How to find out who's connected to Wi-Fi: methods and protection

A sudden drop in internet speed, constant lag in games, or video buffering at the most inopportune moments are often the first signs that your network isn't as secure as you thought. Many users aren't even aware that neighbors or more sophisticated attackers may have cracked your password long ago and used your traffic for their own purposes. Understanding who is connected to your router, is a fundamental skill for any home network owner.

Fortunately, modern routers and software make it relatively easy to audit connected clients. You don't need to be a networking expert or have sophisticated hacking tools to see a list of all active MAC addresses. Access to the device's administrative panel or specialized local network scanning utilities are sufficient.

In this article, we'll take a detailed look at all the available methods for identifying Wi-Fi "freeloaders." We'll cover both standard methods via the router's web interface and the use of third-party software for in-depth analysis. You'll also learn how to distinguish your smart kettle from someone else's laptop and what to do if you find unfamiliar equipment on the list.

Indirect signs of unauthorized access

Before turning to technical diagnostic tools, it's worth paying attention to indirect symptoms that may indicate channel overload with unauthorized subscribers. Data transfer rate — This is the first and most obvious indicator. If your provider guarantees 100 Mbps, but you're barely getting 10 Mbps with no active downloads, that's cause for concern.

However, low speeds can also be caused by other factors: interference from neighboring routers, physical wear and tear on the cable, or issues with the provider. Therefore, relying solely on perceived speed isn't an option. A more accurate, though less noticeable to the average user, indicator is blinking lights on the router. If the Wi-Fi data transfer light (usually labeled WLAN or Wireless) blinks frequently and erratically, even when all your devices are off or in sleep mode, it means active data transfer is occurring.

⚠️ Warning: The router's lights may flash due to background operating system updates or smart devices (cameras, sensors). Don't panic until you've performed a full check.

Another warning sign could be the inability to access your router's settings. If you try to access the address 192.168.0.1 or 192.168.1.1, and the page doesn't load or asks for a password that you haven't changed (and it doesn't work), there's a good chance someone has changed your security settings or restricted access for your IP address.

📊 How often do you check the list of connected devices?
Once a month
Only if the internet is slow
I don't know how to do this at all.
Never, I have a complex password.

Checking via the router's web interface

The most reliable and accurate way to get the full picture is to look "under the hood" of your router. The administrator's web interface displays all devices that have received an IP address from the router's DHCP server or are statically connected. First, connect to the router's network (via cable or Wi-Fi) and enter the gateway IP address in the browser's address bar.

Interfaces vary from manufacturer to manufacturer, but the logic is the same. You need to find the section usually called Wireless, WLAN, Client List or DHCP ServerIn modern routers from Keenetic, TP-Link or Asus There is often a separate tab called "Network Map" or "Client List" where all connected gadgets are displayed graphically with their names.

Difficulty may arise with identifying devices. Often in the list you will see names like Android-12345, Unknown Device Or simply a string of MAC address numbers. To figure out which is which, it's recommended to temporarily disable Wi-Fi on your devices and see which lines disappear from the list. The remaining "ghosts" will be the ones using your internet.

☑️ Router verification algorithm

Completed: 0 / 5

If you see a device you can't identify, write down its MAC address. This unique identifier for the network card will help you block it later.

Using third-party network scanners

If access to the router's admin panel is blocked or you want to conduct a more in-depth analysis from a mobile phone, specialized scanner apps can help. They work by sending requests to all possible addresses on the local network and analyzing the responses. One of the most popular and functional tools is the app Fing, available for Android and iOS.

These programs don't just display a list of IP and MAC addresses. They can identify the network card manufacturer by the first three bytes of the MAC address (OUI). This allows you to immediately understand: if you don't have any equipment at home Apple, and an iPhone appears on the list, meaning someone else has connected to the network. Scanners can also display open ports and the operating system of the connected device.

Using scanners is especially convenient because they often have a database of device names. Instead of dry B8:27:EB:xx:xx:xx You'll see the words "Raspberry Pi" or "Samsung TV." This greatly simplifies the process of inventorying a smart home, where dozens of sensors can have obscure manufacturer names.

Are third-party scanners safe?

Apps like Fing or Network Analyzer run locally. They don't transmit your passwords or personal data to their servers; they only scan your local network. However, always download software only from official stores like Google Play or the App Store to avoid counterfeits containing malicious code.

It's worth noting that for the scanners to work, your phone and the device being tested must be on the same subnet. If AP Isolation is enabled on your router, the scanner may not see other devices, even though they will technically have internet access. In this case, testing is only possible through the router's web interface.

Identifying devices by MAC address

Once you've received a list of connected clients, the fun part begins—the detective work. Every network interface in the world has a unique MAC address, consisting of 12 hexadecimal digits. The first six digits (the first three bytes) are called the OUI (Organizationally Unique Identifier) ​​and are assigned to a specific equipment manufacturer.

