In the age of total digitalization, a home network is no longer just a way to access the internet. It's a smart home control center, a personal file storage area, and a workplace. That's why the question of how to see who's connected to WiFi on a laptop is critical for every router owner. Slow page loading speeds, sudden connection drops, or blinking activity indicators on the router can be the first warning signs of uninvited guests.
An unauthorized user on your network not only freely uses your bandwidth but also poses a direct threat to data security. Through the local network, an attacker can access shared folders, printers, or even attempt to intercept passwords transmitted in cleartext. Understanding How to identify an outsider, is a basic digital hygiene skill, just as essential as installing an antivirus. In this article, we'll explore proven monitoring methods that work on most modern operating systems.
There are several levels of verification: from a simple visual inspection of indicators to in-depth packet analysis using specialized software. Windows 10 and 11 They provide sufficient tools for basic diagnostics without installing third-party software, but for complete confidence, it's best to use a combined approach. We'll cover both the system's built-in tools and the capabilities of the router itself, which is the main guardian of your perimeter.
⚠️ Warning: If you discover an unfamiliar device, don't panic or change all passwords to complex 30-character combinations. First, make sure it's really someone else's and not your own. smartphone, tablet or a smart home device you might have forgotten.
Visual diagnostics and primary signs of invasion
Before resorting to complex technical manipulations, it's worth paying attention to indirect signs of intruders. The most obvious indicator is a sharp drop in internet speed. If you're paying for a 100 Mbps plan, but YouTube barely loads in HD while no one else is downloading large files, that's cause for concern. However, such network behavior could also be caused by issues with your ISP, so double-checking is necessary.
The second important indicator is the behavior of the indicators on the router. The light indicating the wireless network (usually labeled WLAN, WiFi, or depicted as an antenna) should blink irregularly, indicating data transfer. If the indicator is solid or blinks rapidly when all your devices are turned off, it almost certainly indicates active background data transfer by someone else.
- 📉 A sharp drop in internet speed during off-peak hours.
- 💡 The WiFi indicator on your router is constantly on or blinking continuously when your devices are in sleep mode.
- 🔒 Access to router settings is blocked (the administrator password has changed).
- 📡 Unknown names appear in the list of available networks (neighbors may be cloning your SSID).
It's also worth listening to the laptop itself. If the fans become louder than usual when the system is idle, this may indicate background network activity. Modern operating systems often display network activity in the system tray, but this data is easily faked or may not reflect the traffic of other devices on the local network. Therefore, visual methods are only a first step, requiring confirmation with more accurate tools.
Using the Windows Command Prompt to Scan
operating system Windows has powerful built-in network diagnostic tools that are often overlooked by regular users. The command line allows access to the ARP (Address Resolution Protocol) table, which stores the mappings between the IP addresses of devices on the local network and their physical MAC addresses. This is the fastest way to see who's nearby at any given moment, without accessing the router's settings.
To run diagnostics, you need to open the command prompt. This can be done by pressing the key combination Win + R, by entering the command cmd and pressing Enter. In the black window that opens, enter the command arp -aThe system will display a list of all devices with which your laptop has recently communicated. The list will include IP addresses (usually starting with 192.168.0.x or 192.168.1.x) and their corresponding MAC addresses.
C:\Users\User> arp -aInterface: 192.168.1.5 --- 0xb
Internet Address Physical Address Type
192.168.1.1 aa-bb-cc-11-22-33 dynamic
192.168.1.15 11-22-33-44-55-66 dynamic
192.168.1.20 66-55-44-33-22-11 dynamic
The analysis of the resulting list requires care. Address 192.168.1.1 (or .0.1) is usually the router itself. The other addresses are clients. To determine who owns a MAC address, you can use online vendor checkers (the first 6 characters of the MAC address indicate the manufacturer). If you see a device from Apple, when you don’t have equipment of this brand, or it’s an unknown brand, this is a cause for concern.
⚠️ Note: The ARP table doesn't always display all devices on the network. It only shows those with which your laptop has already exchanged packets. To see all devices, you can first run a ping scan of the address range, but this requires more complex scripting.
