Have you noticed that your internet has become slower, even though your plan hasn't changed? Or has your router started overheating for no apparent reason? Perhaps your Unauthorized devices have connected to the Wi-Fi network. — neighbors, guests who forgot to disconnect, or even hackers using your traffic for their own purposes. According to Kaspersky Lab, every fifth user experiences unauthorized access to their home network at least once a year.
In this article you will learn how Check Wi-Fi for third-party connections Using built-in router tools, mobile apps, and specialized software. We'll cover methods for different router models (TP-Link, ASUS, Keenetic, MikroTik), and we'll also show you how to block other people's devices and protect your network from repeated intrusions. No advanced technical skills are required—all methods are adapted for everyday users.
Signs that someone else is using your Wi-Fi
Before checking the network, it's worth making sure that the problem actually exists. Here 5 key symptoms, which should be a warning sign:
- 🐢 A sharp drop in internet speed — pages take longer to load, videos in
4KIt's slowing down, although everything worked smoothly before. - 🔥 The router is overheating or rebooting frequently. — increased load on the router processor may indicate a large number of connected devices.
- 📡 The activity indicator blinks without your activity If you're not downloading files or watching online videos, and the lights on your router are actively blinking, this is a warning sign.
- 💰 Unexpected increase in traffic — Check the statistics in your provider's personal account: if the volume of consumed gigabytes has increased without any apparent reason, someone is using your Wi-Fi.
- 🔒 Unknown devices in the list of connected devices — the most obvious sign, but it can only be seen after inspection (more on that later).
If at least two of these signs coincide, it is worth conducting a diagnosis. Important: Some symptoms (such as an overheating router) may be caused by other reasons, such as outdated firmware or faulty hardware. Therefore, it is better to combine checking for third-party connections with general network diagnostics.
Method 1: Checking via the router's web interface
The most reliable and universal method is to log in router control panel and view the list of connected devices. These instructions apply to most models, but menu paths may vary slightly.
To open the web interface:
- Find out Your router's IP address. Usually it is
192.168.0.1or192.168.1.1The exact address can be found on the sticker on the back of the device or via the commandipconfig(For Windows) /ifconfig(For Mac/Linux) in the terminal. - Enter this address into the address bar of your browser (for example, Chrome or Firefox).
- Log in using your login and password (often by default)
admin/admin, but it’s better to check on the router sticker).
The further path depends on the router model:
| Router brand | Path to the list of devices | Note |
|---|---|---|
| TP-Link | Basic → DHCP → DHCP Clients List |
In new firmware it may be called Wireless → Wireless Statistics |
| ASUS | Network Map → Clients |
Displays both wired and wireless connections |
| Keenetic | Devices → Device List |
Shows connection history for the last 24 hours |
| MikroTik | IP → DHCP Server → Leases |
Requires knowledge of basic network protocols |
| Zyxel | Network → Local Area Network → DHCP |
In some models the list is hidden in Monitoring → Devices |
In the list you will see all the devices connected to your network, indicating:
- 🖥️ IP addresses (For example,
192.168.0.103) - 📱 MAC addresses (unique species identifier
00:1A:2B:3C:4D:5E) - 🌐 Host name (For example,
iPhone-XRorDESKTOP-1234) - 📶 Connection type (Wi-Fi or cable)
If there are unknown devices in the list, they can be blocked directly in the same menu (usually there is a button Block or Block).
Make sure it's not your gadget (check all phones, tablets, smartwatches)
Block the MAC address in the router settings
Change your Wi-Fi password to a more complex one
Enable MAC address filtering (optional)-->
⚠️ Attention: Some routers (especially budget models) may not display a full list of devices if there are more than 10-15 clients on the network. In this case, use the alternative methods in the following sections.
Method 2: Mobile apps for network analysis
If it is inconvenient to access the router settings or you are away from home, you can use special applications for smartphonesThey scan the network and show all connected devices, including hidden ones.
Top 3 verified apps:
- 📱 Fing (Android/iOS) — the most popular solution with a simple interface. It displays IP, MAC address, device manufacturer (by MAC address), and even network vulnerabilities. The free version is limited to scanning one network.
- 🔍 NetScan (Android) — a more advanced tool with the ability to save scan history and export data. Suitable for technical professionals.
- 🛡️ WiFi Guard (Android/iOS) — Automatically notifies you of new devices on the network. You can set up a whitelist of allowed devices.
How to use (using example) Fing):
- Download and install the application from App Store or Google Play.
- Connect to your Wi-Fi network.
- Start scanning (button
ScanorNetwork analysis). - Browse the list of devices. Unknown gadgets will be marked as
Unknown.
The advantage of mobile apps is that they work even if you don't have access to the router (for example, if you're visiting someone and want to check their network with their permission). However, accuracy of device detection Depends on the quality of the app: free versions may skip some gadgets.