Knowing the manufacturer can help you narrow down your search. For example, if you see a device from Hon Hai Precision Ind., it's most likely a laptop or a network card in a TV. If it appears on the list Espressif or Tuya — this is some kind of smart home module (a light bulb, a socket). Addresses starting with certain combinations can point to virtual machines or specific adapters.

For ease of comparison between major manufacturers, we provide a table of common MAC address prefixes commonly found in home networks:

MAC prefix (example) Manufacturer Typical device Trust status
Apple, Inc. Apple iPhone, iPad, Mac High (if you have one)
Samsung Electro Samsung TV, refrigerator, telephone High
Hon Hai Precision Foxconn Laptops, network cards, printers Average (needs verification)
Unknown / Random Unknown Hidden adapter, someone else's phone Low (requires attention)

If you discover a device from an unknown manufacturer or one you definitely don't have at home, don't panic. It could be an old, forgotten gadget in the closet that just got plugged into the network. But if there are multiple such devices and they're showing high network activity, it's time to act.

Methods of blocking and protecting the network

Once the "enemy" has been identified, it must be neutralized. The simplest, but least secure, method is to change the Wi-Fi password. This will disconnect all users, including your household, who will have to re-enter the new key on all devices. The attacker, unless physically connected, will no longer be able to access the network, but this method requires time to reconfigure all devices.

A more professional approach is to use Blacklist (blacklist) in the router settings. Once you find the offending MAC address in the client list, you can add it to the blacklist. The router will then ignore any connection attempts from that address, even if the Wi-Fi password is correct. This prevents internet disruption for other users.

However, an experienced user can spoof (change) their MAC address to one permitted on your network. Therefore, the best defense is a comprehensive approach:

  • 🔒 Change password complex (minimum 12 characters, letters of different upper and lower case, numbers).
  • 🛡️ Enabling WPA2/WPA3 encryptionThe outdated WPA/WEP protocol can be cracked in minutes.
  • 🚫 Disabling WPSThe quick connect feature often has vulnerabilities that make it easy to guess the PIN code.
  • 📡 Hiding the SSIDYour network name will not be broadcast over the air, and you can only connect by manually entering the network name.

⚠️ Please note: Hiding the SSID is not complete security. The network can still be detected by special scanners, and for some smart devices (such as vacuum cleaners or cameras), connecting to a hidden network may be technically impossible or unstable.

Activity and traffic analysis

Simply seeing a connected device isn't enough—it's important to understand what it does. Some modern routers (for example, Keenetic with installed NetFilter or Mikrotik) allow you to view traffic statistics in real time. If an unknown device is downloading torrents or mining cryptocurrency, it will consume a significant portion of your bandwidth.

Pay attention to ports. If you have an IP camera or smart lock connected to your network and you haven't reset their factory passwords, an attacker could be using them as an entry point. They might not be "stealing" your Wi-Fi, but rather already be inside your local network through a vulnerability in the device itself. Checking the list of connected devices can also help identify such "Trojan horses."

Regular monitoring is the best prevention. Get into the habit of checking your client list once a month. The number of devices in your home is growing, and it's easy to forget that you bought a new smart light bulb or game console. Keeping track of them helps you stay on top of your security.

Can my neighbor steal my internet if I changed my password?

If you've changed your password to a strong one and enabled WPA2/WPA3 encryption, your neighbor won't be able to guess it easily. However, if you had WPS enabled, someone could have cracked it previously and saved the configuration. The password could also have been saved on the device of a guest who visited six months ago. In such cases, changing the password and disabling WPS are essential.

Does having a connected neighbor affect my internet speed?

Yes, absolutely. The Wi-Fi channel is shared between all active clients. If your neighbor is downloading a large file or watching 4K video, your speed and ping (latency) will noticeably degrade, as the router has to distribute data transfer time slots among all devices.

Is it dangerous if strangers connect to my Wi-Fi?

This poses direct risks. Firstly, they use your data allowance. Secondly, they can try to access your shared folders, printer, or even files on your computer through the local network, unless you have Windows settings set to prevent detection. Thirdly, any illegal activity online will originate from your IP address, and you may be subject to law enforcement investigation.

How to find a device if it is called "Unknown"?

Use the elimination method. Disconnect your devices one by one and see which line disappears from the list. If all your devices are off, but the "stranger" remains, it's an intruder. You can also use scanner apps that identify the manufacturer by MAC address, which often provides a clue (for example, if you see that it's a Xiaomi, but you don't have any devices of that brand).

Do I need to change my router (admin) password if someone connects to my Wi-Fi?

Yes, this is critically important. If someone gains access to your Wi-Fi, there's a risk they'll try to brute-force the password to the router's admin panel (especially if you've left it at the factory default, like admin/admin). Once in the settings, they can reflash the router, change DNS addresses to steal bank passwords, or completely block your access to network management.