It is important to understand that the method arp -a Shows only those active at the time of the request. Sleeping devices may not be displayed. Furthermore, if an attacker uses ARP spoofing techniques, they may attempt to conceal their presence, although this is rare on home networks. This method is good for beginners because it doesn't require installing additional software, but its accuracy is limited.
How to decipher a MAC address?
The first six characters of a MAC address (e.g., AA:BB:CC) are called the OUI and uniquely identify the device manufacturer. By entering this code into a search engine with the prefix "OUI lookup," you can find out the brand of the network card. This helps distinguish a Samsung phone from an unknown Chinese gadget.
Checking connected devices via the router's web interface
The most reliable and comprehensive way to find out who is connected to your WiFi is to look inside the router itself. The router is the central hub that distributes IP addresses, so it knows about every device, even if it's just associated with the network but hasn't yet transmitted data. To do this, log into the control panel and enter the router's IP address (often 192.168.0.1 or 192.168.1.1) in the browser's address bar.
After entering your administrator login and password (which are often found on a sticker on the bottom of the device if you haven't changed them), find the section related to wireless networking. The names may vary depending on the model: Wireless Status, Client List, Attached Devices or "Client List." This section displays a table with all active connections.
Here you'll see not only IP and MAC addresses, but often also the hostname (device name), such as "Ivan-iPhone" or "LivingRoom-TV." This makes identification much easier. If you see a device named "Unknown" or a name you don't recognize, compare its MAC address with the addresses of your devices in the WiFi settings on the devices themselves.
| Parameter | Description | What to look out for |
|---|---|---|
| IP Address | Unique device number on the local network | Addresses outside your DHCP range (e.g. static) |
| MAC Address | Physical address of the network card | Unknown manufacturers or coincidence with others |
| Hostname | User-defined device name | Strange names or standard ones (Android_1234) |
| Type | Connection type (WiFi or LAN) | Devices connected via cable if you don't have them at home |
In modern routers such as Keenetic, TP-Link or AsusThe client list functionality has been expanded. Often, you can not only view it, but also block a device, click "Disable," or limit the speed for a specific client directly from this menu. This makes the web interface the most convenient tool for rapid response.
☑️ Security check via router
Specialized software for network monitoring on a PC
If built-in Windows tools or the router interface aren't enough, specialized utilities can help. Network scanners can do more than just display a list; they can also perform a thorough analysis, identifying the device model, operating system, open ports, and even the username. One of the leaders in this field is Wireless Network Watcher from NirSoft, which is distinguished by its minimalism and lack of installation.
Once launched, the program automatically scans the subnet and displays the results in a convenient table. It displays the Last Detected time, which helps identify devices that connect intermittently. Another useful feature is the ability to configure a sound alert: the laptop can beep when a new device appears on the network, which is convenient for real-time monitoring.
Another powerful tool is Angry IP ScannerIt scans the entire range of IP addresses, pinging them and collecting information. Unlike the ARP table, it interacts more actively with devices, allowing you to "wake up" sleeping devices and force them to respond. However, it's worth remembering that active scanning can be interpreted as an attack by some antivirus programs or the router itself if the interval between requests is set too short.
- 🖥️ Wireless Network Watcher - lightweight scanner showing MAC, IP and manufacturer.
- 🔍 Angry IP Scanner — a cross-platform scanner with advanced ping functions.
- 🛡️ GlassWire — a traffic monitor that shows activity graphs and new connections.
- 📱 Fing — a popular mobile application that also has a desktop version.
Using third-party software provides a more detailed picture, but requires caution when downloading. Download programs only from the developers' official websites to avoid getting a virus instead of protection. Additionally, some antivirus programs may detect network scanners as potentially unwanted programs (PUPs), so you may need to add the scanner to your exceptions.
List analysis and identification of unknown devices
A list of 10-15 devices can be overwhelming for an inexperienced user. How do you figure out what's what? A modern apartment is brimming with gadgets: TVs, consoles, smart plugs, lamps, vacuum cleaners. Each has its own network adapter. The key to peace of mind is a methodical inventory. Start by disabling WiFi on all your devices one by one and monitoring the changes in the router's client list.