Method 3: Command Line (for advanced users)
If you prefer to work without a graphical interface, you can check the network via command line (Windows) or terminal (Mac/Linux). This method requires minimal knowledge of network protocols, but gives the most accurate result.
For Windows:
arp -a
This command will show the table ARP (Address Resolution Protocol), which lists all IP and MAC addresses of devices on the local network. To filter only active connections, first run:
ping 192.168.0.255
(replace 192.168.0. to your subnet, if it is different).
For Mac/Linux:
nmap -sn 192.168.0.0/24
This command will scan the entire local network and list the hosts. Install nmap You can do this through package managers:
- 🍎 Mac:
brew install nmap(if installed Homebrew) - 🐧 Linux (Debian/Ubuntu):
sudo apt install nmap
The result will look something like this:
Nmap scan report for 192.168.0.1
Host is up (0.0020s latency).
MAC Address: 00:11:22:33:44:55 (TP-Link Technologies)
Nmap scan report for 192.168.0.102
Host is up (0.015s latency).
MAC Address: A0:B1:C2:D3:E4:F5 (Apple)
To determine the manufacturer of a device by MAC address, use online services like MAC Vendors or Wireshark OUI Lookup. For example, the prefix 3C:5A:B4 belongs Google (maybe it is Google Home or Chromecast), A 78:31:C1 — Apple.
⚠️ Attention: Some devices (such as smart light bulbs or IP cameras) may not respond to ping and not appear in scan results, but still actively use the network. To detect them, specialized tools like Wireshark.
Method 4: Checking with Wireshark (advanced level)
If the previous methods did not work, but you suspect that there are "invisible" devices on the network, you can use Wireshark — a powerful traffic analyzer. This program intercepts all data packets on the network and allows you to detect even well-hidden connections.
Instructions for use:
- Download Wireshark from the official website and install.
- Launch the program and select the network interface (Wi-Fi adapter).
- Start capturing packets (button
Start). - After 1-2 minutes, stop capturing and enter into the filter:
wlan.addr == ff:ff:ff:ff:ff:ffThis will show the broadcast packets that all devices on the network are sending.
- View the list of MAC addresses in the column
SourceCompare them with devices you know.
Wireshark also allows you to detect:
- 🕵️ Suspicious activity (for example, a large number of packets on non-standard ports).
- 🔄 ARP spoofing (an attack in which a hacker spoofs the MAC address of a router).
- 📤 Unusual traffic (for example, if an unknown device sends data to external servers).
The downside of this method is its high complexity for beginners. If you've never used packet sniffers before, it's better to choose one of the previous methods.
How to recognize a hacker attack in Wireshark?
If you see a large number of requests for a port in your captured packets 445 (SMB), 3389 (RDP) or 22 (SSH) from an unknown MAC address, this may indicate a hacking attempt. Packets with the flag are also a warning sign. SYN no answer SYN-ACK (port scanning).
Method 5: Checking through your provider's personal account
Some internet service providers (eg. Rostelecom, Beeline, MTS) are provided in the user's personal account statistics on connected devicesThis isn't the most accurate method, but it can help if you don't have access to your router.
How to check:
- Log in to your personal account on your provider's website.
- Find the section
My services→Internet→Statistics(the name may differ). - View the traffic consumption graph or the list of active devices (if available).
This method has limitations:
- ❌ Not all providers provide such information.
- ❌ Data may be updated with a delay (for example, once an hour).
- ❌ Often only the total number of devices is shown, without details.
⚠️ Attention: If your provider offers "Wi-Fi Protection" or "Device Control" for an additional fee, don't rush to enable them. Often, this is simply a precaution—all the methods described in this article are free and no less effective.
Method 6: Using specialized PC programs
For users Windows or Mac There are desktop programs that scan the network and detect suspicious activity. They are more convenient than the command line and often offer additional features, such as device blocking or traffic monitoring.
The best Wi-Fi testing programs:
| Program | Platform | Peculiarities | Price |
|---|---|---|---|
| Advanced IP Scanner | Windows | Scans the local network, displays MAC addresses and manufacturers. Can remotely shut down computers. | For free |
| Angry IP Scanner | Windows/Mac/Linux | A cross-platform scanner with plugin support. Shows open ports. | For free |
| SoftPerfect WiFi Guard | Windows | Compares current devices with a "white list" and notifies about new connections. | For free |
| Lansweeper | Windows | An advanced network inventory tool suitable for offices. | Paid (from $599) |
Example of working with Advanced IP Scanner:
- Download and install the program from the official website.
- Start scanning (button
Scan). - Wait for it to complete (usually takes 1-2 minutes).
- Review the list of devices. Unknown MAC addresses will be highlighted.
The advantage of desktop programs is that they often allow save reports And customize notifications about new devices. For example, WiFi Guard can send an email if an unfamiliar gadget appears on the network.
