A sudden drop in internet speed or random blinking of router lights is often the first warning sign for a network owner. When you notice videos buffering at the most inopportune moments or online games lagging for no apparent reason, it's natural to suspect that someone else is using your channel. Unauthorized access Connecting to your home network not only means a loss of traffic, but also a serious threat to the security of your personal data stored on computers and smartphones.
Modern hackers and simply curious neighbors use a variety of password-guessing methods, including automated programs capable of trying thousands of combinations in seconds. If you set the default password that came with your router or used a simple combination like "12345678," the chances of being hacked are close to 100%. In this article, we'll take a detailed look at how check the list of connected devices, identify intruders and promptly block their access to your network.
First, you should calm down: even if someone has hijacked your Wi-Fi, it doesn't mean disaster if you act quickly and wisely. Modern routers, whether popular models from TP-Link, Asus, Keenetic or Mikrotik, are equipped with built-in monitoring tools that allow you to see all your clients in real time. Your task is to learn how to correctly interpret this data and implement effective security measures, which we'll discuss below.
Direct signs of an external connection
Before delving into the equipment's settings, it's worth paying attention to indirect but telling symptoms that are often ignored by users. The most obvious of these is abnormal behavior of the router's indicator lights. The Wi-Fi indicator light (usually labeled WLAN, Wireless, or an antenna icon) may flash erratically and very rapidly, even when all your personal devices are turned off or in sleep mode. This indicates active data packet exchange with an unknown source.
Another sure sign is a sharp drop in internet speed, especially in the evening, when the ISP's load is usually stable. If you're paying for a 100 Mbps plan and your download speed barely reaches 10 Mbps, even though you're not running any heavy apps, it's time to take a closer look. Extraneous traffic can "eat up" a lion's share of the channel, especially if the uninvited guest is downloading torrents or watching videos in 4K resolution.
⚠️ Attention: Don't confuse background processes on your devices with other people's data usage. Smartphones and Smart TVs can update apps, sync photos, or download maps offline in the background. Before checking your router, make sure your devices are truly not consuming data.
You should also be wary if your computer's antivirus software starts issuing warnings about port scans or unauthorized access attempts from the local network. This could mean that someone inside your network (on the same LAN segment) is attempting to scan your devices for vulnerabilities. In this situation, checking your router's client list becomes not just a recommendation, but a necessity.
Using the router's built-in web interface
The most reliable and accurate way to find out who is connected to your Wi-Fi is to log into your router's admin panel. This method doesn't require installing third-party software and provides the most comprehensive information, including MAC addresses and the connection status of each device. First, you need to find the IP address of the default gateway. On Windows computers, this can be done by opening the command prompt and entering the command ipconfigFind the line “Default Gateway” - most often this is an address of the form 192.168.0.1 or 192.168.1.1.
After entering the address in the browser, the system will ask for your username and password. If you have never changed these details, they are located on the sticker on the bottom of the router (standard pairs are usually admin/admin or admin/password). Once inside, look for sections with names like "Status," "Network Map," "Clients," or "DHCP Server." This is where the list of all active IP address tenants is stored.
In the interface, you'll see a table where each device is assigned an IP address, MAC address, and often a hostname. The hostname can indicate the device type, for example, iPhone-Sasha, LivingRoom-TV or DESKTOP-PCHowever, attackers can hide the name or change it to something neutral, so the primary identifier always remains the MAC address—the unique physical identifier of the network card.
Some modern firmware, for example, in routers Keenetic or Asus AiMesh-enabled devices visualize this list as a convenient network map, which immediately shows which connection (2.4 GHz or 5 GHz) the client is using and its current data transfer speed. This significantly simplifies diagnostics, as a rogue device is often immediately identified by an unclear name or the absence of an icon.
Analyzing the list of connected devices
Once you have a list of clients, you need to conduct a detailed analysis. The main task is to match the MAC addresses in the table with the addresses of your physical devices. A MAC address is a set of six pairs of hexadecimal digits separated by colons (e.g., A4:C3:F0:8B:12:3E). The first three pairs of characters are called the OUI (Organizationally Unique Identifier) and indicate the manufacturer of the network card. Knowing the manufacturer makes it easy to identify the device.
For example, if you see a device from a manufacturer Hon Hai Precision Ind. or Foxconn, it's most likely a laptop or a gaming console. Abbreviations Apple, Samsung, Xiaomi or Huawei They will point to smartphones and tablets. If a device from a manufacturer you don't have at home appears on the list (for example, an unknown camera or network card), this is cause for concern. Below is a table with examples of common manufacturers and their designations.
| Manufacturer (OUI) | Typical device | MAC prefix example | Note |
|---|---|---|---|
| Apple, Inc. | iPhone, iPad, Mac | 00:1C:B3, A4:83:E7 | The device name is often hidden |
| Samsung Electronics | Smartphones, TV | 00:1A:8A, C4:88:5B | It could be called Galaxy. |
| Espressif Inc. | Smart technology | 18:FE:34, 24:0A:C4 | Often IoT devices |
| Intel Corporate | Laptops, PCs | 00:1E:33, F0:1E:AF | Built-in Wi-Fi modules |
| Unknown / Generic | Hidden devices | Different | Suspicious if not yours |
Pay attention to the number of active devices. If you only have two smartphones and one laptop in your home, but the list shows five active clients, three of them are unnecessary. It's also worth checking the IP addresses: the router usually distributes them sequentially. If you have three connected devices, and the last one has an IP address corresponding to number 10 in the queue, this may indicate that someone connected and disconnected before you arrived.
