Have you noticed your internet has become slower than usual? Or are you suspicious that someone else is accessing your Wi-Fi? Check your router's user list. TP-Link — the first step towards solving these problems. Unlike many other brands, routers TP-Link offer several ways to view active connections: through a web interface, a mobile application Tether and even the command line for advanced users.
But there are some nuances here. For example, not all models display hidden devices (those connected via MAC filtering or through a guest network). Moreover, if the attacker has replaced his MAC address, it may be more difficult to identify. In this article, we will look at all available methods, including little-known tricks for old and new models TP-Link - from budget TL-WR840N to the flagship Archer AX6000.
Before you begin, make sure you have access to your router's administrative panel. If you've forgotten your password, you can reset it using the button Reset on the back panel (hold for 10 seconds). But remember: this will reset all settings to factory defaults, including the network name and Wi-Fi password.
1. Viewing users through the router's web interface
The most reliable and universal method is to access the router's control panel through a browser. This method works on all TP-Link models, regardless of the year of manufacture. You only need a computer or smartphone connected to the router's network (via cable or Wi-Fi).
Instructions:
- 🌐 Open your browser (Chrome, Firefox, Edge) and enter in the address bar
192.168.0.1or192.168.1.1If none of the addresses work, check the sticker on the back of the router - it contains the correct IP address. - 🔑 Enter your login and password (by default this is
admin/admin, if you haven't changed it). On newer models, you may need to create an account the first time you log in. - 📊 Go to the section
Wireless mode→Wireless StatisticsOn some firmware versions the path may differ:Advanced settings→Statistics. - 📋 Here you will see a table with connected devices, which will indicate:
- IP address devices;
- MAC address (unique identifier);
- Host name (if the device broadcasts it);
- Connection time.
On models with firmware TP-Link OneMesh (For example, Archer C6) the interface may look different. In this case, look for the section Devices or Network MapIf you can't find the item you need, use the settings search (magnifying glass icon in the upper right corner).
Incorrect MAC addresses (may indicate spoofing)|Unknown hostnames (e.g., "android-123456")|Devices with suspiciously long connection times|Guest devices on the main network
-->
⚠️ Attention: Some devices (such as smart speakers or IoT gadgets) may not display the hostname or display it in encrypted form. Do not remove them from the network unless you are sure of their purpose.
2. Using the Tether mobile app
Application TP-Link Tether (available for Android And iOS) simplifies router management from a smartphone. It not only displays connected devices, but also allows block them with one tap, change traffic priority, or even send notifications about new connections.
How to use:
- 📱 Download TP-Link Tether from App Store or Google Play (the links are official, but check the developer's name - it should be
TP-Link Technologies Co., Ltd.). - 🔗 Connect to your router's Wi-Fi network and launch the app. It will automatically find your TP-Link (if enabled
UPnP). - 🔐 Enter the administrator login and password (the same as for the web interface).
- 👥 Go to the tab
DevicesorNetwork MapHere you will see all clients grouped by type (phones, computers, IoT).
Advantage Tether - opportunity quick blocking unknown devices. Click on the suspicious device and select Block. You can also assign here Priority (QoS) for important devices (for example, for smart TV during streaming).
On some models (eg, Deco M5) the application even shows connection history — this helps track exactly when a new device appeared. However, for older routers (for example, TL-WR740N) functionality may be limited to current connections only.
3. Viewing via the command line (for advanced users)
If the web interface or application is unavailable (for example, due to a failure), you can get a list of connected devices via command line Windows or Linux/Mac terminal. This method requires basic knowledge of network commands, but provides more information than standard tools. TP-Link.
Instructions for Windows:
- 🖥️ Open
Command lineas administrator (clickWin + X→Terminal (Administrator)). - 📜 Enter the command to view the ARP table (where IP and MAC address mappings are stored):
arp -aYou will see a list of all devices with which your computer has interacted on the local network.
- 🔍 To filter only active connections to the router, use:
arp -a | findstr"192.168"(replace
192.168to the first two octets of your subnet, if they are different). - 📋 For more detailed information (such as hostnames), run:
nbtstat -a [IP address]Where
[IP address]— the address of the suspicious device from the ARP table.
On Linux/Mac use the command:
arp -n | grep"192.168"
or for a detailed network scan:
nmap -sn 192.168.0.0/24
(will need to be installed nmap via package manager).
⚠️ Attention: TeamsarpAndnmapthey will show all devices on your local network, including those connected to other routers (if you have a complex topology). To accurately identify clients of your TP-Link, check the MAC addresses from its web interface.
4. How to identify unknown devices
You found a suspicious device in the list—what next? Don't rush to block it. Try it first. determine its type and affiliation.
Identification methods:
- 🔍 By MAC address: The first 6 characters (OUI) indicate the manufacturer. Check them on the website. MAC Vendors or via command:
getmac /v /fo listFor example,
B8:27:EB- This Raspberry Pi, A3C:5A:B4— devices Google. - 📱 By host name: If the device broadcasts a name (eg.
iPhone-XorSamsung-SM-G975), you can Google it. But attackers often fake names. - 🕒 By connection time: If a device appears online at night or when you are not present, this is a cause for concern.
- 📡 By Wi-Fi signal: In the web interface TP-Link Some models show the signal level (
RSSI). If it is abnormally weak (for example,-80 dBm), the device may be located outside your home.
