How to check who's connected to Wi-Fi: step-by-step instructions

A sudden drop in internet speed is often the first warning sign for home network owners. You notice that pages take longer to load than usual, and video calls are interrupted even with a good plan. In such a situation, the first thing to suspect is that someone else has connected to your access point.

Unauthorized access not only steals your traffic, but also gives attackers access to local files and smart devices. Checking the client list This is a basic digital hygiene procedure that every user should be able to perform. Ignoring this step can lead to personal data leaks or the use of your channel for illegal activities.

There are several proven ways to identify "guests" on your network, from mobile apps to in-depth diagnostics via the router's web interface. We'll break down each method so you can choose the most convenient and effective option for your situation. Please note: modern routers often hide device names, showing only MAC addresses.

Using mobile apps to scan the network

The fastest and most accessible way to check who's using your Wi-Fi is to use specialized smartphone apps. You don't need to be an IT professional to navigate these apps, as they're designed for the general user. Simply download the app from the official app store (Google Play or the App Store) and run a scan.

Apps like Fing or WiFi Analyzer Instantly generate a network map, displaying all active devices. They not only display IP and MAC addresses but can also often identify the device manufacturer (for example, Apple, Xiaomi, or Samsung) by the first digits of the MAC address.

📊 How do you prefer to check the network?
Via the app on your phone
Via a browser on a PC
Via the command line
I don't check

However, it's important to remember that such applications only work within your local network. If you're away from home, you won't be able to remotely check the list of connections through them without a cloud account on the router itself. Also, some antivirus programs may block port scanning, considering it suspicious activity.

  • 📱 Convenience: Scanning takes literally a few seconds after launch.
  • 🔍 Details: Ability to see open ports and running services on devices.
  • ⚠️ Limitation: Requires installation of additional software on your smartphone.
⚠️ Attention: Free versions of scanners often contain ads or have a limit on the number of scans per day. This isn't a big deal for a one-time scan, but ongoing monitoring may require a subscription.

Analyzing connected devices via the router's web interface

The most reliable and complete source of information is the router's admin panel. This device manages IP address distribution and monitors every connection in real time. To access it, enter the gateway address (usually 192.168.0.1 or 192.168.1.1) in your browser's address bar.

Interface from different manufacturers (TP-Link, ASUS, Keenetic, MikroTik) looks different, but the logic remains the same. You need to find a section that may be called "Client List," "DHCP Server," "Wireless Status," or "Status." This is where a table of all active connections is displayed.

In this section, you'll see not only MAC addresses but also IP lease time, connection type (wired or wireless), and sometimes the device's hostname. This allows you to accurately identify whether the device is yours or someone else's. For example, you'll immediately notice if an unknown "Android-12" connects to the network while your phone is in your pocket.

Interfaces and menu names may vary depending on your router's firmware version. If you can't find the item you need, consult the manufacturer's official documentation for your model or look for up-to-date screenshots for your firmware version.

The main advantage of this method is the ability to not only identify but also immediately block the intruder. Most modern routers have a "Block" or "Blacklist" button directly in the client list. This action immediately terminates the connection and prevents reconnection from that MAC address.

Identifying devices by MAC address

Often connection lists display strange character sets, such as: A4:5E:60:C2:11:FFThis is a MAC address—a unique identifier for a network interface. To understand what kind of device it is, you need to know how to read this code. The first three pairs of characters (OUI) indicate the hardware manufacturer.

There are special online tables and OUI databases that allow you to identify a brand by its prefix. However, modern manufacturers often randomize MAC addresses for privacy, which can be confusing. In this case, the system may identify the device as "Unknown" or assign a random manufacturer.

What is MAC address randomization?

This is a security feature in iOS and Android that changes the device's MAC address when connecting to different networks to prevent location tracking. On a home network, this can create the illusion of a new device.

For accurate identification, it's best to use the elimination method. Turn off Wi-Fi on all your known devices (TV, phone, laptop) and see which addresses disappear from the list. Addresses that remain "alive" most likely belong to strangers or forgotten gadgets (such as a smart plug).

The table below shows examples of MAC address prefixes from popular manufacturers:

Prefix (OUI) Manufacturer Typical devices
00:1A:2B Texas Instruments Network cards, routers
3C:5A:B4 Google Inc. Android smartphones, Chromecast
00:1C:B3 Apple, Inc. iPhone, iPad, MacBook
B8:27:EB Raspberry Pi Single-board computers, smart home
DC:71:44 Huawei Routers, Honor/Huawei smartphones

Knowing these codes helps you quickly filter your devices. If you see an address starting with B8:27:EBIf you don't have a Raspberry Pi, you should be wary. However, keep in mind that large factories can produce chips for different brands, so identifying the chip by MAC address isn't always a 100% guarantee.

