Have you noticed that your internet has become slower and your data is running out faster than usual? Perhaps someone else has connected to your Wi-Fi—a neighbor, a guest, or even a hacker. According to Kaspersky, every fifth router in Russia has vulnerabilities that allow attackers to connect to the network without the owner's knowledge. In this article, you'll learn how check the list of connected devices, identify unfamiliar gadgets and block them forever.
The problem isn't just a slowdown. Third-party devices can:
- 🔍 Intercept your data (passwords, bank details, correspondence).
- 📥 Spread viruses via a local network to your computers and smartphones.
- 🚫 Use your IP for illegal activities (such as downloading pirated content).
- 💸 Increase your internet bill, if you have a limited tariff.
We'll figure it out 7 working methods Checks range from simple (via a mobile app) to advanced (MAC address and network traffic analysis). You can use them regardless of your router model (TP-Link, ASUS, Keenetic, MikroTik etc.) and connection type (cable, PPPoE, L2TP).
1. Checking via the router's web interface (the most reliable method)
Every router keeps a log of connected devices. To view it, you need to log into the admin panel. The instructions are universal for most models, but the menu paths may vary slightly.
Do the following:
- Find out Router IP address. Usually it is
192.168.0.1or192.168.1.1You can check this in the connection properties on your computer or on the sticker on the back of the device. - Enter the address into the address bar of your browser (for example, Google Chrome or Mozilla Firefox).
- Enter your login and password. By default, this is often
admin/adminoradmin/passwordIf it doesn't fit, look at the router sticker. - Find the section with connected devices. It's usually called:
- 🔹
DHCP Clients List(TP-Link, Mercusys) - 🔹
ClientsorDevices(Keenetic) - 🔹
Wireless → Wireless Client List(ASUS) - 🔹
Status → Local Network(Zyxel)
- 🔹
In the table, you'll see a list of all the devices connected to your network. Note the columns:
- 🆔 MAC address — unique device identifier (example:
00:1A:2B:3C:4D:5E). - 🖥️ Host Name — device name (for example,
iPhone-12-ProorDESKTOP-ABC123). - 🌐 IP address — local address on the network (for example,
192.168.0.105). - ⏱️ Connection time - when the device has entered the network.
Compare the MAC address with your gadgets|Check the device name (sometimes it gives away the model)|Pay attention to the connection time (night connections are suspicious)|Block the device through the router settings-->
⚠️ Attention: If you've never changed your router admin panel password, do it now! Standard combinations (admin/admin) are known to hackers. Use a complex password with numbers, letters, and symbols.
2. Using mobile apps (for quick checking)
Don't want to access your router settings? Install one of the specialized apps. They scan your network and display all connected devices right on your smartphone screen.
Top 3 apps for Android And iOS:
| Application | Platform | Peculiarities | Link |
|---|---|---|---|
| Fing | Android, iOS | Scans the network in 10 seconds, shows the device manufacturer by MAC address, tests the speed | App Store / Google Play |
| WiFi Guard | Android | Compares current devices with a whitelist and notifies about new connections. | Google Play |
| NetScan | iOS | Shows connection history, exports reports, works without registration | App Store |
How to use (using example) Fing):
- Connect to your Wi-Fi network.
- Launch the app and click
Scan. - After a few seconds, a list of devices will appear indicating:
- 📱 Kind of gadget (smartphone, laptop, TV).
- 🏭 Manufacturer (Apple, Samsung, Xiaomi, etc.).
- 🔗 MAC addresses And IP.
The advantage of these apps is that they work even if you don't have access to your router settings (for example, in a hotel or office). The downside: some features (such as device blocking) are only available in the paid version.
3. MAC Address Analysis: How to Distinguish Your Devices from Others
MAC address (Media Access Control) is a unique identifier for a network interface. It identifies the specific device connected to your network. The first six characters of the MAC address indicate the manufacturer. For example:
- 🍎
00:17:F2— Apple (iPhone, MacBook). - 🤖
78:31:C1— Xiaomi (smartphones, smart devices). - 🖥️
3C:5A:B4— Google (Pixel, Nest). - 📺
00:0A:EB— Samsung (TVs, smartphones).