Method 7: Analyzing traffic through a router (for experienced users)
If you suspect that someone has not only connected to your network, but is also actively using it (for example, to download files or stream), you can analyze traffic by device Directly in the router. This feature isn't available on all models, but if it's present, it provides the most complete picture.
How to enable traffic monitoring:
- Go to the router's web interface (see Method 1).
- Find the section
Traffic Monitor,Bandwit controlorTraffic statistics(the name depends on the model). - Enable data collection (you may need to reboot your router).
- Check the report after 10-15 minutes. Pay attention to devices consuming unusually high amounts of traffic.
Examples of suspicious activity:
- 📥 Large outgoing traffic (for example, 10 GB per hour) from an unknown device - perhaps someone is downloading torrents.
- 🎮 Persistent connections to game servers (ports
27015–27050) - someone is playing online games via your Wi-Fi. - 🔄 Many small packets to different IPs — a sign of botnet activity or DDoS attacks.
On some routers (for example, ASUS RT-AX88U or Keenetic Giga) you can even install traffic limits for individual devices or completely block their access to certain sites.
⚠️ Attention: The traffic monitoring feature can slow down your router, especially if you have a weak model (for example, TP-Link TL-WR841N). After the analysis, do not forget to disable statistics collection.
What to do if you find someone else's device?
Detecting a foreign gadget is half the battle. Now we need to block him And protect the network from repeated intrusions. Here's a step-by-step action plan:
- Block the MAC address:
Find the section in your router settings
MAC FilteringorMAC filteringand add the stranger's address to the blacklist. Example for TP-Link:Wireless → Wireless MAC Filtering → Add New - Change your Wi-Fi password:
Use a complex password (at least 12 characters, including numbers, letters, and special characters). An example of a strong password:
k7#pL9!vN2@qR5$Do not use personal information (dates of birth, names). - Update your router firmware:
Outdated software versions often contain vulnerabilities. Updates patch most of the holes exploited by hackers.
- Disable WPS:
Function
Wi-Fi Protected SetupIt's convenient, but insecure—it can be hacked in a few hours. Disable WPS in your router settings. - Enable guest network (optional):
If you frequently share your Wi-Fi with guests, create a separate network with limited permissions. Example for ASUS:
Guest Network → Enable → Set a separate password
If someone else's device reappears after being blocked, it could mean:
- 🔄 Someone manually changes their MAC address (this is easy to do on Android or Linux).
- 📡 Your router has been hacked and a hacker has gained access to its settings.
- 🏠 There is a "hole" in your network - for example, an open port for remote management.
In such cases it is recommended reset the router to factory settings (button Reset on the rear panel) and configure it again taking into account all safety measures.
FAQ: Frequently asked questions about checking Wi-Fi for third-party connections
Is it possible to find out who is connected to my Wi-Fi?
It is impossible to accurately determine the identity of the device owner, but it is possible to find out:
- Gadget manufacturer by MAC address (For example,
Apple,Samsung). - Device type (smartphone, laptop, camera) by hostname (e.g.
iPhone-12-Pro). - Approximate location if the device is connected via Wi-Fi and you are using specialized software like Airodump-ng (requires skills).
If you suspect your neighbors, you can politely ask them or temporarily turn off Wi-Fi and observe their reaction.
Why do unknown gadgets with names like "Android-1234" appear in the list of devices?
These could be:
- Smart devices (lamps, sockets, vacuum cleaners) that you forgot to set up.
- Guests who have connected previously and have not disconnected (their MAC addresses may be stored in the router cache).
- Own devices with changed names (for example, after a factory reset).
Check if such a device is consuming bandwidth. If not, it's most likely a "junk" entry in the ARP table.
Can a hacker connect to my Wi-Fi if I have a strong password?
Yes, although it's unlikely. Modern hacking methods include:
- Dictionary attacks - if the password is based on a real word (for example,
password123). - Protocol vulnerabilities - for example, in
WPA2a critical vulnerability was found KRACK (fixed in new firmware). - Phishing — a scammer can create a fake network with a name similar to yours and intercept your traffic.
Protection: Use WPA3 (if the router supports it), disable it WPS and update the firmware regularly.
How do I check my Wi-Fi for third-party connections if I have a router from a provider (for example, Rostelecom)?
Routers from ISPs often have limited functionality. Try this:
- Go to the web interface at
192.168.0.1or192.168.1.1(login/password is usually on a sticker). - Find a section
DevicesorDHCPIf you don't have one, use mobile apps (Fing, WiFi Guard). - Call your provider's support team and ask them to check the list of connected devices (not all operators will do this).
If your router's capabilities are severely limited, consider purchasing your own router.
Is it possible to track someone else's device after it has disconnected from the network?
Yes, but with some reservations:
- Routers with the function connection log (For example, Keenetic, MikroTik) save the history of MAC addresses.
- Programs like Wireshark can record traffic to a file for later analysis.
- Some applications (eg. GlassWire) keep a log of network activity.
However, without specialized software, the data is erased after rebooting the router.