A sudden drop in internet speed at the most inopportune time is often the first warning sign for home network owners. When you're watching a 4K movie and the video constantly buffers, or an online game turns into a slideshow, it's natural to wonder: is someone else using your bandwidth?
Modern wireless networks They're vulnerable not only to weak passwords but also to outdated encryption protocols still supported by some routers. Hackers and simply curious neighbors with a minimal set of software can scan the airwaves and find open ports or security vulnerabilities.
Checking your list of connected devices is a basic digital hygiene skill every home internet user should master. It only takes a few minutes, but it allows you to instantly assess the security of your perimeter and take action if any threats are detected. unknown MAC address.
⚠️ Attention: If you find a device you can't identify, don't rush to change your Wi-Fi password. First, try turning off your smartphone or laptop and see if the suspicious entry disappears from the list. Often, these "intruders" turn out to be forgotten gadgets like smart light bulbs or old tablets.
There are several ways to audit a network, from using specialized mobile apps to in-depth analysis via the router's web interface. The method you choose depends on your technical expertise and the type of equipment you use at home or in the office.
Symptoms of unauthorized network access
The first sign that your Wi-Fi is compromised is unstable performance of connected devices. The router's lights start flashing frantically, even when you're not downloading anything, and the network activity indicator stays on constantly. This indicates that someone is actively consuming bandwidth.
Another indirect sign may be the inability to access your router's settings. If, when entering the correct IP address, you receive a "page not found" error or are prompted for a password you didn't set, the attacker may have already changed your administrator credentials.
Pay attention to the behavior of your antivirus or firewall software. If the security system frequently warns you about port scanning attempts or incoming connections from the local network, it's time to immediately check your client list.
- 📉 A sharp decrease in page loading speed and video viewing on all devices simultaneously.
- 💡 The WLAN or LAN indicators on the router body blink strangely at night.
- 🔒 Antivirus software blocks access to websites due to suspicious activity on the local network.
- 📱 Notifications about logging into accounts (Google, Apple ID) from unknown devices.
Using mobile apps for scanning
The fastest way to check who is using your WiFi is to install a dedicated app on your smartphone. Programs like Fing, Network Analyzer or WiFi Analyzer, scan the network in seconds and display a complete list of all active devices with their IP and MAC addresses.
The advantage of mobile utilities is their simplicity and clarity. They often have a database of manufacturers, so instead of dry code B8:27:EB:xx:xx:xx You'll see a descriptive name, such as "Raspberry Pi" or "Samsung TV." This makes identification much easier.
However, it's important to remember that these apps only work within your current subnet. If your router is configured with client isolation or uses complex VLAN schemes, a mobile scanner may not provide the full picture. Furthermore, these apps don't allow you to block users; they only inform you of their presence.
When choosing an app, pay attention to the permissions it requests. Network scanning typically requires access to the local network and geolocation (for Android's Wi-Fi module to work), but access to contacts or photos is completely unnecessary and should raise suspicion.
Analyzing connections via the router's web interface
The most reliable method of verification is to log into the router's control panel. This displays information directly from the equipment, making it virtually impossible to hide the device's presence from the administrator. To log in, you need to enter the gateway's IP address (most often 192.168.0.1 or 192.168.1.1) in the browser's address bar.
After logging in (the default login and password are often listed on a sticker on the bottom of the device), you need to find a section that may be called "Status," "Network Map," "DHCP Server," or "Client List." This varies depending on the router model. ASUS, TP-Link, Keenetic or MikroTik This section is located differently.
In this list, you'll see a table where each device is assigned an IP address, MAC address, and possibly a hostname. Your task is to compare this list with the devices you own. If the list contains 10 devices, and you only have a phone and a laptop at home, you've got a problem.
☑️ Security check via web interface
Pay special attention to devices with a "Static" status (static IP). Smart plugs, CCTV cameras, and printers often have reserved addresses. If you see a device with a dynamic address that's acting suspiciously, the easiest way to disable it is to disable it.
Table: Typical ports and services to check
Deep network analysis using advanced port scanners or router logs can reveal activity on specific ports. Understanding which ports should be open and which should be closed helps identify anomalies.
| Port | Protocol | Purpose | Security status |
|---|---|---|---|
| 80 / 443 | HTTP / HTTPS | Web traffic | Normal (open to the Internet) |
| 23 | Telnet | Remote control | ⚠️ Dangerous (better to close) |
| 22 | SSH | Secure login | For trusted IPs only |
| 1900 | UPnP | Automatic configuration | Risk of vulnerabilities (recommended to disable) |
The presence of open ports, such as Telnet (23) or older versions of SMB, may indicate that the router is configured insecurely. Attackers often exploit these vulnerabilities when they can't crack the Wi-Fi password.
