How to check your router for unauthorized Wi-Fi connections

A sudden drop in internet speed or intermittent connection interruptions are often the first warning signs that an uninvited guest has appeared on your local network. Neighbors looking to save on their data plan or more sophisticated attackers using your connection for illegal activities can surreptitiously connect to your access point if your security is weak. In such situations, it's crucial to know how to check your router for unauthorized Wi-Fi connections so you can quickly block the intruder and protect your personal data.

Modern devices offer several effective tools for monitoring network activity, ranging from built-in router web interfaces to specialized software. Ignoring this issue can lead not only to lost traffic but also to the theft of banking data or the introduction of viruses onto your computers and smartphones. In this article, we'll examine all available diagnostic methods in detail, learn how to read client lists, and set up reliable protection.

Primary diagnostics: indirect signs of a break-in

Before delving into the technical details of your router settings, it's worth paying attention to your network's behavior. Often, signs of outside interference are obvious even without the use of specialized utilities. If you notice the lights on your device flashing frantically, even when all your devices are in sleep mode, this is a sure sign that someone else is actively transferring data. High bandwidth usage may indicate that someone is downloading large files, watching 4K videos, or, worse, using your equipment for botnet attacks.

Another red flag is unintentional changes to your router settings. If you discover that your admin panel password has been changed, DNS servers have been reset to unknown addresses, and WPS has been activated without your knowledge, then an attacker has already gained access to the device. In such cases, a standard Wi-Fi password change may not help, as the attacker already has administrator rights. You should immediately perform a full reset to factory settings.

⚠️ Warning: If you find an unknown device in the list of connected devices, don't rush to block it. First, consider whether it's your own smart devices (light bulbs, outlets, vacuum cleaners), which often have strange names or MAC addresses.

For an accurate diagnosis, it's necessary to rule out false positives. Sometimes antivirus programs or operating system update systems can create a short-term high load, simulating unauthorized activity. However, if speed issues are persistent and occur at different times of day, the likelihood of unauthorized access increases to 90%. In this case, we move on to an instrumental check.

πŸ“Š Have you noticed any strange behavior on your Wi-Fi network?
Yes, the speed drops for no reason.
Yes, all router indicators are blinking.
No, everything works stably.
I just want to check for preventative purposes.

Analysis via the router's web interface

The most reliable and accurate way to find out who is connected to your Wi-Fi is to look at your router's native interface. To do this, open a browser and enter the gateway IP address, which most often looks like this, into the address bar. 192.168.0.1 or 192.168.1.1The exact address, as well as the default login and password, are usually located on a sticker located on the bottom or back of the device. If you've previously changed these details, use the current credentials.

After logging in, you'll need to find the network monitoring section. Depending on your router model and firmware, this section may have different names. Look for menu items labeled "Status," "Wireless," "Client List," "DHCP Server," or "Statistics." This is where a complete table of all active connections is displayed in real time. Here you'll see the IP addresses, MAC addresses, and, in some cases, the hostnames of connected devices.

What should I do if the web interface doesn't open?

If your browser doesn't load the settings page, check if you're connected to the correct Wi-Fi network. Also, try using incognito mode or a different browser. In rare cases, the gateway address may have changed; you can find it in the Windows command line by entering the command ipconfig and find the line "Default gateway".

Different manufacturers' interfaces have their own navigation features. To help you navigate, we've prepared a table with sample section names for popular brands:

Router brand Menu section title Menu path (approximate)
TP-Link Wireless Statistics Wireless -> Wireless Statistics
ASUS Network Map / Client List Network Map -> Clients
Keenetic Client list My Networks and Wi-Fi -> Client List
D-Link Active Sessions Status -> Active Sessions
Mikrotik Leases (DHCP) IP -> DHCP Server -> Leases

When reviewing the list, pay attention to the number of active devices. If there are more active devices than there are gadgets in your home, or you see devices with an Ethernet connection type (cable) even though you don't have any, this is a clear sign of an intrusion. Some advanced routers, such as Keenetic or ASUS with firmware Asuswrt-Merlin, allow you not only to see devices, but also to instantly disconnect them from the network directly from the interface, blocking access by MAC address with one click.

Using mobile apps for scanning

If you have limited access to a computer or want to perform a check on the go, specialized smartphone apps are a great solution. They scan the network and provide information about all connected nodes. One of the most popular and functional tools is FingThis app is available for both Android and iOS and allows you to not only view a list of devices but also identify their manufacturer, operating system, and open ports.

Another powerful tool is WiFi Analyzer or Network ScannerThese utilities operate on the principle of ping scanning: they send requests to all possible addresses in a subnet and wait for a response. Unlike built-in router tools, these apps can identify devices that are attempting to hide their presence or using a static IP address without requesting one from the DHCP server. This makes the scan more thorough and objective.