Checking via the Windows command line and the ARP table

For advanced users who prefer not to install unnecessary software, the Windows command line is an excellent tool. Protocol ARP (Address Resolution Protocol) stores tables of mappings between IP addresses and physical MAC addresses of devices with which your computer has recently communicated.

To access this information, open a command prompt (press Win + R, enter cmd and press Enter). In the black window that opens, enter the command arp -aThe system will display a list of all devices your PC has communicated with on the local network.

C:\Users\User>arp -a

Interface: 192.168.1.5 --- 0x3

Internet Address Physical Address Type

192.168.1.1 00-11-22-33-44-55 dynamic

192.168.1.15 aa-bb-cc-dd-ee-ff dynamic

The list may not be complete, as the ARP table is cleared after a router reboot or timeout. To update the list, you can ping the entire address range first, but this requires knowledge of the subnet. For the average user, looking at devices with the "dynamic" status is sufficient.

  • 💻 Speed: Instant results without installing programs.
  • 🛠️ Versatility: Works on any version of Windows without the Internet.
  • 📉 Incompleteness: Shows only those who have actively communicated with your PC.

Signs of unauthorized Wi-Fi access

How can you tell if someone has actually connected to your network if you don't see any obvious unauthorized devices in the list? Often, the "hacker" uses disguise or changes the device's name to something similar. There are indirect signs that should alert the observant user.

The first sign is abnormal behavior of the router's indicators. The light WLAN Or the wireless network icon starts flashing rapidly and erratically even when you've turned off all your devices. This means there's active data packet exchange.

The second sign is a drop in speed. If your plan offers 100 Mbps, but you're getting 5-10 Mbps with no downloads, something is "eating" your bandwidth. This is especially noticeable when watching 4K videos or playing online games, where ping spikes sharply.

⚠️ Attention: A slow internet speed doesn't always indicate a hack. It could be caused by interference from neighboring routers on the same frequency, problems with your ISP, or background Windows updates.

You should also pay attention to any unusual behavior in your smart home. Lights may turn on by themselves, and speakers may start making sounds if an intruder has gained access to the local network and is scanning the ports of IoT devices. In rare cases, your antivirus software may report an unauthorized access attempt from the local network.

What to do if you find a stranger: blocking and protection

If you discover an unknown device, you need to act quickly and decisively. Simply disabling it isn't enough, as automated programs may attempt to reconnect. The first step should always be changing your Wi-Fi password.

Go to your wireless network settings (Wireless Settings) and change the password. Select a complex encryption type, be sure WPA2-PSK or WPA3Old protocols WEP And WPA can be hacked in a matter of minutes even by an inexperienced user.

☑️ Action plan in case of hacking

Completed: 0 / 4

An additional security measure is MAC address filtering. You can create a "whitelist" in your router settings, adding only your devices. All other devices, even with the password, will be blocked from connecting. This is the most reliable, but also the most labor-intensive method (if you buy a new device, you'll have to enter its MAC address manually).

Don't forget to turn off the feature as well WPSIt allows connection by pressing a button or using a PIN code, but it is one of the biggest security holes in home routers. Attackers often exploit WPS vulnerabilities to gain access without knowing the password.

After completing all the steps, reboot your router. This will disconnect all active connections. Check the client list again in 5-10 minutes. If the list is clear and contains only your devices, the network is considered secure.

Can my neighbor see my files if he is connected to Wi-Fi?

Simply connecting to the same Wi-Fi network doesn't automatically grant access to your files on your computer or phone. However, if you have network discovery and folder sharing enabled, theoretically, your neighbor could try to scan the network for open resources. On public networks (cafes, airports), Windows automatically switches the network profile to "Public," blocking visibility. At home, the "Private" profile is often set, making you visible to others. Therefore, if you suspect a hack, it's best to immediately change the network profile to "Public" in Windows settings.

Why are there so many "Unknown" devices in the list?

This is normal. Many IoT device manufacturers (smart bulbs, plugs, sensors) don't specify a user-friendly device name (Hostname) in the DHCP request. The router only sees the MAC address and assigns the name "Unknown" or simply leaves the field blank. This may also be the case for devices with the Randomized MAC address feature enabled, which Apple and Google are actively implementing to protect user privacy.

How to block a device permanently?

The most effective method is to use the Blacklist feature in your router settings. Find the intruder's MAC address in the client list and add it to the Blacklist. The router will then ignore any connection requests from that address. Also, changing the Wi-Fi password and encryption type will force everyone to re-enter the key, which will automatically disconnect anyone who doesn't know the new password.