How to Track a Wi-Fi Connection: Step-by-Step Methods for Routers and Smartphones

Have you noticed your internet has slowed down, and your data usage is unusually high? Perhaps unauthorized devices have connected to your Wi-Fi network. Monitoring connections to your router isn't just a security issue, it's also a way to optimize your network. In this article, we'll cover the topic. All current methods for checking connected devices, from standard router functions to specialized applications.

Regardless of whether you are using a budget TP-Link or flagship ASUS RT-AX88U, the diagnostic methods will be similar. The main thing is to know where to look for information and how to interpret it correctly. We will also explain how detect hidden connections that are not displayed in the standard list of devices, and what to do if you find an unfamiliar device on your network.

1. Checking connected devices via the router's web interface

The most reliable and universal way is to access your router's control panel. This doesn't require any additional software; a browser on your computer or smartphone is sufficient. Most modern routers (Keenetic, MikroTik, Zyxel) provide detailed information about all connected gadgets, including their MAC addresses, IP and even the history of activity.

To open the web interface:

  • 🌐 Enter in the address bar of your browser 192.168.0.1 or 192.168.1.1 (the exact address is indicated on the router sticker).
  • 🔑 Enter your login and password (usually by default admin/admin or admin/password).
  • 📊 Find the section DHCP clients, Wireless network or Devices (the name depends on the model).
📊 What router are you using?
TP-Link
ASUS
Keenetic
MikroTik
D-Link
Another

In some routers (for example, ASUS with firmware Asuswrt-Merlin) there is a function Network Map, which visually displays all connected devices, their type (smartphone, laptop, smart speaker), and even the bandwidth consumed. If your router doesn't support this option, pay attention to the column MAC address — it can be used to identify the device manufacturer through special databases (we will discuss this below).

⚠️ Attention: If you have never changed the password for the router control panel, do it right now. Standard combinations (admin:admin) are known to hackers, and they can gain access to your network settings.

2. Using mobile apps to monitor Wi-Fi

If accessing your router settings is inconvenient, you can use mobile apps. They scan the network and display all connected devices, often with additional information such as traffic consumption, connection time, and even potential vulnerabilities.

Top 3 apps for Android And iOS:

  • 📱 Fing — identifies devices by MAC, shows open ports and notifies about new connections.
  • 🛡️ NetScan — scans the network for unauthorized devices and offers to block them.
  • 🔍 WiFi Guard — compares current connections with a "white list" and alerts you to new gadgets.

Example of working with Fing:

  1. Download the app from Google Play or App Store.
  2. Connect to your Wi-Fi network.
  3. Click Scan — after 10-20 seconds a list of devices will appear.
  4. Click on any device to see it MAC, manufacturer and activity history.

Please note: Some applications (eg. NetScan) require root rights on Android for deep network analysis. Without them, functionality will be limited.

3. MAC Address Analysis: How to Find Out the Device Manufacturer

Each network device is assigned a unique MAC address, the first 6 characters of which indicate the manufacturer. For example, addresses of the form 00:1A:79 belong Samsung, A 3C:5A:B4Google (devices Nest or Chromecast).

To determine the manufacturer by MAC:

  1. Copy MAC address from the list of connected devices (for example, B8:27:EB:12:34:56).
  2. Enter the first 6 characters (before the colon) in the search bar along with the word MAC vendor lookup.
  3. Use specialized services:
MAC prefix Manufacturer Typical devices
00:0A:F5 Apple iPhone, MacBook, iPad
00:90:0B Cisco Routers, switches
28:CF:DA Amazon Echo, Kindle, Fire TV
78:31:C1 Xiaomi Smartphones, smart lamps, robot vacuum cleaners
B0:48:7A TP-Link Routers, signal repeaters

If a device with MAC, which doesn't match any of your gadgets, is cause for concern. However, keep in mind: some devices (such as smart speakers) can change MAC at each connection.

⚠️ Warning: Attackers may counterfeit MAC address, mimicking a legitimate device. If you see two identical MAC on the network is a sure sign of an attack.

4. Viewing a list of devices via the command line (Windows, macOS, Linux)

For experienced users, there's a way to check connected devices without third-party software: via the command line. This method works on all operating systems and doesn't require any additional software.

For Windows:

arp -a

This command will show the table ARP (Address Resolution Protocol), where all the IP And MAC addresses devices on the local network. To update the data, first do the following:

ipconfig /release

ipconfig /renew

For macOS/Linux:

nmap -sn 192.168.1.0/24

This command will scan everything IP addresses in the range 192.168.1.1192.168.1.255 and will display a list of active devices. If your network uses a different range (for example, 192.168.0.x), replace him in the team.

