A sudden drop in internet speed and delayed page loading often indicates that an unauthorized user has connected to your network. Equipment owners TP-Link can easily check the list of active clients directly through a browser or mobile app. This is a basic but critical feature. network security, allowing you to control access to your communication channel.
Unauthorized access not only steals your traffic but also opens up loopholes for attacks on personal data stored on computers and smartphones within the local network. Modern routers offer convenient monitoring tools, but their menu locations may vary depending on the firmware version and device model. In this article, we'll take a detailed look at all the available connection auditing methods.
We'll cover both classic login via a web interface from a computer and remote monitoring via a smartphone. You'll learn how to recognize unauthorized devices by their MAC addresses and what actions to take immediately upon detecting a "guest." Understanding these processes will help you protect your home network from uninvited guests.
Symptoms of unauthorized network access
The first sign that someone else is using your WiFi is unstable internet service. If you notice that your download speed has dropped significantly, or high-definition video content is constantly buffering, even though your data plan allows for more, you should be wary. It's especially suspicious if these issues occur at night or when all your home devices are turned off.
Another warning sign is the blinking wireless network indicator on the router. When all your devices are asleep or turned off, the light WLAN It should be solid or blink slowly. Active data transfer, indicated by rapid blinking, indicates background activity on some device.
⚠️ Note: Some router models have a "smart" LED blinking feature that can simulate activity even when there's no traffic. For accurate diagnostics, always check the software client list rather than relying solely on the LEDs.
It's also worth paying attention to the behavior of antivirus software and firewalls on your computers. If the security system periodically reports port scanning attempts or unusual network activity from the local network, this could indicate that an attacker is already inside the perimeter and is trying to find vulnerabilities in your devices.
Sometimes users forget about connected guest devices, smart plugs, or TVs that can consume bandwidth. Therefore, before sounding the alarm, it's important to conduct a thorough investigation. inventory all devices with WiFi access.
Logging into the TP-Link router control panel
To begin diagnostics, you need to access the device's administrative panel. This can be done from any computer or laptop connected to the router via cable or WiFi. Open any browser and enter your router's IP address in the address bar. By default, for most models TP-Link This 192.168.0.1 or 192.168.1.1.
If the default addresses aren't suitable, you can find out the current gateway IP address through the operating system command line. Press the key combination Win + R, enter cmd and in the window that appears, run the command:
ipconfig
In the list that opens, find the line labeled "Default Gateway." The digital address next to it is the address you need to access the settings. After entering the address in your browser, the system will ask for your username and password. If you haven't changed them, use the default information, usually found on a sticker on the bottom of the device (usually admin/admin).
⚠️ Please note: The interfaces of new and older TP-Link models differ significantly. New devices use a blue or green interface with graphical icons, while older models have a gray menu with text links on the left.
Remote internet access is disabled by default for security reasons. If you forget your admin password, you'll have to perform a factory reset, which will require you to reconfigure your internet connection.
Checking connected devices via the web interface
After successful authorization, the main menu will open. The path to the client list depends on the firmware version. In the new interfaces (green/blue design), go to the
Basic(Basic settings) and select the tabWireless(Wireless mode) or look directly at the main network map, which often displays the number of active users.In more detailed menus and older firmware versions, look for the section
Wireless->Wireless Statistics(Wireless Statistics). This table displays a list of all MAC addresses of devices currently receiving data from the router. The list of active clients is often duplicated in the sectionDHCP->DHCP Client List.The table displays several columns: ID, MAC address, Status, and Leased Time. The MAC address is a unique identifier for a network interface. It identifies the device's manufacturer. The first six characters of the MAC address (OUI) identify the brand, helping you identify the device.
☑️ Checking the client list
Completed: 0 / 4If you see a device in the list that you can't identify, try temporarily disabling WiFi on all your devices. If an "unnecessary" client remains in the list after this, it means someone else is using the connection. In this case, you should immediately change your WiFi password and encryption type.
Some router models allow you to block access by MAC address directly from this menu. However, a more reliable method is to completely change the security key and use whitelist filtering, which we'll discuss in the following sections.
📊 How often do you check the list of devices connected to your WiFi?DailyOnce a weekOnce a monthNever checkedNetwork monitoring via the Tether mobile app
For smartphone owners, the company TP-Link developed a user-friendly application Tether, available for iOS and Android. This modern way to manage your router is often even more informative than the web interface. The app allows you to view a real-time list of clients with beautiful icons and device names.
After installing the app and linking your router (you'll need to enter your WiFi password or admin panel), go to the main screen. A network map will be displayed. Clicking the "Clients" or "Devices" icon will display the full list. The app automatically detects the device type (e.g., iPhone, Windows PC, Camera) and hostname.