How to check the MAC addresses of your devices:
On Windows:
- Open
Command line(Win + R→ entercmd). - Enter the command:
ipconfig /all - Find the line
Physical address- this is MAC.
On Android:
- Go to
Settings → About phone → General information. - Find the item
Wi-Fi MAC address.
On iPhone/iPad:
- Open
Settings → General → About. - Scroll to
Wi-Fi address.
Compare the MAC addresses of your gadgets with those displayed in the router or app. If there is a device on the network with a MAC address starting with 00:0C:29 or 00:50:C2, it may be a virtual machine or a hacking program (such as Kali Linux).
⚠️ Attention: MAC addresses can be spoofed. If you find a suspicious device with the "correct" manufacturer (for example, Apple), but don't recognize it, this is grounds for blocking.
4. Network traffic monitoring: who is consuming your internet?
If an unfamiliar device appears on your network, but it's inactive, that's not so bad. It's even worse when it downloads torrents, watches videos in 4K or launches DDoS attacksIn this case, the internet speed drops to zero.
You can view traffic by device:
- 📊 Via a router (chapter
Traffic MonitororBandit). - 📱 Through applications (For example, GlassWire for Windows or NetGuard for Android).
- 🖥️ Via the command line (for advanced users).
Example of traffic analysis in TP-Link:
- Log in to your router's admin panel.
- Go to
Advanced → Traffic Statistics. - Select a time period (eg.
Last 24 hours). - See which devices consume the most traffic.
Normal power consumption for different devices:
| Device | Normal traffic (per hour) | Suspicious traffic |
|---|---|---|
| Smartphone (social networks, instant messengers) | 50–200 MB | More than 1 GB (maybe file downloads) |
| Laptop (work, YouTube in 1080p) | 300–800 MB | More than 3 GB (torrents, online games) |
| Smart speaker (Yandex Station, Alexa) | 10–50 MB | Over 300 MB (possibly used as a proxy) |
| TV (Netflix in 4K) | 2–7 GB | Over 10GB (continuous streaming or download) |
If a device consumes traffic around the clock (for example, at night when everyone is sleeping), this is a sure sign of an unauthorized connection.
How to block a device by MAC address?
1. Go to your router settings.
2. Find the section Wireless MAC Filter or MAC address filter.
3. Add the MAC address of the unknown device to the blacklist.
4. Save the settings and reboot the router.
5. Checking via the command line (for advanced users)
If you have access to a computer running Windows or LinuxYou can scan the network without any additional software. This method is suitable for advanced users but provides the most accurate results.
For Windows:
- Open
Command lineon behalf of the administrator. - Enter the command to view all devices on the local network:
arp -a - You'll see a list of IP and MAC addresses. Compare them with your devices.
For Linux/macOS:
- Open
Terminal. - Enter the command:
nmap -sn 192.168.0.0/24(replace
192.168.0.0to your subnet, if it is different). - Wait for the scan to complete. The program will display all active devices.
The advantage of this method is that it works even if the router doesn't keep connection logs (for example, on public networks). The disadvantage: it requires knowledge of commands and analytical skills.
⚠️ Attention: TeamsnmapAndarpThese apps may be blocked on some corporate networks. Don't use them at work without administrator permission.
6. How to detect "invisible" connections (spoofing, MITM attacks)
Some hackers use advanced techniques to remain undetected:
- 🔄 MAC-spoofing - replacing the MAC address with the address of one of your devices.
- 🕵️ MITM attack (Man-in-the-Middle) - interception of traffic between you and the router.
- 👻 "Shadow" devices - gadgets that are connected only at night or for a short time.
