How to view your Wi-Fi router's history: connections, logs, and activity

Have you ever wondered who was connecting to your home Wi-Fi and when? Perhaps you've noticed a suspicious slowdown in your internet speed or simply want to control network access. Checking the router's history — this is the first step to ensuring the security of your local network. Unlike mobile operators, where connection history is stored for years, home routers typically only store logs for a limited time. But even this data is enough to identify unauthorized devices or analyze network load.

In this article, we'll explore all the available ways to view your router's Wi-Fi history—from standard web interface features to hidden commands for advanced users. You'll learn how to check connected devices, activity logs, IP address history and even recover deleted data using third-party tools. We'll pay special attention to the differences between popular router models (TP-Link, ASUS, Keenetic, Xiaomi) and restrictions imposed by manufacturers on log storage.

Let's be clear: most consumer routers don't keep a full "history" in the traditional sense (like browsers or instant messaging apps, for example). Instead, they record current connections, system events And traffic statistics for a limited period. However, even this data is sufficient to identify suspicious activity or optimize network performance.

📊 Why do you need a router history?
Network security control
Finding the Cause of Slow Internet
Tracking children's activity
Curiosity
Other

1. What specific "history" can be checked in a router?

Before proceeding with the instructions, it's important to understand what data is available for viewing. Consumer routers record several types of information, which can be loosely referred to as "history":

  • 📱 List of connected devices — MAC and IP addresses of devices that are currently or have previously been connected to the network. Most routers only show current connections, but some models (for example, ASUS RT-AX88U) store a list of devices for the last 24–72 hours.
  • 📊 System event logs — a record of router startup/shutdown, settings changes, and connection errors. Includes timestamps and sometimes the IP/MAC addresses of the event initiators.
  • 📈 Traffic statistics — the volume of downloaded/uploaded data by device or across the network as a whole. Storage time can range from several hours to a month (depending on the model).
  • 🔍 DHCP Log — IP address assignment history for devices. Allows you to track which devices have received addresses on the network, even if they are currently offline.
  • ⚠️ Security logs — hacking attempts, parental control blocking, and failed authorizations. Not available on all models.

It is important to understand that Most routers do not store browsing history or specific user actions. - this requires specialized programs (for example, OpenDNS or Pi-hole) or setting up a proxy server. However, even standard logs are sufficient to:

  • 🛡️ Identify suspicious devices on the network (for example, an unknown smartphone or a neighbor's smart light bulb).
  • 🐢 Find the cause of your internet slowdown (for example, if one device is consuming all your traffic).
  • 👨‍👩‍👧‍👦 Control the time your children spend connected to Wi-Fi.
⚠️ Note: Manufacturers often limit the depth of log storage to save router memory. For example, TP-Link Archer C6 stores system logs only for the last 100 events, and Keenetic — up to 1000 records. Once full, old data is automatically deleted.

2. Method 1: View current and recent connections via the web interface

The easiest way to check which devices are connected to your Wi-Fi is to access your router's web interface. Most modern models display a list of devices in real time, while some save data for the past day or two.

Instructions for popular brands:

Router brand Path to the list of devices Depth of history Additional functions
TP-Link General Settings → Wireless → Wireless Statistics Current + last 24 hours Blocking devices by MAC
ASUS Network Map → Devices or Local Area Network → DHCP Current + up to 72 hours Traffic prioritization (QoS)
Keenetic Devices → Device List Current + up to 30 days (in premium models) Activity graphs by time
Xiaomi Devices → Connected devices Current only Speed ​​limit by device
Zyxel Network → Local Area Network → DHCP Current + 7-day DHCP log MAC address filtering

To get the most complete information:

  1. Open the router's web interface (usually at 192.168.0.1 or 192.168.1.1). The default login and password are indicated on the device sticker.
  2. Find the section with the list of devices (see the table above).
  3. Pay attention to the columns MAC address, IP address, Host name And Connection time.
  4. Export the list to a file (if available) for further analysis.

Unknown MAC addresses (starting with unknown manufacturers)

Devices with non-standard names (e.g. "android_123456")

Gadgets connected at unusual times (at night)

Devices with high traffic consumption-->

If you see a suspicious device in the list, you can block it directly from the router interface. To do this:

  1. Find the button Block or Deny access next to the device.
  2. Or add its MAC address to the blacklist in the section Security or MAC filtering.

3. Method 2: Analyzing the router's system logs

System logs (event logs) contain detailed information about all significant actions on the router: connections, errors, and settings changes. Unlike the device list, you can find timestamps and sometimes even IP addresses, which helps reconstruct the chronology of events.

How to find and read logs:

  1. In the router's web interface, find the section System tools, Administration or Magazine (eng. System Log, Event Log).
  2. Enable extended logging (if available) Log Level, select Debug or Info).
  3. Please pay attention to filters: some routers allow you to display logs only for certain categories (for example, Wireless, DHCP, Firewall).
  4. Export logs to a text file for easy searching by keywords (e.g. assoc for connections or drop for blocking).