Pay special attention to devices with names like "Android-xxxx" or "IP-xxxxx." These are often forgotten tablets, children's old phones, or even smartwatches that automatically connect to the network. If, after checking all your devices, a device remains on the list that you can't identify, try unplugging the router for 10 seconds. After plugging it back in, check the list again: legitimate devices usually connect first, while unauthorized ones may appear after a delay.
The connection type is important. If you see a device connected via LAN (cable), and you don't have desktop PCs or network printers at home, this is a serious reason to check the physical integrity of the cables coming from the building or from your neighbors. In apartment buildings, unscrupulous neighbors sometimes run cables through vents or windows.
For precise identification, you can use a correspondence table, which every owner of a complex network should keep:
| Device | MAC address (example) | Connection type | Status |
|---|---|---|---|
| Laptop (Work) | A4:5E:60:XX:XX:XX | WiFi 5GHz | Mine |
| Smart TV Samsung | 00:1E:7D:XX:XX:XX | WiFi 2.4GHz | Mine |
| Unknown Device | DC:FE:18:XX:XX:XX | WiFi 2.4GHz | Suspicious |
If you discover, for example, that your neighbor's robot vacuum is connected to your network, this indicates that your WiFi password has been compromised or is too weak. In such cases, avoid arguing; it's best to simply change the access key and set up a guest network for visitors.
Protective measures and blocking uninvited guests
Detecting an intruder is only half the solution. The key is preventing them from reconnecting. The most radical and effective method is to completely change the WiFi password. Changing the password will disconnect all devices, forcing you to reconnect them using the new key. This is guaranteed to kick the intruder out of the network.
However, if you don't want to change the password on all devices, many routers allow you to use a "Blacklist" or MAC address filtering. You can add the intruder's MAC address to the blacklist, and the router will ignore their connection attempts, even if it knows the correct password. This is a more flexible tool, allowing you to selectively block specific devices.
For long-term security, it is recommended to enable encryption. WPA2-PSK (AES) or WPA3, if your router and devices support this standard. Older WEP and WPA-TKIP protocols can be cracked in minutes, even by schoolchildren using smartphones. Also, disable the WPS function, as it often presents a security hole that allows passwords to be bypassed.
⚠️ Note: MAC address filtering is only effective until an attacker decides to change the MAC address on their device (MAC cloning). Therefore, changing your WiFi password remains the gold standard for security.
Don't forget to check if you have guest access enabled. If it's enabled and the guest network password is weak or widely known (for example, written down on a piece of paper in the entryway), the guest network is the most common route for intrusion. The guest network should be isolated from your main local network to prevent guests from accessing your files and printers.
Frequently Asked Questions (FAQ)
Can a neighbor steal my WiFi if I change the password to a strong one?
If you use modern encryption (WPA2/WPA3) and a complex password (more than 10 characters, including numbers and special characters), brute-forcing your network is virtually impossible. However, your password could have been stolen through a virus on your computer, or you could have shared it with someone else. Changing your password solves the problem in 99% of cases.
Why does the device list show "Unknown" even though it's my phone?
This happens when the router can't identify the device manufacturer by the MAC address or the device doesn't broadcast its hostname. This often happens with budget Chinese gadgets or devices with custom firmware. Compare the MAC address in your phone's settings with the address in the router to confirm.
Is it safe to use network scanning software?
Yes, if you download them from the developers' official websites (for example, NirSoft, Angry IP Scanner). These programs are legal and used by system administrators. However, antivirus programs may flag them because they use the same port scanning methods as hackers. Simply add the program to the exceptions list.
What should I do if I can't access my router settings?
If the default password (admin/admin) doesn't work and you haven't changed it, someone else may have already gained access and changed it. In this case, the only solution is to reset the router to factory settings (press the Reset button on the router). Then, reconfigure the network with a new, strong administrator password.
Does having one phone connected affect my internet speed?
A single phone simply using WiFi (checking email or messaging apps) has virtually no impact on speed. Problems arise when the "neighbor" starts downloading torrents, watching 4K video, or playing online games. In this case, ping will increase, and download speeds will drop to a minimum.