A sudden drop in internet speed or an unstable connection often raises suspicion among home network owners. When 4K video starts lagging and pages load slowly, the first thought that comes to mind is that someone has accessed your network. This isn't just annoying, but also a real threat to the security of the personal data stored on your devices.
Neighbors can use your bandwidth to download large files, torrents, or stream videos, which instantly eats up all available bandwidth. Furthermore, the presence of an unauthorized device on the local network gives an attacker access to shared folders, printers, and even webcams. Checking connected devices — this is the first and mandatory step in diagnosing network problems.
Fortunately, modern technology makes it easy to track all "guests" on your system. There are several proven methods for identifying uninvited users, from specialized mobile apps to in-depth analysis via the command line. In this article, we'll cover each method in detail so you can quickly detect the intruder and block their access.
Primary signs of unauthorized access
Before resorting to technical diagnostics, it's worth paying attention to indirect symptoms that are often ignored. If your plan's speed is high, but the actual download speed drops to a minimum during peak hours (in the evening), this may indicate channel congestion. However, if this behavior also occurs at night, when everyone else is asleep, the likelihood of a third-party connection increases dramatically.
Pay attention to the indicators on your router. Many models have a light. WLAN Or a Wi-Fi icon that flashes at a specific frequency when data is being transferred. If you've turned off all your devices and computers, and the indicator continues to flash rapidly and erratically, it means there's active packet transfer. Network activity in the absence of your devices - an alarm signal.
⚠️ Note: Some routers have a "silent" firmware update or time synchronization feature that may cause the indicator to flash infrequently. Don't be alarmed if you see occasional flashes every few minutes.
Another sign could be an inability to access the router settings. If you try to access the admin panel and the system says the password is incorrect, even though you haven't changed it, someone may have already changed your credentials and taken control. You should also be wary if your antivirus software starts blocking suspicious incoming connections from the local network.
A sharp increase in ping in online games or dropped video calls can also indicate that someone is clogging your connection. While these symptoms can also be caused by issues with your ISP, human error cannot be ruled out. For an accurate diagnosis, it's necessary to conduct a network audit using the tools discussed below.
Using mobile apps to scan the network
The easiest and most accessible method for the average user is to use specialized smartphone apps. These programs scan the local network, identifying all connected devices, their IP addresses, MAC addresses, and network card manufacturers. One of the most popular tools is Fing, which is available for both Android and iOS.
After installing the app and connecting to your Wi-Fi network, the program will automatically start scanning. You'll see a list of all your gadgets: phones, TVs, smart bulbs, and computers. Apps often have a manufacturer database, so instead of a confusing string of characters, you'll see a name like Samsung Electronics or Apple IncThis makes identification much easier.
The advantage of mobile scanners is their visibility. They allow you to not only see the device but also check the connection speed, run a security test, and even find out if any ports are open. If you detect a device you can't identify, the app will send a notification about suspicious activity.
It's worth noting that some advanced apps not only allow diagnostics but also immediate response. For example, they can warn you if a new device appears on the network. However, to block the "freeloader," you'll still have to access your router settings, as apps don't have permission to change the configuration of provider or third-party equipment.
☑️ Check via app
Analysis of connected clients via the router's web interface
The most reliable information can be obtained directly from your router's settings. To do this, you need to log into the administrator's web interface. This is usually done by entering the IP address (often 192.168.0.1 or 192.168.1.1) in the browser's address bar. The exact address and login information (username and password) are located on a sticker on the bottom of the device.
After authorization, you need to find a section, which may have different names depending on the model: Wireless Status, Client List, Client list or DHCP Server ListThis is where you get a complete picture of who's currently using your access point. Unlike mobile apps, this data is taken directly from the router's ARP table.
This list shows the MAC addresses of all connected devices. A MAC address is a unique identifier for a network card, consisting of 12 hexadecimal digits. The first six characters of this address indicate the hardware manufacturer. By comparing this data with the list of your devices, you can easily identify an intruder.
