A sudden drop in internet speed or intermittent connection interruptions are often the first warning signs that an uninvited guest has connected to your home network. Neighbours, friends parked near your house, or even hackers exploiting your encryption vulnerabilities can consume the traffic you pay for out of your own pocket. Modern Wi-Fi router — is a complex device that stores a complete connection history, but manufacturers often hide this information in the depths of the menu to keep the interface "simplistic."
It is necessary to determine the presence of foreign devices not only to save money, but also for your own digital securityBy connecting to the same local network as your computer or smartphone, an attacker can access shared folders, intercept passwords, or exploit your connection for illegal activities. In this article, we'll explore all existing methods for detecting "freeloaders," from built-in router tools to specialized software for professionals.
Before moving on to complex settings, it is worth noting that most problems can be solved by competent diagnostics and changing the password. However, to do this effectively, you first need to see the "enemy in the face" and understand what kind of device is hidden behind a mysterious name like Unknown Device or Android-xyzWe will consider tools for any platform, whether it be Windows, macOS or mobile operating systems.
⚠️ Attention: Router web control panel interfaces are constantly updated by manufacturers. The layout of menu items may vary depending on the firmware version and model of your router (TP-Link, ASUS, Keenetic, D-Link). If you don't find an exact match, look for sections with similar names: "Status," "Network Map," or "Clients."
Analysis of indicators and primary diagnostics
The simplest, though not always accurate, way to suspect something is wrong is to monitor the lights on your router. If you've turned off all your gadgets and closed your laptops, but the light isn't on Wi-Fi or The Wi-Fi signal continues to flash frequently and erratically, a sure sign of active data exchange with an external device. The router constantly sends and receives data packets, even when you're not downloading anything, but this rate should be minimal in idle mode.
A more advanced method of initial verification is to use the command line in the operating system. WindowsThis method won't show you all connected devices globally, but it will let you see those your computer is currently interacting with. Open the command prompt (cmd) and enter the command arp -aYou will see a table of IP addresses and physical MAC addresses.
C:\Users\User> arp -a
Interface: 192.168.0.101 --- 0xc
Internet Address Physical Address Type
192.168.0.1 00-11-22-33-44-55 dynamic
192.168.0.105 a0-b1-c2-d3-e4-f5 dynamic
192.168.0.255 ff-ff-ff-ff-ff-ff static
Compare the number of active IP addresses found with the number of devices you own. If you see five active addresses, but you only have a phone, laptop, and smart speaker, it's worth considering. However, keep in mind that this method only shows those who have recently accessed your PC, not everyone who is simply connected to the router. For a complete picture, you need access to the admin panel.
Checking connected devices via the router's web interface
The most reliable method, which works 100% of the time, regardless of the hardware model, is to log into the router's control panel. To do this, you need to know the gateway IP address (usually 192.168.0.1 or 192.168.1.1) and administrator credentials. Enter the address in the browser's address bar and log in. If you've never changed your password, it's often found on a sticker on the bottom of the device.
After logging in, you'll need to find the section responsible for your wireless network or connection status. Depending on the brand, this section may have different names. For example, in routers TP-Link it's often the "Wireless" -> "Wireless Statistics" tab, and in ASUS — “Network Map” or “Client List”. In modern models Keenetic The information is available immediately on the main screen in the form of a diagram.
The list displays the device names (Hostname), their IP addresses and, most importantly, MAC addressesThe MAC address is the unique identifier of the network card. If you see a device named "iPhone" but don't have an Apple device, or an "Android" device when all phones are turned off, this is cause for concern. Some routers allow you to immediately block an unknown client directly from this menu by clicking "Block" or "Deny."
☑️ Security check via router
Below is a table to help you navigate the section names for popular router brands:
| Router brand | Section title | Menu path (approximate) |
|---|---|---|
| TP-Link | Wireless Statistics | Wireless -> Wireless Statistics |
| ASUS | Client list | Network Map -> Clients |
| Keenetic | Client list | Home -> Client List (Device List) |
| D-Link | DHCP Client List | Status -> LAN -> DHCP Clients |
| Tenda | Wireless Hosts | Advanced -> Wireless -> Wireless Hosts |
Using specialized software for PCs and laptops
If logging into your router settings seems too complicated or you've lost your password, network scanners for your computer can help. These utilities analyze your local network and provide a detailed report on all detected devices, their manufacturers, and operating systems. One of the most popular and free tools is Wireless Network Watcher from NirSoft.
The program requires no installation (portable version) and launches instantly. After scanning, it will list all active IP addresses. The advantage of this software is its level of detail: it can show the network card manufacturer (for example, Samsung Electronics or Apple), which helps identify the device even if it is labeled "Unknown." Another useful utility is Angry IP Scanner, which can scan not only the local network, but also specified address ranges.
