How to Check Who's Connected to My Router: A Step-by-Step Guide

A sudden drop in internet speed or flashing lights on the router are often the first warning signs for home network owners. Many users begin to suspect that unauthorized users have accessed their wireless access point, a concern that is entirely justified in today's digital world. Unauthorized access Wi-Fi not only steals your traffic, but also gives attackers access to personal files stored on computers and smartphones within the local network.

Fortunately, modern routers have built-in monitoring tools that allow you to see a list of all active devices in real time. You don't need to be a certified system administrator or have in-depth knowledge of network protocols to conduct a basic audit of your network. All you need is access to the router's web interface and a few simple steps to check.

In this article, we'll take a detailed look at methods for detecting hidden connections, review standard diagnostic tools from various equipment manufacturers, and discuss what steps to take immediately if you detect an intruder. Understanding the operating principles local network will help you protect your data from theft and ensure the stable operation of all your gadgets.

Symptoms of unauthorized network access

The first sign that your Wi-Fi is being used by neighbors or hackers is abnormal behavior of your network equipment. If you're not downloading large files, watching 4K videos, or updating games, but your router's activity lights are flashing wildly, this is cause for concern. Traffic It shouldn't disappear without a trace, and its active consumption without your knowledge indicates the presence of an external consumer.

Another obvious symptom is a critical drop in connection speed. Even with a high-bandwidth plan, the channel may be completely occupied by someone else. This is especially noticeable when trying to stream video, where the image constantly buffers, or when playing online games, where lags and connection drops occur.

⚠️ Attention: Don't rush to blame your provider for poor connection quality. Before contacting technical support, always check the list of connected clients, as the problem often stems from channel congestion caused by unrelated devices.

It's also worth paying attention to the behavior of the devices themselves. If your computer or smartphone periodically loses connection to the router or can't obtain an IP address, this may indicate address conflictThis happens when a device with a reserved MAC address enters the network or when the DHCP address pool is exhausted due to a large number of connections.

📊 Have you noticed any strange behavior from your router?
Yes, all the lights are on.
The Internet has become very slow.
Devices keep turning off
No, everything seems to be fine.

Using the router's built-in interface

The most reliable and accurate way to find out who's using your Wi-Fi is to access the router's administrative panel. This is where all updated information about DHCP leases and active connections is stored. To access this, open any browser and enter the gateway IP address in the address bar, which by default is usually 192.168.0.1 or 192.168.1.1.

After entering the address, the system will ask for your login and password. If you've never changed these details, they're most likely the default ones (admin/admin) and are listed on the sticker on the bottom of the device. However, for security reasons, we strongly recommend changing the default login details immediately after purchasing the equipment. Once inside, look for a section with a name such as "Wireless Statistics," "Client List," or "DHCP Server."

In this section, you'll see a table displaying all devices currently connected to the network. Their IP addresses, MAC addresses, and possibly hostnames will be listed. MAC address — is a unique identifier of a network interface that is virtually impossible to forge during a normal connection, making it the primary marker for identifying a gadget.

Interfaces from different manufacturers vary greatly, but the essence remains the same. For example, TP-Link This is often the "Wireless" -> "Wireless Statistics" tab, Asus — "Network Map" -> "Clients" tab, and Mikrotik Information is contained in the "Wireless" -> "Registration Table" menu. It's important to carefully review each menu item related to wireless connections.

Analyzing the list of connected devices

After receiving a list of connections, users often face a problem: how do they know which device is which? The list may display obscure names like "android-5f3a2b" or simply a string of numbers. This is where comparing MAC addresses comes in handy. Each network adapter has a unique physical address, which can be found in the device's settings.

On an Android smartphone the path usually goes through Settings → About phone → General information → Wi-Fi MAC addressOn Windows, you can find out by opening the command prompt and entering the command ipconfig /all, finding the "Physical Address" line. By comparing this data with the list in the router, you can identify each device.

For ease of data systematization, you can use the following table of feature correspondence:

Device type Where to watch MAC Sign in the router Action
Smartphone Settings -> About phone Model name or "Android" Compare the numbers
Laptop (Windows) cmd -> ipconfig /all Computer name Compare the numbers
Smart TV Network settings TV model Compare the numbers
Unknown - Unknown / Generic Block

If you see a device in the list that you can't identify, try disabling Wi-Fi on your devices one by one and see if the suspicious entry disappears from the list. This is the simplest method of elimination. If, after disabling all your devices, the unauthorized client still appears in the list, it means someone else has gained access.

☑️ Checking the client list

Completed: 0 / 4

Network diagnostic software

If access to your router settings is limited for some reason or the interface is too complex, you can use third-party network scanning software. These utilities operate at the protocol level and display all active hosts on the local network, regardless of whether you're connected via cable or Wi-Fi.