Example of log entries ASUS RT-AC68U:

May 15 14:30:22 kernel: wlceventd_procsock: [192.168.1.100] assoc   00:1A:2B:3C:4D:5E

May 15 14:30:25 dnsmasq-dhcp: DHCPACK(br0) 192.168.1.100 00:1A:2B:3C:4D:5E

May 15 15:45:10 kernel: wlceventd_procsock: [192.168.1.100] disassoc 00:1A:2B:3C:4D:5E

Here you can see that the device is with MAC 00:1A:2B:3C:4D:5E connected to the network at 2:30 PM and received an IP address 192.168.1.100, and then turned off at 15:45.

Key events to watch out for:

  • 🔌 assoc — connecting the device to Wi-Fi.
  • 🔗 DHCPACK — assigning an IP address to the device.
  • drop or block — connection blocked (possibly due to an incorrect password or MAC filter).
  • ⚠️ authentication failed - unsuccessful connection attempt (may indicate hacking).
  • 🔄 reassoc — reconnecting the device after a connection break.
⚠️ Warning: Router logs may contain personal data (IP addresses, device names). If you share log screenshots for diagnostic purposes, please delete sensitive information first.
How to increase log storage depth?

Some firmware (for example, DD-WRT or OpenWRT) allow you to configure saving logs to an external drive or sending them to a syslog server. To do this:

1. Connect the flash drive to the USB port of the router.

2. In the log settings, specify the path for saving (for example, /mnt/sda1/router_logs.txt).

3. Set up log rotation to prevent files from growing endlessly.

4. Method 3: Checking the DHCP log (IP address allocation history)

The DHCP log is a hidden source of information about every device that has ever connected to your network. Even if a device has been disconnected for a long time, its MAC address may still be stored in the router's DHCP server. This is especially useful if you suspect that unauthorized devices have connected to your Wi-Fi in the past.

How to find the DHCP log:

  1. In the router's web interface, go to the section Local area network (or LAN), then DHCP.
  2. Look for tabs like DHCP Clients List, Address Reservation or DHCP Leases.
  3. In some models (eg, Keenetic) DHCP log is available in the section Devices → DHCP Log.
  4. Pay attention to the columns MAC address, IP address, Host name And Rental time.

Example of DHCP log from Zyxel Keenetic:

MAC address IP address Host name Lease time

00:1A:2B:3C:4D:5E 192.168.1.100 iPhone-X 2026-05-15 14:30

A4:B1:C2:D3:E4:F5 192.168.1.101 Laptop-Lenovo 2026-05-14 09:15

88:99:AA:BB:CC:DD 192.168.1.102 AndroidTV 2026-05-13 20:45

What can you learn from the DHCP log:

  • 📅 Connection dates: Even if the device is currently offline, the IP lease time will show when it was last online.
  • 🔄 Connection frequency: If the same device appears online regularly, it may indicate an automatic connection (such as a smart speaker or camera).
  • 📱 Device types: by host name or MAC address you can determine the manufacturer and type of gadget (smartphone, TV, laptop, etc.).

If your router doesn't have an explicit DHCP log section, try:

  1. Enable advanced settings (usually in the section System Tools → System Settings).
  2. View system logs (as in Method 2) and filter the entries by keyword DHCP.
  3. Use Telnet/SSH (for advanced users) and run the command:
cat /var/lib/misc/dnsmasq.leases

5. Method 4: Using third-party programs to monitor the network

If your router's standard features aren't sufficient, you can use specialized network analysis software. These allow you to:

  • 📡 Monitor all connected devices in real time.
  • 📊 Build traffic consumption graphs for each gadget.
  • 🛡️ Detect suspicious activity (e.g. port scanning).
  • 📁 Save connection history for a long time (unlike a router).

Popular programs for Windows, macOS, and Linux:

Program Platform Functions Price
Wireshark Windows, macOS, Linux Deep packet analysis, MAC/IP filtering, log export For free
GlassWire Windows, macOS, Android Traffic monitoring, new device alerts, graphs Free (premium from $39)
Fing Windows, macOS, iOS, Android Network scanner, device discovery, port checker Free (Premium from $29.99)
Angry IP Scanner Windows, macOS, Linux IP address scanner, MAC and manufacturer detection For free
PRTG Network Monitor Windows (server) Traffic monitoring, alerts, reports, and router integration Free for up to 100 sensors

Instructions for use GlassWire (using Windows as an example):

  1. Download and install the program from official website.
  2. Launch GlassWire and wait for the network to scan (may take 1–2 minutes).
  3. Go to the tab Network (Network) → Things (Devices).
  4. The program will display all connected devices, indicating their MAC address, manufacturer, IP address, and consumed traffic.
  5. To get notified about new devices, turn on Alerts (Notifications) in settings.

