Many users are familiar with the sudden drop in internet speed and the router's lights flashing wildly. Often, the cause isn't congestion from the ISP or technical issues with the equipment, but rather the presence of uninvited guests on your local network. Neighbors, drivers parked in the yard, or simply random passersby could have used your password if it's not complex enough or has been previously compromised.
There are several ways to check who is consuming your bandwidth right now. The fastest and most technically sound method for Windows users is to use the command line, also known as CMDThis tool allows you to access hidden ARP tables and see the actual IP addresses of devices currently communicating with your computer. However, to get the full picture, commands alone may not be enough, and you'll need to delve into the router's settings.
In this article, we'll detail the process for identifying connected devices, explain how to interpret the data, and what to do if you detect an unauthorized user. We'll cover both standard system utilities and web interfaces for popular router models, so you can choose the most convenient security management option for you.
Using the Command Line to Analyze a Network
Let's start with the query itself—how to view a list of Wi-Fi connections using cmd. The Windows command prompt is a powerful diagnostic tool that doesn't require any third-party software. To get started, you need to launch the command prompt with administrator privileges. You can do this by finding the app in the Start menu. cmd or "Command Prompt," right-click and select the appropriate option. An alternative and faster way is to press a key combination Win + R, enter cmd and press Enter.
The main tool for our task is the ARP (Address Resolution Protocol). It is responsible for mapping IP addresses to the physical MAC addresses of devices on the local network. When you enter the command arp -a, the system displays a table showing all the IP addresses with which your computer has recently communicated. This doesn't always mean that all devices on the list are currently active, but they are definitely within range of your network.
⚠️ Attention: The ARP table may contain entries related to virtual adapters, VPN connections, or previously connected networks. Don't panic if you see unfamiliar addresses—check their identity first.
To get more precise information about current connections, you can use the command netstat. It shows active TCP connections and listening ports. The command netstat -an will list all connections, but it's more difficult for a beginner to navigate. More useful is a command line tool that lets you see established connections in real time. This helps you determine whether a process is transmitting data to an external server, which could be a sign of malicious activity.
After entering the command arp -a You'll see a list divided by interface. We're interested in the interface corresponding to your Wi-Fi adapter (usually the wireless network connection). The list will contain IP addresses like 192.168.0.X or 192.168.1.X. Dynamic entries, obtained automatically, indicate recent device activity. Static entries, added manually, can usually be ignored unless you've specified them yourself.
MAC address analysis and device identification
Just seeing the list of numbers is half the battle. The main task is to understand which gadget each one belongs to. MAC addressA MAC address (Media Access Control Address) is a unique identifier assigned to a network interface during manufacturing. It consists of 12 hexadecimal digits separated by colons or hyphens, for example: 00-1A-2B-3C-4D-5E.
The first six characters of a MAC address are called the OUI (Organizationally Unique Identifier). They indicate the device's manufacturer. Knowing the manufacturer makes it easy to guess what kind of gadget it is. For example, if you see devices from Apple, Samsung, or Xiaomi, and you own devices from these brands, there's likely nothing to worry about. However, if an unknown manufacturer or a device with a name like "Unknown" appears in the list, it's worth taking a closer look.
You can use online services or specialized programs to decipher MAC addresses, but often it's enough to simply know the basic prefixes of popular brands. Here's a table of network interface manufacturers:
| MAC Prefix (OUI) | Manufacturer | Typical devices |
|---|---|---|
| 00:1A:2B | Apple, Inc. | iPhone, iPad, MacBook |
| 00:24:E4 | Samsung Electronics | Galaxy TVs and smartphones |
| 00:1E:58 | Huawei Technologies | Routers, modems, smartphones |
| 00:50:56 | VMware, Inc. | Virtual machines (PC) |
| 00:0C:29 | VMware, Inc. | Virtual network adapters |
Why can a MAC address be spoofed?
Some operating systems (such as iOS and Android in new versions) use MAC address randomization when connecting to new networks. This means the actual hardware is hidden, and each time the device connects, it presents itself with a new, random address. This is designed to protect user privacy in public places, but can be confusing for home network administrators.
If you find a device that you cannot identify, try disabling Wi-Fi on your gadgets one by one and updating the ARP table with the command arp -d * (clear cache) followed by arp -aIf an address disappears from the list, it will reveal which device it belonged to. This is an effective elimination method, allowing you to weed out your own devices.
Checking connected clients via the router's web interface
While the command line provides technical information, the most complete and reliable source of data is the router itself. It distributes IP addresses via DHCP and knows about every connected client. To access the control panel, open a browser and enter the gateway IP address in the address bar. By default, this is most often 192.168.0.1 or 192.168.1.1The exact address, login, and password are usually indicated on a sticker on the bottom of the device.
Interfaces vary greatly between manufacturers, but the logic for finding the client list is the same. You need to find a section called "Wireless," "Wi-Fi," "Status," "Network Map," or "Client List." In modern models from TP-Link, ASUS, Keenetic, or Xiaomi, this information is often displayed on the main screen/dashboard immediately after logging in.
⚠️ Attention: If you've changed your Wi-Fi password but haven't changed the password for logging into your router settings (admin), an attacker can not only connect to the network but also change the settings of the equipment itself.