The app's convenience lies in its instant blocking feature. There's a toggle switch next to each device. If you detect an unknown device, you can disable its internet access or completely block its connection with a single tap. This action takes effect immediately.
⚠️ Note: For the Tether app to work, your smartphone must be connected to the router's WiFi network or have Bluetooth enabled for initial setup. Remote control via 4G/5G is only possible if a TP-Link ID account has been previously set up.
The app also allows you to set an access schedule. You can configure a rule so that certain devices (such as children's tablets or smart TVs) can only access the network during specified hours. This is a useful feature for parental control and data savings.
What should I do if the app doesn't see the router?
Make sure your phone is connected to the same WiFi network as your router. If you're using a repeater or hotspot mode, control may be limited. Also, check if your phone's antivirus software is blocking local network discovery.
MAC Address Analysis and Manufacturers Table
Often the list of connected devices only displays the dry numbers of MAC addresses, for example,
A4:56:30:XX:XX:XXTo understand what kind of device it is, you need to know how to decipher this data. The first three bytes (six characters) are unique to each network equipment manufacturer.Below is a table with examples of MAC address prefixes for popular brands commonly found in home networks. By comparing the addresses listed on your router with this table, you can quickly identify unauthorized devices.
MAC prefix (first 6 characters) Probable manufacturer Typical devices Apple, Inc. 00:1C:B3, 00:25:00, A4:83:E7 iPhone, iPad, MacBook, Apple TV Samsung Electronics 00:16:32, 00:1E:C2, DC:6B:1E Galaxy smartphones, Smart TVs Hon Hai Precision Ind. 00:1E:C2, 00:22:43, 00:24:2C Game consoles (PS3/PS4), laptops Espressif Inc. 18:FE:34, 24:0A:C4, 30:AE:A4 Smart sockets, lamps, sensors (IoT) Intel Corporate 00:1E:37, 00:21:5D, 34:02:86 WiFi adapters in laptops and PCs If you see a device in the list with a prefix that doesn't match any of your gadgets, this is cause for concern. For example, if you don't have an Apple device, but the list shows an address starting with
A4:83:E7, most likely, a neighbor with an iPhone connected to you.However, it's worth keeping in mind that modern smartphones (iOS 14+ and Android 10+) use the "Private WiFi Address" feature. This means the device generates a random MAC address for each new network. Therefore, today, the same device may be detected by the router as "Unknown" with a random address.
Blocking methods and network protection
Once an intruder is detected, you need to act quickly. The simplest, but not the most reliable, method is to block the MAC address directly in the router interface. In the section
Wireless->Wireless MAC FilteringYou can add the offender's address to the blacklist (Deny) or, conversely, allow only the whitelist (Allow) of known devices.However, an experienced user can spoof (change) their MAC address to one that is allowed on your network. Therefore, the only correct solution is complete change password On WiFi. When you change the password, all devices will be disconnected, and you will only be able to reconnect with the new key.
It is recommended to use the encryption standard WPA2-PSK or WPA3 With the AES algorithm. Outdated WEP or WPA/TKIP protocols are easily cracked by automated tools in minutes, rendering your password useless.
⚠️ Note: After changing your password, you'll need to re-enter it on all devices in your home (TVs, phones, printers). Make sure you have physical access to them or a spare cable for setup.
It is also worth disabling the function
WPS(Wi-Fi Protected Setup). Despite the convenience of connecting without entering a password, this technology has critical vulnerabilities that allow someone to brute-force the PIN and access the network even without knowing the master password.Is it possible to find out the WiFi password of someone connected to the router?
No, it's impossible to find out the password a user enters to connect through the router's standard interface. The router only checks its accuracy. You can only see your own saved password in the wireless security settings.
Frequently Asked Questions (FAQ)
Can my neighbor see my files if he is connected to my WiFi?
Yes, this is possible if the "Public" network profile is disabled and network discovery is enabled on your computer. In this case, an attacker could attempt to access shared folders. It is recommended to always use the "Private" network type for your home network and set strong passwords for important resources.
Why does the router show more devices than I have?
This can happen for several reasons. First, smart devices (lamps, sockets) are also considered separate clients. Second, some gadgets create two connections (one for the 2.4 GHz frequency and one for 5 GHz). Third, the guest network may be active, and guests' devices may be connected to it.
How to permanently block a specific device from connecting?
Use the "MAC Filtering" feature in the wireless settings. Select "Deny" and add the intruder's MAC address to the list. However, remember to change the WiFi password and encryption type to WPA2/WPA3.
Does the number of connected devices affect internet speed?
Absolutely. The connection bandwidth is shared between all active users. If your "neighbor" starts downloading torrents or watching 4K videos, your speed on other devices will drop significantly, and your ping in games will increase.