In an era when home networks connect not only smartphones and laptops but also smart refrigerators, security cameras, and gaming consoles, traffic control is becoming a matter not just of speed but of personal safety. Have you noticed your internet has slowed down even though you're not downloading anything heavy? Or is your activity indicator flashing like crazy while everyone else is asleep? These signs may indicate that someone else has accessed your hotspot.
Identifying a "freeloader" on your own can be difficult without specialized knowledge, as modern routers often hide connection details behind a simplified interface. However, with the right tools and an understanding of how network protocols work, you can quickly identify a list of all active clients. In this article, we'll discuss how to see who's connected to your Wi-Fi and how to protect your local network from unauthorized access.
There are several levels of testing: from a simple glance at the router's indicators to in-depth packet analysis using specialized software. Administrative panel Your router's settings are the first and most reliable source of accurate information, always at your fingertips. Don't rely on guesswork; it's better to get straight to the facts.
Analysis of indicators and primary diagnostics
The easiest way to suspect something is wrong is to pay attention to the physical state of your router. Most modern models are equipped with LED indicators that signal data transfer. If you've turned off all your devices, disconnected them with an Ethernet cable, and are sure no one in your home is using the internet, the indicator light will turn on. WLAN or Wi-Fi should not blink frequently.
Frequent and erratic blinking of the wireless network indicator when idle is the first red flag. This means data packets are being transmitted between the router and some device. While background updates to the operating system or smart light bulbs can also cause activity, constant, intense data exchange requires verification.
⚠️ Attention: Not all routers have the same LED logic. On some models, blinking only indicates a signal, not data transmission. For precise information on LED behavior, refer to the technical manual (user manual) your specific equipment model.
For a more accurate diagnosis, you can temporarily disable Wi-Fi on all your devices. If the router continues to actively communicate with the network after this, the likelihood of an unauthorized connection increases dramatically. In this case, you should immediately resort to software-based testing.
Checking via the router's web interface
The most reliable way to find out who's using your Wi-Fi is to access your router's settings. The router's web interface contains a table DHCP clients or a list of connected devices, which displays all devices that have received an IP address. To get there, enter the gateway IP address in the browser's address bar, usually 192.168.0.1 or 192.168.1.1.
After logging in (your login and password are often found on a sticker on the bottom of the case), you need to find a section that may have different names depending on the firmware version. Look for tabs called "Status," "Network Map," "DHCP Server," or "Wireless Statistics." This is where you'll find a complete picture of your local network.
☑️ Checking the client list
In the list, you'll see IP addresses, MAC addresses, and sometimes device names. If you see a device with a name Unknown or a manufacturer that is not in your home, this is a cause for concern. Modern routers, such as TP-Link Archer or ASUS RT, often have mobile apps where this list is displayed as a clear network map with icons.
Using network scanners for PCs and smartphones
If you find accessing your router settings difficult or the device's interface uninformative, third-party network scanning utilities can help. Scanning programs such as Advanced IP Scanner for Windows or Fing for Android and iOS, they can scan the entire address range in a few seconds and display all active devices.
These applications work by sending requests to all possible addresses in a subnet and analyzing the responses. They don't require router administrator rights, as they operate at the level of your connected device. This makes them an excellent tool for quick, on-the-fly testing.
However, it's important to note that the scanner will only show devices that responded to the request. Some security systems may block such requests (ignore pings), so a device may be online but not appear in the scanner's list. Nevertheless, this method is sufficient for 95% of home use cases.
| Name of the utility | Platform | Key function | Complexity |
|---|---|---|---|
| Advanced IP Scanner | Windows | Fast scanning, access to shared folders | Low |
| Fing | Android / iOS | Device type determination, safety test | Low |
| Wi-Fi Analyzer | Android | Analysis of channels and connected clients | Average |
| Angry IP Scanner | Cross-platform | Deep port and address scanning | High |
Identifying devices by MAC address
When you see a suspicious address on the list, the question arises: how do you know whose phone or laptop it is? The key to the solution is MAC address (Media Access Control). This is a unique identifier assigned to a network interface during manufacturing. The first six characters of the MAC address (OUI - Organizationally Unique Identifier) identify the equipment manufacturer.