Network monitoring software
If you find logging into your router's web interface complicated or the device's interface is too limited, you can use specialized software. There are numerous PC utilities and mobile apps that scan your local network and provide a detailed report on all detected nodes. One of the most popular and functional tools for Windows is Wireless Network Watcher from NirSoft. It's lightweight, requires no installation, and displays all the necessary information in a convenient format.
For smartphone users, the app is a great solution. Fing (available for Android and iOS). It not only displays a list of all devices on the network but can also identify their type, model, operating system, and even their approximate location in the house (based on signal strength). This is especially convenient, as it allows you to walk around your apartment with your phone and search for the source of an unwanted signal.
Another powerful tool is Advanced IP ScannerIt allows you to not only see connected devices but also scan ports, check open shared folders, and even remotely control some functions. However, it's important to remember that using such programs on other people's networks or for malicious purposes is illegal. Use them only for auditing your own home network.
⚠️ Attention: Download network monitoring software only from the official developers' websites. There are many counterfeit versions online that may themselves contain viruses or miners, which will only exacerbate the security problem.
It's important to understand that software scanners operate on the same principle as built-in router tools, but they often provide more detailed information. For example, they can show the response time (ping) of each device, which helps determine whether it's currently active or simply "hanging" in the router's memory after a previous connection. If the ping to a suspicious device is high or absent, it may have already left the coverage area.
Blocking Intruders and Protecting Yourself
Once you've identified the intruder, you need to block them immediately. The simplest, but not the most effective, method is to change your Wi-Fi password. This will disconnect all clients, and you'll have to reconnect your devices. However, if the password was brute-forced, a new, complex password will solve the problem. Go to your wireless network settings (Wireless Settings) and change the security key (Pre-Shared Key).
A more sophisticated approach is to use MAC address filtering. In your router settings, find the "MAC Filtering" section. Enable "Deny" mode for the intruder's address. Now, even with the password, that specific device will be unable to connect to the network. "Allow" mode allows access only to whitelisted devices, which provides maximum protection but requires manual registration of each new device.
☑️ Actions upon detection of a hack
Don't forget to turn off the feature as well WPS (or QSS on routers D-LinkThis technology allows you to connect to the network by pressing a button or entering a PIN, but it is extremely vulnerable to hacking. Attackers can brute-force a WPS PIN in a matter of hours, gaining full access to the network, even if the master password is very complex. Disabling this feature in your router settings will close one of the main loopholes for hackers.
Finally, in the security section, it's worth mentioning your guest network. If you frequently have friends over, create a separate guest SSID with speed limits and isolation from your local network. This will allow guests to use the internet but prevent them from accessing your files, printer, and primary devices, keeping your primary security perimeter intact.
What happens if I don't change my password?
If you simply block the MAC address, an attacker can easily spoof (clone) their device's MAC address to match the address of your authorized device. Therefore, changing the password and disabling WPS are essential measures.
Frequently Asked Questions (FAQ)
Can my neighbor see my files if he is connected to Wi-Fi?
In theory, yes, if you don't have client isolation configured and folder sharing is enabled. However, modern operating systems ask whether you want to connect to a new network: "Private" or "Public." If you select "Public," visibility to other devices is blocked. However, the risk of traffic interception (passwords for websites without HTTPS) remains high.
Why is there "Unknown" in the list of devices, even though I know all of them?
A device may appear as "Unknown" if it doesn't report its hostname or if the router doesn't have a hostname database for that manufacturer. Smart plugs, light bulbs, vacuum cleaners, or older printers often appear this way. Check the MAC address: if the prefix matches the manufacturer of your smart device, there's nothing to worry about.
How often should I change my Wi-Fi password?
It's recommended to change your password every 3-6 months, or immediately after giving it to someone temporarily (guests or repairmen). A password change is also mandatory when purchasing a new router, as factory passwords have long been included in hacker databases.
Will hiding your network name (SSID) from unwanted guests help?
Hiding the SSID only creates the illusion of security. An experienced user can easily detect a hidden network using traffic analyzers. Furthermore, your devices will constantly broadcast requests to search for this hidden network, which can even drain your smartphone's battery. It's better to use strong encryption. WPA3 or WPA2.
In summary, maintaining control over connected devices is a basic digital hygiene skill. Regularly checking your router's client list, using strong passwords, and disabling vulnerable features like WPS will allow you to enjoy a fast and secure internet connection. Remember, the security of your network is in your hands, and even simple security measures can prevent serious problems in the future.