It's important to note that some apps require permission to access your local network. In modern versions of Android (starting with 10) and iOS (starting with 14), the security system may block scanning unless you explicitly grant permission. When you first launch the app, be sure to agree to the request to scan for devices on your local network; otherwise, the app will only show your phone.

Professional analysis using the command line

For users who prefer maximum control and the absence of unnecessary software, the ideal option is to use the operating system's built-in tools. In Windows, you can use the utility arpIt displays a table of IP addresses and physical MAC addresses, which is cached in the system. This method is advantageous because it doesn't require installing additional software and works on any computer.

To run the analysis, open the command line. Click Win + R, enter cmd and press Enter. In the window that opens, enter the command arp -aYou'll see a list of all devices your computer has recently communicated with. However, this list may be incomplete if your PC hasn't yet communicated with a hidden device. To force a scan of the entire network, you can first run the ping command against the entire address range, and then again. arp -a.

for /L %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i >nul

After the ping cycle has completed (it may take a minute), enter again arp -aNow the list will be significantly more complete. By comparing the MAC addresses in the output with those of your known devices, you can easily identify the intruder. A MAC address consists of six pairs of hexadecimal numbers, separated by hyphens or colons. The first three pairs (OUI) indicate the network equipment manufacturer, which often helps identify the device (e.g., Apple, Samsung, Intel).

⚠️ Note: The command line only shows devices that responded to the request. Some security systems may block ICMP requests (ping), so a device's absence from the list arp -a does not guarantee its complete absence, although for home networks this method is effective in 95% of cases.

Methods of protection and blocking uninvited guests

Once you've discovered someone else's device, you must immediately block its access. The simplest, but not the most secure, method is to change your Wi-Fi password. Changing the security key will disconnect all devices, requiring a new password to reconnect. Be sure to use a complex key containing mixed-case letters, numbers, and special characters, at least 12 characters long. The encryption type must be strictly WPA2-PSK or WPA3; Using WEP or an open network is not allowed.

A more advanced method is MAC address filtering. In your router settings (Wireless MAC Filtering section), you can enable "Allow" mode (Allow only listed) and add the MAC addresses of all your trusted devices. This way, even if an attacker learns your password, they won't be able to connect because their physical address won't be whitelisted. This creates a double layer of security.

β˜‘οΈ Wi-Fi Security Checklist

Completed: 0 / 4

Also worth paying attention to is the function WPS (Wi-Fi Protected Setup). It allows you to connect with the push of a button, but it has known vulnerabilities that allow someone to brute-force the PIN code within a few hours. If your router settings allow you to disable WPS, do so immediately. Also, remember to update your router's firmware regularly.firmware), as manufacturers often close security holes through patches.

Frequently asked questions and problems during verification

When monitoring a network, users often encounter ambiguous situations that require clarification. For example, a device may appear in the list as "Unknown" or have a strange character set. This is normal for many IoT devices (smart bulbs, sensors) that do not transmit their hostname when connecting. In such cases, rely solely on the MAC address and chip manufacturer.

Another common question: can my neighbor "see" my files if they're connected to Wi-Fi? By default, Windows and macOS public networks use the "Public" profile, which blocks access to shared folders. However, if you've set up a HomeGroup or shared a printer, there's theoretically a risk of accessing local resources. This is why connection control is so important.

Finally, many people ask whether it's possible to track the location of someone connected to Wi-Fi. The answer is no, not through the router. You can only see the connection and the MAC address. A person's exact physical location (for example, apartment number) is technically impossible to determine without specialized equipment and the involvement of the provider or law enforcement.

Why does the list of devices show more gadgets than I have?

Modern people often forget how many devices are connected to the network. Besides smartphones and laptops, access can be requested by smart TVs, game consoles, smart speakers, robot vacuum cleaners, IPTV set-top boxes, and even smart kettles. Each of these devices creates a separate entry in the DHCP table. Carefully count all the devices in your home, including guest phones.

Can a router change MAC addresses of connected devices automatically?

No, the router itself doesn't change clients' MAC addresses. However, modern operating systems (iOS 14+, Android 10+, Windows 10/11) use a "Randomized MAC Address" feature to enhance privacy. Your phone may present a new address to the router each time you connect, or at regular intervals. This can create the illusion of multiple connections from the same device.

What should I do if I can't access my router settings?

If the default login and password don't work, they may have been changed by you or the technician during installation. In this case, the only solution is a full reset using the reset button on the router. After the reset, the router will return to factory settings, and you can log in using the login information on the sticker. Don't forget to reconfigure your internet connection and network name.