There are OUI databases on the Internet where you can enter the first three bytes of an address (for example, 00:1A:2B) and find out the manufacturer. If you see a device from a manufacturer you definitely didn't buy (for example, some Hikvisionwhen you don't have their cameras, or Dell, when everyone is using a MacBook), this is a clear sign of an intrusion.
⚠️ Attention: Manufacturers may change the names of MAC addresses or use subcontractors. Furthermore, modern smartphones (iOS and Android) use a "private Wi-Fi address" feature that randomizes the MAC address when connecting to different networks. This can make it difficult to identify a device using a fixed address.
The most reliable method of identification is by elimination. Turn off Wi-Fi on your devices one by one and observe which one disappears from the list in the router interface. The device that remains in the list even when all your other devices are turned off is the intruder.
What is MAC address randomization?
This is a security feature in modern operating systems that generates a random MAC address instead of the real one when connecting to Wi-Fi. This protects the user from being tracked across access points, but can be confusing for router owners who are accustomed to seeing fixed addresses for their devices.
Methods for blocking uninvited guests
If you detect an intruder, you must immediately block their access. The simplest, but most drastic, solution is to change your Wi-Fi password. When changing the security key in the router settings (Wireless Security -> WPA2-PSK) all devices will be disabled, and you'll have to re-enter the new password on your devices. This ensures that the old password, which could have been stolen or cracked, no longer works.
A more flexible method is to use Blacklist (blacklist) or MAC address filtering. In your router settings, you can find the "MAC Filter" or "Access Control" section. By adding the MAC address of another device to the blacklist, you prevent it from connecting, even if the attacker has the correct Wi-Fi password.
There's also a "White List" mode, which is the most restrictive. In this mode, only devices whose MAC addresses are explicitly added to the allowed list can connect to the network. All others, even with the password, will be blocked. This is the ideal option for maximum security, although it does require manual configuration of each new device.
Network security prevention and configuration
To avoid constantly having to ask yourself "how to see who's connected," it's important to configure your router correctly from the start. Attackers often exploit vulnerabilities in older encryption protocols. Make sure security is selected in your wireless network settings. WPA2-PSK (AES) or the newest WPA3The WEP and WPA (TKIP) protocols are considered obsolete and can be easily cracked in a few minutes.
It is also worth disabling the function WPS (Wi-Fi Protected Setup). Despite the convenience of connecting with a single click, this protocol has critical vulnerabilities that allow password recovery using brute-force attacks. Disabling WPS in the router's menu will close this loophole to potential attacks.
Don't forget to update your firmware regularly (firmware) of your router. Manufacturers release updates that patch security holes and improve stability. Older versions of the software may contain known vulnerabilities that can be used to gain access to the administrative panel.
⚠️ Attention: Router interfaces from different manufacturers (D-Link, Keenetic, TP-Link, Asus) may vary. Menu item locations may change after firmware updates. If you don't find the feature you're looking for, refer to the documentation on the manufacturer's official website for your model.
Can my neighbor see my screen or files if they are connected to Wi-Fi?
Simply being connected to the same Wi-Fi network doesn't automatically grant access to files on your computer or smartphone. However, if you have network discovery enabled on your device or shared folders without a password, your neighbor could theoretically try to access them. The risk is higher on public networks, so always use the "Public Network" profile in Windows, which blocks incoming connections.
Why does the router show more devices than I have?
Modern gadgets often have multiple network interfaces or create virtual adapters. For example, a single smartphone may appear as a separate device for both 2.4 GHz and 5 GHz frequencies, or as a guest device if the corresponding feature is enabled. The list may also include virtual interfaces of the router itself or smart plugs connected via LAN that you forgot about.
What should I do if I can't access my router settings?
If standard addresses 192.168.0.1 or 192.168.1.1 If the gateway doesn't open, the gateway IP address may have been changed previously. You can find the current address in the network settings on the connected computer (command ipconfig in the command line, under the "Default gateway" parameter. If the password is lost, you'll have to reset the router to factory settings using the Reset.