exclude background activity on your own devices. Check if a torrent client is running, or if games are updating. Steam Or downloading movies to a smart TV. Only after ensuring your devices are "asleep" can you detect an external intrusion.
Using the router's web interface
The most reliable and accurate way to see a complete picture of your connections is to log into your router's admin panel. This displays MAC addresses All devices currently connected to the network. To log in, enter the gateway IP address (usually 192.168.0.1 or 192.168.1.1) in the browser's address bar.
After logging in (the default login and password are often found on a sticker on the bottom of the device), find a section called "Client List," "DHCP Client List," "Wireless Status," or "Network Map." In this section, you'll see a table with device names, IP addresses, and MAC addresses.
Compare the list with the gadgets you have. Unknown device with the name Unknown or a strange set of charactersβthis is a likely intruder. Below is an example table of what the connection list in the interface might look like:
| Device name | IP address | MAC address | Connection type |
|---|---|---|---|
| iPhone-Alex | 192.168.1.5 | A4:83:E7:XX:XX:XX | Wireless |
| PC-Gaming | 192.168.1.10 | D8:50:E6:XX:XX:XX | LAN |
| Unknown Device | 192.168.1.15 | BC:24:11:XX:XX:XX | Wireless |
| Smart-TV-LG | 192.168.1.20 | 00:1E:75:XX:XX:XX | Wireless |
If you detect a suspicious MAC address, block it immediately using the "Blacklist" or "MAC Filter" function in the same menu. This action will terminate the intruder's connection even without changing the WiFi password, although changing the access key is still recommended.
βοΈ Router security check
Specialized software for network scanning
If access to your router is difficult or you want to conduct an analysis from a mobile device, specialized utilities will come to the rescue. Programs like Fing, Wireless Network Watcher or Angry IP Scanner can work wonders by displaying detailed information about every node in the network.
Application Fing, available on Android and iOS, scans the network in seconds and not only displays the IP and MAC address but also identifies the device manufacturer (e.g., Apple, Samsung, Intel). This greatly simplifies identification: if you see a device from a manufacturer you don't own, it's a clear sign of hacking.
For PC users, an excellent choice would be Wireless Network Watcher from NirSoft. This utility requires no installation and displays a list of all active hosts immediately upon launch. It can sound the arrival of a new device, allowing you to catch intruders red-handed in real time.
β οΈ Warning: Some antivirus programs may detect network scanners as potentially unwanted programs (PUPs), as they are used by hackers for reconnaissance. Use only verified software from official websites.
Using such programs offers more flexibility than the standard router interface. You can save connection logs, view the history of device appearances, and even identify open ports on devices within the network, which is useful for general network management. security diagnostics.
Why does the scanner show more devices than there actually are?
Scanners often display virtual adapters, network printers, IoT light bulbs, and even your neighbors' devices if local network discovery is enabled, but they're not necessarily connected to your WiFi network; they're simply visible in the general ARP table.
Mobile applications for Android and iOS
Smartphone owners don't need to reach for a computer to check their network. Mobile platforms offer powerful tools for network administration. Apps like Network Scanner or WiFi Analyzer allow you to conduct an audit directly from your phone.
The unique feature of mobile scanners is that they can work even without root access (although functionality may be limited). They show not only who is connected, but also the signal strength (RSSI) from each device. If you see a device with a signal level of -30 dBm, and your phone is in a distant room, then the "neighbor" is very close to the router.
However, basic information about IP and MAC addresses can also be obtained from devices Apple.
Signs of hidden mining and botnets
The situation becomes critical if your "neighbor" isn't just watching YouTube, but is using your channel for illegal activities. Attackers can infiltrate your network to use your devices for cryptocurrency mining or including them in a botnet for DDoS attacks.
The main sign of such activity is a constant, 100% upload bandwidth utilization, even when you're not sending anything. The router may become extremely hot, and the internet may become completely unavailable for the payload. Router logs may show thousands of requests per second to external IP addresses.
If you discover a device generating significant traffic connected to your network, and it's not your server or a surveillance camera, you should isolate the network immediately. Doing so could result in your IP address being blacklisted internationally.
β οΈ Note: Interfaces and menu names may vary between router manufacturers (Asus, TP-Link, D-Link, Keenetic). Always consult the official documentation or the help in your provider's account if you are using rented equipment.
Methods of protection and blocking of intruders
Once the intruder has been identified, you need to block their access. The simplest, but time-consuming, way is to change the WiFi password. However, if you have a lot of smart devices, resetting them will take time. A more elegant way is to use MAC filtering.
The method involves creating a "whitelist" of allowed MAC addresses. The router will only allow devices on this list onto the network, ignoring all others, even if they know the correct password. This is the most reliable method of perimeter protection.
It is also worth disabling the function WPS in the router settings. This technology is designed for fast connections, but it has vulnerabilities that allow someone to brute-force a PIN and gain network access within a few hours.
Don't forget to update your router firmware regularly. Manufacturers are constantly patching security holes that could allow hackers to gain administrative access to the device. An outdated firmware version is an open door for anyone who knows how to use Google.
Frequently Asked Questions (FAQ)
Can my neighbor hack my WiFi if I have a strong password?
Theoretically yes, if the outdated WEP encryption protocol is used or there is a vulnerability in WPS. However, when using WPA2-PSK or WPA3 and a password longer than 12 characters with special characters, brute-force cracking would take hundreds of years, making it impractical.
What should I do if I changed my password but my speed hasn't increased?
The problem may not be WiFi theft, but rather interference from neighboring routers on the same frequency, a faulty ISP cable, or overheating of your equipment. Try changing the WiFi channel in your router settings or rebooting the device.
Does the router owner see what websites I visit?
The router owner (administrator) can see DNS request logs, meaning the domain names of the websites you visit. However, they won't be able to see the contents of your conversations or passwords on HTTPS websites due to encryption.
How to hide your WiFi network from strangers?
You can disable broadcasting in your router settings. SSID (network name). In this case, the network will not appear in the list of available networks on neighbors' phones. Connecting to it will only be possible by manually entering the network name and password.