If the device is definitely not yours, block it using:
- 🔒
MAC filtering(in settingsWireless Mode → MAC Filtering); - 🚫 Button
Blockin the app Tether; - 🔄 Change your Wi-Fi password (the most secure method).
| Sign | Probable device type | Action |
|---|---|---|
MAC starts with DC:A6:32 |
Device Apple (iPhone, MacBook) | Check your gadgets |
Host name: android-xxxx |
Android smartphone or tablet | Compare with your devices |
MAC: 78:11:DC, signal -70 dBm |
Smart light bulb or socket (IoT) | Check your smart device list |
| Unknown MAC, connects at night | Possible unauthorized connection | Lock and change your Wi-Fi password |
How do they spoof MAC addresses?
Attackers often spoof their MAC addresses to common ones (such as those from Apple or Samsung) to blend in. To identify such a device, pay attention to:
- Connection time (if it does not coincide with your schedule).
- Abnormal traffic (in the section Bandwidth control in the web interface).
- Simultaneous connection of two devices with the same MAC (this is physically impossible).
5. Problems and solutions: why devices are not displayed
Sometimes the list of connected clients in the web interface or application Tether empty or incomplete. We'll look at the causes and how to fix them.
Problem 1: There is no section in the web interface Wireless statistics.
- 🔄 Solution: Update your router firmware. On older versions (especially on TL-WR740N/840N) This section may be missing. Download the latest firmware from the website. TP-Link and update via
System Tools → Firmware Update. - 🔍 Alternative: Use
DHCP clients(Advanced Settings → Network → LAN → DHCP). Devices that have received an IP from the router will be displayed here.
Problem 2: Application Tether does not find the router.
- 📶 Solution: Make sure your smartphone is connected to the router's Wi-Fi network. Disable mobile data (4G/5G) as it may interfere with your local connection.
- 🔧 Examination: In the router's web interface, enable
UPnP(Advanced Settings → Network → UPnP). This is necessary for automatic detection of devices.
Problem 3: There are no devices connected via cable (LAN) in the list.
- 🖧 Solution: Check the section
Local Area Network (LAN)orDHCPCable clients can be displayed separately from wireless ones. - 🔌 Diagnostics: Make sure the cable is connected to the port.
LAN(NotWAN!), and the device is enabled for obtaining IP via DHCP.
⚠️ Attention: On some firmware versions TP-Link (especially on Mesh systems Deco) Devices may take up to 5 minutes to appear. If you've just connected a device, please wait or refresh the page.
6. Additional security measures
Viewing the list of connected devices is just the first step. To truly secure your network, follow these tips:
- 🔐 Change your Wi-Fi password: Use
WPA3(if supported) orWPA2-PSKwith a password of at least 12 characters. Avoid simple combinations like12345678orqwerty. - 🔄 Enable MAC address filtering: In the section
Wireless Mode → MAC FilteringAdd only your devices to the whitelist. But remember: an experienced attacker can forge a MAC address, so this method does not provide 100% protection. - 🛡️ Disable WPS: This feature is vulnerable to brute-force attacks. Find the option
WPSin the settings and deactivate it. - 🌐 Create a guest network: For friends or IoT devices, use a separate network with limited access to local resources (
Guest Network → Enable). - 📡 Hide SSID: Turn off network name broadcasting (
Hide SSID), but remember: this does not protect against experienced hackers, but only makes it more difficult for legitimate users to connect.
For maximum safety, it is recommended check the list of devices periodically (for example, once a week) and update the router firmware. On models that support TP-Link HomeCare (For example, Archer C5400) can be turned on Intrusion Prevention, which automatically blocks suspicious activity.
FAQ: Frequently Asked Questions
Is it possible to see what websites connected devices are visiting?
No, routers TP-Link do not keep a log of visited websites. For this, specialized programs are needed (for example, Wireshark) or setting up a proxy server. However, in some models (for example, Archer C4000) there is a function Parental control, which can block access to certain websites.
Why does "Unknown" appear in the device list with my MAC address?
This may be your device if:
- It is connected via cable, not Wi-Fi;
- The protocol is disabled on it.
mDNS(for example, on some Linux distributions); - The router did not have time to determine the host name (wait 1-2 minutes and refresh the page).
If you are sure that this is not your gadget, block it and change the network password.
How do I find out how much traffic each device is consuming?
In the web interface TP-Link go to Advanced Settings → Bandwidth ControlHere you can:
- View current network load by device;
- Set traffic limits for individual clients;
- Prioritize traffic (for example, for video calls).
On models without this feature (eg. TL-WR841N) use third-party programs like GlassWire (for Windows) or Fing (for mobile devices).
What should I do if my router is hacked and I can't access the settings?
If the administrator password has been changed and unknown devices are connected to the router:
- Do it hard reset (button
Resetfor 10 seconds). - Connect to the router via cable and log into the web interface with factory data (
admin/admin). - Change the administrator and Wi-Fi passwords, update the firmware.
- Check your settings
Remote Management- turn it off if it is on.
If unknown devices continue to connect after a reset, your router may be infected with malware. In this case, please contact support. TP-Link or consider replacing the device.
Do these methods work for TP-Link Deco Mesh systems?
Yes, but with some peculiarities:
- In the appendix Deco The list of devices is updated every 5 minutes.
- Mesh systems display clients of all network nodes in one list.
- Function
AI-Driven Meshcan automatically block suspicious devices.
For Deco The web interface is not available - all control is carried out through the mobile application.