In the router's client list, you'll see not only IP and MAC addresses, but also often device names (hostnames), if they're transmitted correctly. For example, you might see "Ivan-iPhone," "LivingRoom-TV," or "Desktop-PC." This greatly simplifies identification. The router also displays the connection type (2.4 GHz or 5 GHz) and the IP address lease time.
If the list contains devices you don't recognize, and you're sure it's not a forgotten gadget like a smart light bulb or robot vacuum, you need to take immediate action. Modern routers allow you to block devices directly from this list by clicking the "Block" or "Blacklist" button next to the device. This will immediately disconnect the connection.
Hidden networks and special monitoring utilities
Sometimes standard Windows tools or the router's basic interface aren't enough, especially if you need to analyze the airwaves for hidden networks (Hidden SSIDs) or assess signal strength at different points in your apartment. For these purposes, there are specialized programs that go deeper than the standard ones. cmd.
One of the most popular utilities is Wi-Fi Analyzer or more advanced scanners like AirMagnet (for professionals) or free equivalents for home use. These programs generate channel load graphs, display signal strength in dBm, and allow you to see all broadcast packets. They are useful not only for finding neighboring connections but also for optimizing your own network—selecting a clear channel to avoid interference.
Also worth mentioning are mobile applications for Android-based smartphones such as Fing or Network ScannerThey work on the same principle as the command line, but have a user-friendly graphical interface. Running a scan through such an application will list all devices on the network and attempt to automatically detect their type (camera, printer, phone) and manufacturer. This is a great way to quickly scan without turning on your computer.
☑️ Wi-Fi Security Checklist
Using third-party software offers the advantage of greater granularity. For example, you might notice that a device is constantly trying to connect but is being blocked, or see devices that have hidden their names. However, for a quick, one-time check of "who's using my Wi-Fi," the built-in OS tools or the router's web interface are quite sufficient.
What to do if strangers connect to your Wi-Fi
Detecting an intruder on your network isn't just a loss of bandwidth; it's also a potential threat to your data security. While on the same local network, it's theoretically possible to access shared folders, printers, or even intercept unencrypted traffic (although this is more difficult with HTTPS). Therefore, you need to act decisively.
The first and most effective step is complete change password On Wi-Fi. When you change the password, all devices will be disconnected, and you'll have to reconnect them using the new key. Make sure the new password is complex: use a combination of upper- and lower-case letters, numbers, and special characters, at least 10-12 characters long.
The second step is to turn off the technology WPS (Wi-Fi Protected Setup). This feature allows you to connect to the network by pressing a button or using a PIN code, but it has known vulnerabilities that allow a brute-force attack to crack the password in a matter of hours. In your router settings, find the WPS section and set it to "Disabled."
⚠️ Attention: After changing your password, be sure to update the data on all your devices (TVs, phones, tablets), otherwise they will not be able to connect to the network automatically.
The third step is to enable MAC filtering. This is a "whitelist" where you add only the addresses of your devices. The router will ignore any connections with addresses not on the list, even if the attacker has the correct password. This is the most secure, but also the most labor-intensive method, since every time you buy a new device, you'll have to manually add it to the router settings.
Home network prevention and protection
The best defense is prevention. Regularly check who is connected to your Wi-Fi, especially if you notice any unusual network behavior. Avoid using simple passwords like "12345678" or a phone number. It's also a good idea to use a guest network.
The guest network feature allows you to create a separate access point with its own password. You can share it with friends or use it to connect IoT devices (smart light bulbs, plugs), which often have weak security. Even if a hacker breaks into your smart light bulb, they'll be on an isolated network segment and won't be able to access your computer and your banking information.
Don't forget to update your router's firmware. Manufacturers regularly release security patches that fix vulnerabilities that could allow remote device management. You can check for updates in the "System Tools" or "Administration" sections of the web interface.
Frequently Asked Questions (FAQ)
Can my neighbor steal my internet if I hide my network name (SSID)?
Hiding your network name (SSID Broadcast) is a weak security measure. The network isn't visible in the regular list of available networks, but special programs can easily find hidden networks. Furthermore, when your device attempts to connect to a hidden network, it broadcasts its name, making it visible to sniffers. A more secure solution is to use a complex password and WPA3 encryption.
Does the number of connected devices affect internet speed?
Yes, the bandwidth is shared among all active users. If one of the connected devices (yours or someone else's) starts downloading large files or watching 4K videos, the speed on other devices will drop significantly. The router also has a limit on the number of simultaneous connections, after which new devices may not be able to connect or the network may crash.
How can I find out who is actually online if they have a program installed to hide their MAC address?
If a device uses MAC address randomization, its actual hardware cannot be identified. However, you will see a device with an incomprehensible name or a random set of characters. In this case, the only solution is to block it based on its appearance in the list or switch to MAC address whitelist filtering.
Is it safe to use Wi-Fi hacking software to check your own network?
The use of such programs (for example, modified versions WiFi Master Key It's dangerous to use (and similar) passwords on your devices. They often transmit your network passwords to shared databases. To check security, it's best to use legitimate network scanners and change the passwords on your routers.