If you find an unknown device, modern router interfaces often allow you to block it directly from this menu. This function may be called Blacklist (Blacklist) or MAC FilterSimply select an unknown MAC address and add it to the blacklist. Once the settings are applied, the intruder will immediately be blocked from accessing the network.
| Manufacturer | MAC Prefix Example | Probable device | Action |
|---|---|---|---|
| Apple, Inc. | 00:1A:2B | iPhone, iPad, Mac | Check your devices |
| Samsung Electronics | 00:1E:5D | Telephone, TV, refrigerator | Check the model |
| Hon Hai Precision | 00:23:15 | Laptop, Wi-Fi adapter | Find out the owner |
| Unknown / Random | XX:XX:XX | Hidden device | Block immediately |
⚠️ Note: Router interfaces are constantly being updated. If you can't find the section you need, check the official instructions for your specific model on the manufacturer's website, as the section names may vary.
Checking via the command line (Windows and macOS)
For users who prefer not to install unnecessary software or delve into web interfaces, there's a built-in command-line diagnostic method. This method allows you to view the ARP (Address Resolution Protocol) table, which stores the mappings between IP addresses and physical MAC addresses of devices on the local network.
On Windows, you need to open the command prompt. To do this, press the key combination Win + R, enter cmd and press Enter. In the window that opens, enter the command arp -aThe system will display a list of all devices with which your computer has recently exchanged data. This may include not only currently active connections but also those that were recently online.
C:\Users\User> arp -aInterface: 192.168.1.5 --- 0xb
Internet Address Physical Address Type
192.168.1.1 00-11-22-33-44-55 dynamic
192.168.1.15 aa-bb-cc-dd-ee-ff dynamic
192.168.1.25 11-22-33-44-55-66 dynamic
On macOS, the process is similar, but the command is run in Terminal. Open Terminal and enter arp -a or use a more detailed command netstat -an to analyze network connections. The resulting list of MAC addresses must be verified. An address ending in ff:ff:ff:ff:ff:ff, is a broadcast and is not device specific, it can be ignored.
The difficulty with this method is that the ARP table may contain "dead" entries left by devices that have already left the network. Therefore, if you see a suspicious address, it's best to reboot the router, wait a couple of minutes until only your devices connect, and check the table again. The appearance of a new address is a clear sign of an intrusion.
What is MAC filtering?
This security method involves the router only allowing devices with pre-defined unique identifiers onto the network. It's secure, but inconvenient: each new guest must manually enter their MAC address into the router's settings.
How to securely protect your Wi-Fi network from your neighbors
Detecting an intruder is only half the battle. The main task is to prevent re-entry and ensure network securityThe most effective and essential step is changing your Wi-Fi password. Even if you block a device by MAC address, an attacker can spoof it. Changing the password will reset all devices, and only those who know the new key will be able to connect.
When creating a new password, avoid obvious combinations like your date of birth or phone number. Use a combination of uppercase and lowercase letters, numbers, and special characters. The password must be at least 12 characters long. Choosing the correct encryption type is also critical. In the router settings, under Wireless Security select protocol WPA2-PSK (AES) or the newest WPA3, if your hardware supports it.
⚠️ Warning: WEP and WPA (TKIP) encryption protocols are considered obsolete and can be easily cracked with specialized software in a matter of minutes. Make sure your router is not set to support these protocols.
An additional security measure is to disable the function WPS (Wi-Fi Protected Setup). This technology is designed to quickly connect devices with the push of a button, but it has known vulnerabilities that allow someone to brute-force the PIN code and access the network without knowing the password. Disabling WPS in the router settings will close this loophole.
Don't forget to regularly update your router firmware. Manufacturers frequently release updates that patch security holes. It's also a good idea to create a guest network for friends and acquaintances. This will isolate their devices from your main network, which contains computers with important data and your smart home.
Frequently Asked Questions (FAQ)
Can a neighbor find out my password if I haven't told it to anyone?
Yes, this is possible if the encryption protocol is weak (WEP) or if the password is too simple and is brute-forced. The password could also be saved on a friend's device that has been hacked, or you could accidentally enter it on a phishing site.
Can my neighbor see my files if he is connected to Wi-Fi?
Network access alone doesn't grant file access rights. However, if network discovery and passwordless folder sharing are enabled on your computer, then theoretically, an attacker on the same local network could attempt to access these resources.
Will changing the password reset the router settings?
No, changing your Wi-Fi password doesn't affect other settings (ISP connection type, DNS, etc.). However, all your devices (phones, laptops, TVs) will require you to re-enter the new password to connect.
Will hiding the network name (SSID) from neighbors help?
Hiding the SSID only creates an illusion of security. The network won't appear in the list of available networks for regular users, but specialized scanners can easily find it. Furthermore, it creates inconvenience when connecting new legitimate devices.