Slow internet speeds or intermittent connection interruptions are often the first warning signs that someone may have accessed your home network. In the age of smart homes, where not only smartphones and laptops but also televisions, security cameras, and household appliances are connected to the router, visually tracking all these "guests" is becoming virtually impossible. Checking connected devices — This is a basic administration skill that will help you regain control over your traffic and secure your personal data.
Many users mistakenly believe that a complex Wi-Fi password guarantees complete security, but modern brute-force attacks and vulnerabilities in encryption protocols can completely negate protection. If a neighbor is hijacking your internet connection, it not only slows down page loading but also creates a potential security breach in your local network. In this article, we'll explain in detail how to use your router's web interface or mobile app to identify all subscribers, distinguish your devices from others, and block uninvited guests.
The network audit process doesn't require extensive programming or networking knowledge. Access to your router's admin panel and a basic understanding of how IP and MAC addresses work are sufficient. We'll cover interfaces from popular hardware manufacturers, such as TP-Link, ASUS, Keenetic And MikroTikso you can find the settings you need regardless of your hardware model.
Login to the router control panel
The first and mandatory step to conducting a network audit is logging into your router's web interface. To do this, you need to ensure that your device (smartphone or computer) is connected to the router you want to audit, either via cable or Wi-Fi. In the address bar of any browser, enter the IP address of the default gateway. This is usually a standard combination. 192.168.0.1 or 192.168.1.1, however, manufacturers may use other addresses, for example, 192.168.31.1 Xiaomi or a domain name like my.keenetic.net.
After entering the address, the system will ask for your login and password to access the settings. If you haven't changed these details before, they are most likely the factory defaults and are located on a sticker on the bottom of the device. The default pairs often look like this: admin/admin or admin/password. Login Security Critically important: If you're still using factory passwords for the admin panel, anyone who connects to your Wi-Fi will not only be able to surf the internet, but also reconfigure your router.
⚠️ Attention: If the default passwords don't work and you haven't changed them, the settings may have been previously modified. In this case, you'll need to reset the router to factory settings, which will delete all current provider configurations.
Some modern models with cloud support can log in using a manufacturer account. This is convenient for remote management, but requires a stable internet connection. If the web browser doesn't open, check your operating system's TCP/IP settings—the address should be obtained automatically (DHCP).
Where can I find a list of connected clients?
Interfaces from different manufacturers vary greatly in appearance, but the layout of client information is consistent. You need to find the section related to the wireless network or connection status. Look for menu items with names like "Wireless," "Wi-Fi," "Status," or "Status." Within these sections, there is often a subsection called "Wireless Statistics" or "Client List."
For example, in routers TP-Link With a blue interface, the information you need is often found on the main page in the "Wireless" block or in the "DHCP" → "DHCP Client List" menu. In devices ASUS You should go to the “Network Map” section and click on the clients icon on the right side of the screen. Keenetic This is the "Client List" section in the bottom menu, which displays detailed information about each device, including the hostname and connection type.
If you are using equipment from MikroTik, the interface will be more complex. You will need to go to the menu IP → DHCP Server and open the tab LeasesAll dynamically assigned addresses are displayed here. To view all active connections, including static ones, you can use the tool Torches on the menu Tools, which shows real traffic in real time.
Why are some devices called "Unknown"?
Often, the device's operating system doesn't broadcast its hostname to the network, or the router can't recognize the manufacturer by its MAC address. In this case, the device will appear in the client list as "Unknown," "Android-xxxxxxxx," or simply by its MAC address. This is normal and doesn't always indicate a hack.
It's important not to confuse the list of Wi-Fi clients with the list of all connected devices. The "Wireless Status" menu often only shows those connected wirelessly. If you want a complete picture, including computers connected via cable, look for the "LAN" or "DHCP Client List" section, which aggregates data on all active nodes on the local network.
Identifying devices by MAC address
The most reliable way to distinguish your smartphone from your neighbor's device is to check the MAC address. MAC address (Media Access Control Address) is a unique identifier assigned by the manufacturer to a network card during production. It consists of 12 hexadecimal digits separated by colons or hyphens (e.g., A4:5E:60:C2:11:22). The first six characters of this code indicate the equipment manufacturer.
To verify the identity, you need to check the addresses in the router's list against the addresses of your devices. On Android, this can be found in the menu. Settings → About the phone → General informationOn iPhone the path is through Settings → Main → About this deviceOn Windows, simply enter the command in the command line ipconfig /all and find the "Physical Address" line. Matching addresses ensures that the device belongs to you.