One of the most popular and functional programs is Wireless Network Watcher from NirSoft. It's free, requires no installation, and immediately scans the network after launch, listing all detected devices. The program displays the IP address, MAC address, network card manufacturer (based on the first six characters of the MAC address), and the device name.

Another powerful tool is Advanced IP ScannerThis scanner is extremely fast and allows you to not only view devices but also access shared folders or device web interfaces directly from the program window. For the average user, this is a great way to quickly get a complete picture of what's happening on the air.

⚠️ Attention: Download network analysis software only from the developers' official websites. Versions from third-party sources may contain viruses, which in themselves can cause data leaks.

Using software is especially convenient because it doesn't require entering the router password, only an active connection to the same network. However, keep in mind that such programs only see what your computer "sees." If Client Isolation is enabled on your router, the scanner may not see other devices, although they will still be working.

What is client isolation?

AP Isolation is a router feature that prevents devices connected to Wi-Fi from seeing and communicating with each other. They only have internet access. This improves security in public spaces but interferes with file transfers between devices.

Methods for blocking uninvited guests

If you detect an intruder, you must immediately block their access. The simplest, but temporary, solution is to change your Wi-Fi password. After changing the security key in your router settings (Wireless Security) all devices will be disconnected. You'll have to re-enter the new password on all your devices, and the attacker, without the new key, will no longer be able to connect.

A more professional and flexible method is MAC address filtering. In the router settings, there's a "MAC Filter" section. Here, you can create a "Blacklist" of unwanted device addresses. The router will ignore any connection attempts from these addresses, even if the Wi-Fi password is correct.

There's also a "Whitelist" mode, which allows network access only to devices whose MAC addresses are included in the list. Anyone else won't be able to connect, even if they know the password. This is the highest level of protection, but it requires manual registration of each new device, which can be inconvenient for large families or frequent guests.

After blocking your connection, remember to check to see if the attacker still has access. Sometimes a router reboot is required to terminate active sessions. It's also recommended to check to see if the hacker changed any router settings while inside the network.

Strengthening wireless network security

Once you've kicked out the intruders, it's important to close the door they entered through. First, check the encryption type. In modern settings (Wireless Security) the mode must be selected WPA2-PSK (AES) or even newer WPA3The outdated WEP and WPA (TKIP) protocols can be cracked in a few minutes, even by a novice using a smartphone.

Passwords should be complex: include mixed-case letters, numbers, and special characters. Avoid obvious combinations like your date of birth or phone number. A good password is a set of random characters at least 12 characters long. To easily store such passwords, use a password manager.

You should also disable the WPS (Wi-Fi Protected Setup) feature. This technology is designed to simplify connecting devices with the push of a button, but it has critical vulnerabilities that make it easy to brute-force the PIN code and gain access to the network. In the router menu, find the WPS option and set it to Disable or Off.

⚠️ Attention: Router interfaces and function names may vary depending on the model and firmware version. If you can't find a specific feature, consult the manufacturer's official instructions or search for a manual for your specific model online.

Update your router firmware regularly. Manufacturers release updates that patch security holes. Go to the "System Tools" or "Administration" section and check for a new version. Automatic updates are your best friend for security.

Why is WPS dangerous?

The WPS protocol uses an 8-digit PIN code. Trying all the combinations would take forever, but the verification algorithm has a flaw: it checks the first four digits separately from the last four. This reduces the brute-force time from thousands of years to a few hours, and with powerful equipment, to minutes.

Frequently Asked Questions (FAQ)

Can my neighbor steal my internet if I changed my password?

If you've changed your password to a strong one and enabled WPA2/WPA3 encryption, they won't be able to connect. However, if you have WPS enabled or previously granted access via QR code, they could theoretically still have access. If you have any doubts, it's best to enable MAC address filtering.

Does the number of connected devices affect internet speed?

Yes, it does have a direct impact. The connection bandwidth is shared among all active users. If someone is downloading torrents or watching high-quality videos, other devices will lack bandwidth, resulting in lag and slow page loading speeds.

How can I find out who is using my Wi-Fi if the device name is hidden?

The device's host name can often be changed in the gadget's settings, or it may not be transmitted. The only reliable method of identification is the MAC address. The first six characters of the MAC address indicate the manufacturer (e.g., Samsung, Apple, Intel), which helps identify the device type, and comparing it to your own gadgets will help identify the intruder.

Is it safe to use Wi-Fi scanning software?

Legitimate tools like Wireless Network Watcher or Advanced IP Scanner are safe to use if downloaded from official sources. They operate within standard network requests. However, avoid programs with names like "Wi-Fi Hacker" or "Password Cracker," as they often contain malicious code.