For experienced users it will be useful Wireshark:

  1. Install the program and select the network interface to capture traffic.
  2. Start the capture and wait for the data to appear (or save the dump for analysis later).
  3. Use a filter wlan.addr == 00:1A:2B:3C:4D:5Eto track the traffic of a specific device.
  4. To analyze DHCP packets, use a filter dhcp.
⚠️ Attention: Programs like Wireshark capture all Network traffic, including potentially sensitive data (passwords, cookies, etc.). Do not use them on public networks and store traffic dumps in a secure location.

6. Method 5: Viewing history through the manufacturer's mobile app

Many modern routers support management via mobile apps, which often provide a more convenient interface for viewing connection history than the web panel. For example, apps TP-Link Tether, ASUS Router or Mi Wi-Fi allow:

  • 📱 View currently connected devices and their types (smartphone, laptop, TV, etc.).
  • 📊 View traffic consumption graphs by device.
  • 🛡️ Block suspicious gadgets with one tap.
  • 🔔 Receive notifications about new connections.

How to use the mobile application (using an example) TP-Link Tether):

  1. Download the app from Google Play or App Store.
  2. Connect to your router's network and log in to the application (use the same login/password as for the web interface).
  3. Go to the section Devices or Net.
  4. Tap any device to see details: MAC address, IP, connection time, and traffic consumed.
  5. To view your traffic history, go to Statistics or Monitoring.

Advantages of mobile applications:

  • ✅ More intuitive interface compared to the web panel.
  • ✅ Real-time notifications about new devices.
  • ✅ Possibility of remote router management (if cloud access is enabled).

Flaws:

  • ❌ Limited functionality compared to the web interface (for example, no access to full system logs).
  • ❌ Not all router models support mobile apps.
How to enable notifications about new devices in Mi Wi-Fi?

1. Open the app Mi Wi-Fi.

2. Go to Security → Security Notifications.

3. Enable the option New devices.

4. Set up exceptions for trusted devices (for example, your smartphone or laptop).

7. Method 6: Recovering deleted logs (for advanced users)

If the router logs have been cleared (for example, after a reboot or reset), you can try to restore them using specialized tools. This method is only suitable for routers that support Telnet/SSH or custom firmware (DD-WRT, OpenWRT).

Important: Incorrect actions may result in loss of router settings or its failure. If you are unsure of your skills, skip this section.

Instructions for routers with OpenWRT:

  1. Connect to the router via SSH (use PuTTY for Windows or terminal for macOS/Linux).
  2. Run the command to search for log files:
find / -name "*.log" -o -name "syslog" -o -name "messages"
  1. View the contents of the found files (for example, cat /var/log/messages).
  2. If the logs have been overwritten, try restoring them from a backup (if one was created):
tar -xvzf /path/to/backup.tar.gz -C /tmp/

cat /tmp/etc/config/dhcp

For routers with factory firmware:

  1. Check if access is enabled Telnet (sometimes it is open by default on some models TP-Link And D-Link).
  2. Connect via Telnet and run:
cat /var/log/messages | grep "dhcp"
  1. If the logs are not saved, try to find them in temporary memory:
dmesg | grep "wlceventd"

An alternative way is to use dd to create a memory dump:

dd if=/dev/mtdblock3 of=/tmp/mtdblock3.dump

strings /tmp/mtdblock3.dump | grep "192.168"

This command searches the memory dump for fragments containing IP addresses, which can help reconstruct part of the history.

⚠️ Attention: Working with low-level commands (dd, mtd) may lead to irreversible damage to the firmware router. Don't follow them if you don't understand the consequences.

8. How to protect your router from unauthorized access?

Checking your connection history is only the first step to securing your network. To prevent unwanted access in the future, follow these steps:

  • 🔒 Change the default password for the admin panel: Many routers use default passwords like admin/admin or admin/passwordSet a complex password (at least 12 characters with numbers and special characters).
  • 🔄 Update the firmwareManufacturers regularly release updates to patch vulnerabilities. Check your firmware is up-to-date in the section System Tools → Software Update.
  • 📡 Disable WPS: Technology Wi-Fi Protected Setup has critical vulnerabilities. Disable it in your wireless network settings.
  • 🛡️ Enable MAC filtering: Allow connections only to trusted devices (although this is not a panacea, as MAC addresses can be spoofed).
  • 🌐 Change the network name (SSID): Don't use standard names like TP-Link_1234Please provide a neutral name that does not contain any personal information.
  • 🔍 Set up a guest network: For visitors, create a separate network with limited access to local resources.
  • 📊 Turn on notifications for new devices: Many routers and mobile apps can notify you of new connections.

Additional measures for advanced users:

  • 🔗 Set up a VPN on your router: This encrypts all traffic and protects against eavesdropping.
  • 📁 Disable remote controlIf you don't use internet access to your router, disable it in the settings.
  • 🛠️ Install alternative firmware: DD-WRT or OpenWRT offer advanced security features.

Regularly check the list of connected devices and router logs (e.g., once a week). If you notice any suspicious activity:

  1. Change your Wi-Fi password immediately