It's important to understand that such programs only see devices that are on the same subnet and don't block ICMP requests (pings). Some smart devices or secure smartphones can hide from simple scanning by not responding to discovery requests. Therefore, using a scanner is a good supplementary method, but not a replacement for router monitoring.
⚠️ Attention: Download network scanning software only from the official websites of the developers. Fake versions of popular software may contain viruses that could allow third parties access to your network.
Mobile apps for Wi-Fi network monitoring
For users who prefer to monitor their network from a smartphone, there are many effective apps available. The leader in this area has long been Fing (available for Android and iOS). It doesn't just display a list of connected devices, but also runs speed tests, checks port security, and can even identify the device type (camera, TV, console) based on the characteristic traffic patterns.
Other noteworthy apps include Network Scanner And WiFi AnalyzerThey work on a similar principle: they scan the network and display a list of MAC addresses and hostnames. A unique feature of some apps is a notification function: the program runs in the background and sends a push notification whenever a new, previously unseen device appears on the network.
It's worth noting that on iOS (iPhone/iPad), the capabilities of such apps are limited by Apple's security policy. The system doesn't allow apps to freely scan the local network without the user's permission and without being on the same Wi-Fi network. Therefore, functionality on iPhone may be limited compared to Android versions, which have greater access to low-level network requests.
Why doesn't the app see all devices?
Some modern smartphones (especially iOS 14+ and Android 10+) use a feature called "Private Wi-Fi Address." This means the device generates a random MAC address for each network to hide its identity. This device may appear as unknown to your router, even if it's your own phone. Disable this feature for your home network in your phone's Wi-Fi settings to see a consistent name.
Table of signs of hacking and methods of protection
Understanding that an intrusion has occurred is only half the battle. It's crucial to know the symptoms of a network compromise and how to respond quickly. Below are the key warning signs and the appropriate actions to take.
| Sign | Probable cause | Action |
|---|---|---|
| The Wi-Fi indicator is blinking with no activity. | Background download of torrents or data | Check the client list in the router |
| Internet speed has decreased | The channel is clogged with other people's traffic | Change password and encryption type |
| Antivirus reports attacks from the network | A hacker attempted to scan ports. | Change your router admin password immediately |
| Websites don't open, only search engines. | DNS settings have been changed (DNS Hijacking) | Reset the router to factory settings |
The most effective way to protect is to use an encryption protocol. WPA2-PSK or, ideally, WPA3Never leave your network open or protected by the outdated WEP protocol, which can be cracked in minutes even by a novice using automated scripts. The password should be complex and contain mixed-case letters, numbers, and special characters.
Radical measures: reset and complete reconfiguration
If you notice numerous unknown devices, or suspect that an attacker may have accessed not only your Wi-Fi but also your router's settings (changed the administrator password, redirected DNS), the best solution is a hard reset. Each router has a reset button. Reset (often recessed into the case). Press and hold it for 10-15 seconds with the power on.
After the reset, the router will return to factory settings. You will need to reconfigure your internet connection (enter your ISP login and password if required) and, most importantly, set new, complex passwords for Wi-Fi and the control panel. Don't use default passwords like admin/admin or 1234, which are printed on the sticker, as they are publicly available.
As an additional security measure, it is recommended to disable the feature. WPS (Wi-Fi Protected Setup). This technology allows you to connect to the network with the press of a button, but it has critical vulnerabilities that allow someone to guess the PIN code in a short time. It's best to keep this feature disabled in modern routers.
What to do if a neighbor claims that it is his device?
If a check reveals that a neighbor or friend's phone is connected to your network and they claim to have simply "borrowed the password," explain the risks. While on your network, they could accidentally (or intentionally) launch a virus that will infect your computers. Furthermore, you are legally responsible for any actions performed using your IP address. The best solution is to politely ask them to delete the network and change the password.
Can a router itself "give out" a password?
No, a router can't voluntarily share its password with strangers. However, if you've ever enabled WPS or shared your password via QR code (the "Share Password" feature in Android/iOS), access may have been saved on guest devices. Even after changing the router password, guest devices can automatically reconnect if they remember the old key. However, once the router password is changed, their connection will be lost, and the old key will no longer work.
Is my browser history visible to people connected to my Wi-Fi?
The router owner can theoretically see which domains are visited online (for example, google.com or vk.com) if they use special logs or sniffers. However, the content of pages (messages, passwords) transmitted over the secure HTTPS protocol will be hidden from them. A neighbor connected to your Wi-Fi won't automatically see your history, but they can try to intercept your traffic if your device is vulnerable.