There's a nuance worth knowing: the MAC address randomization feature. In modern versions of iOS (starting with 14) and Android (starting with 10), devices can use a random MAC address when connecting to Wi-Fi to enhance privacy. This means the address in the router may differ from the "real" hardware address printed on the box. In this case, use the device name (if manually set) as a guide or temporarily disable the "Private Wi-Fi Address" feature in your phone settings for accurate identification.
| Manufacturer | Example MAC Prefix (OUI) | Where to watch on the device |
|---|---|---|
| Apple (iPhone, iPad) | 00:1C:B3, 3C:06:30 | Settings → General → About |
| Samsung | 00:1A:8A, 84:5D:C1 | Settings → About phone → General information |
| Xiaomi | 00:9E:C1, 64:CC:2E | Settings → About phone → All specifications |
| Huawei | 00:1E:10, 08:19:A6 | Settings → System → About phone |
Using OUI (Organizationally Unique Identifier) lookup tables allows you to quickly identify a device's vendor, even if you don't remember all your gadgets. If you see a device from a manufacturer you don't own (for example, an unknown brand of camera or TV), this is cause for concern.
Using mobile apps and scanners
If you find logging into the web interface too complicated or inconvenient from your phone, router manufacturers often offer their own mobile apps. TP-Link this application Tether, For ASUS — ASUS Router, For Keenetic — KeeneticThese utilities allow you to view your network map, rename devices, and, most importantly, block access to uninvited guests in one click.
There are also general-purpose network scanners such as Fing or Network ScannerThey work regardless of the router model and scan your local network, displaying all active IP addresses, open ports, and device names. These programs are especially useful if you don't have the router admin password but need to quickly figure out who's using the network. They often identify the device type (for example, "Smart TV" or "Printer") more accurately than the router itself.
⚠️ Attention: Network scanners only work within your local network. They won't show devices connected to your router remotely (if this feature is configured) and won't block access at the ISP level. Their purpose is diagnostics and information.When using third-party apps from the App Store or Google Play, pay attention to the permissions they request. Network scanners don't require access to your contacts or microphone. Choose apps with high ratings and numerous reviews to avoid installing malware, which can itself become a surveillance tool.
Blocking and restricting access
Once you've identified a device that shouldn't have access to your network, you need to take immediate action to block it. The easiest way is to use the "Blacklist" or "Access Control" feature in your router settings. Find the offending device's MAC address in the client list and click the block button (often indicated by a hand or cross).
However, simply blocking the MAC address isn't a panacea. An experienced user can change their device's MAC address to one allowed on your network (cloning) and regain access. reliable protection This requires a comprehensive approach. The first step after detecting an intruder is to change the Wi-Fi network password. This will forcefully disconnect all devices, and you'll only have to reconnect your own devices using the new key.
It's recommended to disable WPS (Wi-Fi Protected Setup) in your wireless network settings, as it often has vulnerabilities that allow someone to easily guess the PIN code and access the network even without knowing the master password. Also, make sure the encryption type is selected.
WPA2-PSKorWPA3, avoiding the outdated and unsafeWEP.☑️ Actions upon detection of an intruder
Completed: 0 / 4Keep in mind that after changing the password, your internet speed should stabilize and the load on your router's processor should decrease. If the problem persists, there may be an unnoticed device remaining on the network, or the problem may be channel interference from neighboring routers.
Prevention and strengthening of network security
Regularly monitoring your connected devices should become a habit, especially if you live in a densely populated apartment building. But prevention is better than cure. Updating your router's firmware is a critical procedure. Manufacturers regularly release patches that close security holes that allow hackers to penetrate your network.
Use complex passwords that include not only letters but also numbers and special characters. Passwords should be at least 12 characters long. Avoid using personal information (birthdates, names) as access keys. Create a separate, complex administrator password for network management, separate from the Wi-Fi password.
If your router is very old and doesn't support modern encryption standards (only WEP or WPA/TKIP), no amount of settings will protect you from being hacked. In this case, the only reliable solution is to replace the equipment with a more modern model that supports it.
WPA3and automatic security updates.Can my neighbor steal my Wi-Fi if I hide the network name (SSID)?
Hiding your SSID isn't a reliable security method. Specialized programs can easily detect hidden networks by analyzing the service packets your router continues to send. This only creates inconvenience for you when connecting new devices, but it won't stop an attacker.
Does the number of connected devices affect internet speed?
Yes, directly. The connection bandwidth is shared among all active users. If someone is downloading files or watching 4K videos, it can completely clog up the bandwidth, making it difficult for other users to even access a text-based website. The router also has a limit on the number of simultaneous connections.
What should I do if I can't access my router settings?
Try connecting directly with a cable. If that doesn't help, check if your antivirus software is blocking access to local IP addresses. As a last resort, pressing the Reset button for 10-15 seconds will help, but this will restore factory settings, including your ISP password, which you'll need to re-enter.
Is it dangerous if an unknown printer or camera is connected to the network?
This is extremely dangerous. Hacked Internet of Things (IoT) devices are often used to create botnets or intercept traffic (MITM attacks). An attacker could access files on your computer or spy on you through a camera if they are on the same local network without proper isolation.