How to identify them:
Method 1: Ping test
If a device spoofs its MAC address but doesn't respond to ping, it's suspicious. In the command line, enter:
ping 192.168.0.101
(replace the IP with the address of the suspicious device). If there are no responses (The specified node is unavailable), but the device is displayed in the router - it may be fake.
Method 2: Analyzing the ARP table
Enter in the command line:
arp -a > arp1.txtping 192.168.0.101
arp -a > arp2.txt
fc arp1.txt arp2.txt
If the device's MAC address changes after pinging, this is a sign of spoofing.
Method 3: Monitoring DNS queries
Install the program Wireshark and analyze DNS traffic. If an unfamiliar device sends a lot of requests to suspicious domains (for example, .onion, .bit), it needs to be blocked.
7. Prevention: How to protect your Wi-Fi from hacking
Detecting a rogue device is only half the battle. To prevent repeated connections, follow these guidelines:
1. Change your Wi-Fi password
- 🔐 Use WPA3 (or WPA2-AES, if WPA3 is not supported).
- 🚫 Do not use
WEPorWPA-TKIP— these standards can be hacked in minutes. - 📝 The password must be at least 12 characters long, including numbers, letters, and special characters.
2. Disable WPS
Function WPS (Wi-Fi Protected Setup) is vulnerable to brute-force attacks. Disable it in your router settings.Wireless → WPS).
3. Enable MAC address filtering
Whitelist only your own devices. This isn't a panacea (MACs can be spoofed), but it will make things more difficult for attackers.
4. Update your router firmware
Manufacturers regularly release patches for vulnerabilities. Check your firmware's current status in the section Administration → Firmware Upgrade.
5. Hide your SSID (not always effective, but prevents accidental connections)
In the router settings, disable network name broadcasting (Wireless → Hide SSID). You will have to enter the SSID manually, but strangers will not see your network in the list of available ones.
6. Use a guest network for friends
Create a separate network for guests with limited access to local resources. This way, even if someone connects, they won't be able to hack your main devices.
7. Set up notifications about new devices
Some routers (eg. Keenetic or ASUS with firmware Merlin) can send push notifications when a new device is connected. Enable this feature in the settings.
FAQ: Frequently Asked Questions about Wi-Fi Security
Is it possible to find out who exactly connected to my Wi-Fi (name, address)?
No, a user's identity cannot be determined by a MAC address or IP address. The most you can learn is the device model and manufacturer. If the connection is unauthorized, it's best to immediately block the device and strengthen network security.
I found an unfamiliar device, but it's using very little data. Should I be concerned?
Yes, even "sleeping" devices are dangerous. They can be:
- 🕵️ "Spies" — waiting for the moment to intercept the data.
- 🤖 Bots — part of a botnet for DDoS attacks.
- 📡 Repeaters — distributing your Wi-Fi further (for example, through a repeater).
It is better to block such a device and change the password.
My neighbor is asking for my Wi-Fi password. Can I give him access without compromising security?
Yes, but with some reservations:
- Create guest network with a separate password.
- Limit the speed for the guest (e.g. 5 Mbps).
- Deny access to local resources (setting
AP IsolationorClient Isolation). - Change your guest network password once a month.
I changed my password, but the unfamiliar device reappeared. What should I do?
This is a sign that:
- 🔄 Your router infected with malware (For example, VPNFilter or Mirai).
- 🔌 Someone has physical access to the router and resets the settings.
- 📡 Your Wi-Fi intercepted through a vulnerability in the firmware.
Actions:
- Reset the router to factory settings (button
Resetfor 10 seconds). - Update your firmware to the latest version.
- Change the password for the router admin panel.
- If the problem persists, contact a specialist or replace the router.
Can they connect to my Wi-Fi if I disable DHCP?
Yes, but it's more complicated. With DHCP disabled, an attacker would have to:
- Guess or spy on the IP address range of your network.
- Manually enter the IP, subnet mask, gateway and DNS.
- Know the Wi-Fi password.
This isn't a panacea, but it will make things more difficult. It's best to combine it with other security measures (WPA3, MAC filtering).