Scan the ARP table (arp -a)

Renew DHCP (ipconfig /release + ipconfig /renew)

Check active IPs (ping 192.168.1.1 - 192.168.1.255)

Compare MAC addresses with known devices-->

If you see unfamiliar characters in the command output MAC addresses, write them down and check them using manufacturer identification services. Pay attention to devices with IPissued by your router (usually in the range 192.168.x.x), - they are definitely connected to your network.

5. How to detect hidden connections (spoofing, MITM attacks)

Not all connections appear in the standard lists. Attackers can use:

  • 🕵️ MAC address spoofing — replacing the address with a legitimate one (for example, your smartphone).
  • 🔄 ARP spoofing — redirecting traffic through the attacker's device.
  • 🌐 Connecting via a guest network (if it is enabled in the router).

To identify such connections:

  1. Disconnect all your devices from Wi-Fi and check if there are still active connections in the router.
  2. Use a traffic analyzer (For example, Wireshark) to detect suspicious activity.
  3. Check your DHCP settings - if devices with IP, not in your range, this is a sign of an attack.
Signs of a MITM attack

If your browser displays a warning about an untrusted certificate when visiting HTTPS websites, your traffic may be being intercepted. Also, pay attention to any sudden, unexplained drops in internet speed.

For deep analysis you can use Wireshark:

  1. Download and install the program from the official website.
  2. Select network interface (Wi-Fi adapter).
  3. Run a packet capture and filter traffic by protocol ARP.
  4. If you see duplicates ARP requests from one device, this may be a sign of an attack.
⚠️ Warning: If you find unauthorized connection, immediately change your Wi-Fi password And disable WPS (This is a vulnerable protocol that can be easily hacked).

6. Setting up notifications about new connections

To avoid manually checking the device list, you can set up automatic notifications about new connections. This is especially useful for office networks or homes with a large number of devices.

Ways to set up notifications:

  • 📧 Via a router: some models (ASUS, Keenetic) support sending email or push notifications when a new device appears.
  • 🤖 Through applications: Fing or GlassWire may signal new MAC addresses on the network.
  • 🔧 Through scripts: on routers with support OpenWRT or DD-WRT You can write a script that will compare current connections with a "white list".

An example of setting up notifications on a router Keenetic:

  1. Log into your router's web interface.
  2. Go to the section Manage → Notifications.
  3. Enable the option New devices on the network.
  4. Enter your email for notifications or connect Telegram bot.

If your router does not support notifications, use IFTTT (automation service) along with the application FingCreate a rule: "If a new device appears on the network → send a push notification to the smartphone."

7. What to do if you find a foreign device on the network

Found an unfamiliar one MAC address or a device with a suspicious name? Follow these steps:

  1. Check your guests: It could be a friend's smartphone or a smart speaker you forgot about.
  2. Lock your device:
    • In the router's web interface, find the section MAC filtering or Blacklist.
    • Add suspicious MAC address to the blocked list.
  • Change your Wi-Fi password:
    • Use a complex combination of 12+ characters with numbers and special characters.
    • Turn it off WPS - This protocol is vulnerable to brute force attacks.
    • Enable guest network For temporary connections (for example, with friends). Keep the main network for your own devices only.
    • Update your router firmware: Manufacturers regularly patch vulnerabilities in older versions of software.

    If a suspicious device continues to appear even after changing the password, it may mean:

    • 🔄 Your router is infected with malware (for example, VPNFilter).
    • 📡 Someone is connecting via WPS or a vulnerability in the firmware.
    • 🏠 The neighbor is using repeater, which replicates your network.

    In such cases only help Full reset of the router to factory settings followed by a complete setup from scratch. Don't forget to save your configuration (if any) before resetting.

    FAQ: Frequently Asked Questions about Wi-Fi Connections

    Is it possible to track Wi-Fi connections without access to the router?

    Yes, with the help of mobile apps like Fing or NetScanThey scan the network and display all connected devices, but they can't block them—that requires access to the router's settings.

    How do I know who is connected to my Wi-Fi if they don't have a name (just a MAC address)?

    Use manufacturer identification services by MAC (For example, MAC Vendors). If the address belongs to an unknown brand or has been changed (spoofed), this is a cause for concern.

    Can my neighbor connect to my Wi-Fi if I hide the network name (SSID)?

    Hiding SSID It doesn't protect against connections—an experienced user can find the network by scanning the airwaves. It's better to use complex password And WPA3-encryption.

    How to block a device by MAC address on a TP-Link router?

    Go to the web interface, go to Wireless Mode → MAC Filtering, add the address to the blacklist, and save the settings. Don't forget to enable filtering!

    What is ARP spoofing and how to protect yourself from it?

    This is a type of attack in which the attacker replaces MAC address on the local network, redirecting traffic through your device. Protection:

    • Use static ARP entries in the router.
    • Turn it off WPS and update the firmware.
    • Install an antivirus with a network protection module (for example, Kaspersky Internet Security).