If you see multiple connection attempts to port 22 or 23 from external IP addresses in your router logs, this means your router is being targeted by automated bots. In this case, you should change the administrator password and disable Remote Management.
Blocking Intruders and Strengthening Security
Once you've identified an intruder, you should block them immediately. In the router's web interface, next to the device's name, there's usually a "Block" or "Deny" button, or a prohibiting sign icon. Clicking this button will blacklist the intruder's MAC address (Blacklist).
However, blocking is a temporary measure. An experienced user can change their device's MAC address (clone the address of your authorized device) and bypass the ban. Therefore, the most effective method remains changing the Wi-Fi network password entirely.
⚠️ Attention: After changing your Wi-Fi password, all your devices (TVs, phones, smart speakers) will be disabled. You'll have to re-enter the new password on each one. Be prepared for this routine.
To prevent future intrusions, it is recommended to use an encryption protocol. WPA2-PSK (AES) or WPA3The WEP and WPA (TKIP) protocols are considered obsolete and can be cracked in minutes even by novices using utilities available online.
What is MAC filtering?
MAC filtering is a router mode that restricts network access to a strictly defined list of devices. Even if someone learns your password, they won't be able to connect without registering their MAC address in the router settings. This is powerful protection, but inconvenient for frequent visitors.
It's also a good idea to disable the WPS function. This technology, which allows you to connect by pressing a button, has critical vulnerabilities in the PIN generation algorithm, making hacking the network trivial.
Additional network security measures
Comprehensive protection isn't limited to passwords alone. Regular router firmware updates close security holes discovered by researchers. Manufacturers release patches to eliminate vulnerabilities, so notifications about new software versions should not be ignored.
Use a guest network for visitors. This is an isolated network segment that doesn't have access to your primary resources (printers, NAS storage, PC files). Even if a guest accidentally downloads a virus, it won't spread to your personal devices.
- 🔄 Regularly update your router's firmware through the manufacturer's official website.
- 🚫 Disable the WPS function in your wireless network settings.
- 📡 Hide the network name (SSID) if you don't want it to appear on your neighbors' lists.
- 🔐 Use complex passwords of at least 12 characters in length and mixed case.
Don't forget about physical security. If your router is located in a public area (such as an office or reception area), an attacker can simply press the Reset button and reset it to factory settings, gaining complete control.
Frequently Asked Questions (FAQ)
Can a neighbor steal my internet if I change my password?
If you've changed your password to a complex one (containing letters, numbers, and symbols) and are using WPA2/WPA3 encryption, they won't be able to steal your internet connection easily. However, if your neighbor has access to your apartment or has previously connected to your network and saved a profile on their device, they may be able to connect automatically. In this case, you should not only change your password but also delete old profiles or use MAC address filtering.
Does the number of connected devices affect the speed?
Yes, it does have a direct impact. The Wi-Fi channel is shared among all active users. If someone is downloading torrents or watching high-quality videos, your speed on other devices will drop. Furthermore, a large number of connections puts a strain on the router's processor, which can cause it to overheat and freeze.
Is it safe to use apps like WiFi Map?
Password finder apps (WiFi Map and similar apps) work by sharing databases. Users share their network passwords so others can use them. By using such services, you risk inadvertently sharing your password if the app receives the necessary permissions. To check your connections, it's better to use local scanners (like Fing) that don't send your data to the cloud.
What should I do if I can't access my router settings?
If the default password doesn't work, it may have been changed previously or set by your ISP. Try looking for a sticker on the bottom of the device—it often contains a unique login password. If all else fails, you'll need to perform a factory reset (press the Reset button), but remember that you'll need to set up your internet connection again afterward (you'll need your ISP login and password).
How can I find out who exactly has connected if the list only contains numbers?
The alphanumeric code is the MAC address. The first six characters (e.g., 00:1A:2B) identify the device manufacturer. Enter these characters into any online MAC address search engine, and you'll find the brand (Samsung, Apple, Xiaomi). This will help you determine what kind of device it is: a phone, a laptop, or, for example, a gaming console.