How to find out who is connected to your Wi-Fi router

Slow internet speeds and sudden lags in games are often the first signs that someone has connected to your home network. In the digital age, Wi-Fi security It's no longer the preserve of IT specialists and has become a basic skill for every user. If you notice that your lights are flashing excessively even when you're not around, or your page loading speed has dropped to a crawl, it's time to take stock of your connected devices.

Checking your router's client list isn't just a way to spot a "freeloader" but also an important measure to protect your personal data. Uninvited guests can not only consume your bandwidth but also intercept data packets, gaining access to passwords for banking apps or personal correspondence. In this article, we'll discuss proven methods that will help you identify the offender and regain control of your own network.

There are several monitoring methods, from the router's built-in features to specialized software. The choice of method depends on your technical expertise and the equipment model. We'll cover universal algorithms that are suitable for most modern devices. TP-Link, Asus, Keenetic and other popular brands.

Symptoms of unauthorized network access

Before tinkering with settings, it's worth analyzing indirect signs of intruder presence. Users often ignore obvious signs, blaming them on bad weather or old equipment. However, a combination of several factors almost always indicates a compromise. Wi-Fi networks.

Pay attention to the behavior of the indicators on the router. The light that indicates the wireless connection (usually labeled WLAN, Wi-Fi, or antenna) should blink in sync with your activity. If you've turned off all your devices and the indicator continues to blink rapidly and erratically, it means there's active data transfer. This is a sure sign that someone is downloading files or watching videos through your channel.

⚠️ Attention: Modern routers may have "smart" indicator blinking features or background firmware update processes that also cause activity. Don't draw conclusions based solely on blinking lights.

Another warning sign is a sharp drop in speed. If your provider guarantees 100 Mbps, but you're barely getting 5 Mbps without heavy tasks, your connection may be overloaded. This is especially noticeable in the evenings when neighbors are also online, but even then, the drop shouldn't be catastrophic. Use Speedtest or similar services for measuring actual bandwidth.

List of the main signs of an illegal connection:

  • 📉 A sharp drop in internet connection speed during off-peak hours.
  • 💡 Active blinking of the Wi-Fi indicator when personal devices are turned off.
  • 🔒 Access to the router admin panel is blocked (the administrator password has changed).
  • 📱 Unknown devices with names like "Android-xxx" appearing in the Bluetooth or AirDrop list.

Don't forget about software notifications either. Some antiviruses and firewalls can monitor the number of connections on the local network and may issue a warning about a new device. If you see the message "A new device has connected to the network" but no one in your household has turned anything on, this is a reason to check immediately.

Checking via the router's web interface

The most reliable and accurate way to find out who's using your Wi-Fi is to look into your router's settings. The web interface (admin panel) provides comprehensive information about all active clients, their IP addresses, and MAC addresses. To log in, you'll need the gateway address (usually 192.168.0.1 or 192.168.1.1) and your username and password.

After authorization, look for a section, the name of which may vary depending on the manufacturer. TP-Link This is often a tab Wireless -> Wireless Statistics or DHCP -> DHCP Client ListIn routers Asus need to go to Network map and select the clients icon. Keenetic the section is called - Client list or My Networks and Wi-Fi.

In the list that opens, you'll see a table with connected devices. It's important to be able to distinguish your gadgets from others. Devices are typically listed by their hostname, for example, Ivan-iPhone or Smart-TV-LivingIf the name isn't specified, it may appear as a string of characters or simply "Unknown." In this case, use the MAC address—the unique identifier of the network card—as a guide.

☑️ Checking the client list

Completed: 0 / 4

For precise identification, use the manufacturer and MAC address prefix mapping tables. The first six characters of the address indicate the device brand:

MAC prefix (example) Manufacturer Typical device
A4:5E:60... Apple iPhone, iPad, MacBook
00:1A:2B... Samsung Smartphones, TV
B8:27:EB... Raspberry Pi Single-board computers
AC:22:0B... Xiaomi Telephones, vacuum cleaners

If you find a device you can't identify, don't panic. It could be a smart plug, light bulb, or set-top box you forgot about. Disable Wi-Fi on all your devices one by one and see if the suspicious entry disappears from the list. If the "illegal" client remains connected to the network after disabling all your devices, it's 100% a hacker.

Using mobile apps for analysis

If accessing your computer is difficult or the router interface seems too complex, specialized smartphone apps can help. They scan the network and present information in a convenient visual format. One of the most popular tools is Fing, which is available for Android and iOS.

The app works like a network scanner. After installation and launch, it automatically detects your IP address and begins pinging all possible addresses on the local subnet. The result is a list of all devices that responded to the request. You'll see their IP address, MAC address, manufacturer, and often the device model.

The advantage of mobile utilities is their simplicity and additional security features. Many can send notifications when a new device is connected or even test for port vulnerabilities. However, keep in mind that these apps only see the network from your phone's perspective.

Limitations of mobile scanners

Mobile apps only see devices that are on the same subnet and not hidden by AP Isolation settings. If the router is configured for guest access with separate networks, the phone may not "see" devices connected to the guest SSID.

Other useful network auditing apps:

  • 📡 WiFi Analyzer — shows not only clients, but also channel load, which helps select a free frequency.
  • 🛡️ Network Scanner — provides detailed technical information about each host.
  • 🔍 Angry IP Scanner — a cross-platform scanner, there is also a version for mobile devices.

Use these tools regularly, especially if you frequently connect to public Wi-Fi networks or have a default router password that you haven't changed since purchasing the equipment.

Command line and network utilities

For users who prefer the classic approach and don't want to install unnecessary software, using the operating system's command line is an excellent option. This method allows you to obtain raw data directly from the network card, without intermediaries.

In the operating system Windows Open the command prompt (cmd) or PowerShell. Enter the command arp -aIt will display an ARP table, which contains mappings between IP addresses and physical MAC addresses of devices with which your computer has recently communicated. This isn't a complete list of all router clients, but only those that are currently active or have been active recently.

C:\Users\User>arp -a

Interface: 192.168.1.5 --- 0x3

Internet Address Physical Address Type

192.168.1.1 00-1a-2b-3c-4d-5e dynamic

192.168.1.10 a4-5e-60-11-22-33 dynamic

192.168.1.255 ff-ff-ff-ff-ff-ff static

On macOS and Linux, a similar command is used in Terminal. Open Terminal and enter arp -a or ip neigh (for Linux). You'll get a similar result. If you see an IP address that doesn't belong to any of your devices (usually in the 192.168.1.x or 192.168.0.x range) and you don't know its MAC address, that's cause for concern.

For a more in-depth analysis, you can use the utility nmapThis is a powerful network scanner that can detect not only the presence of a device, but also open ports, the operating system, and even the firmware version. The command nmap -sn 192.168.1.0/24 will scan the entire subnet and return a list of active hosts.

Protective measures and blocking uninvited guests

If the scan confirms your suspicions and you've found an intruder, you need to act quickly and decisively. Simply disabling the device via the web interface is often insufficient, as the attacker can simply reconnect within a minute. A comprehensive approach is required. network security.

The first and most effective step is to change your Wi-Fi password. After doing this, all devices will be disconnected, and you'll have to re-enter the new key on each device. Make sure the new password is complex: use at least 12 characters, including uppercase and lowercase letters, numbers, and special characters.

The second step is MAC address filtering. This feature is called "MAC Filter" or "Access Control." You can configure your router to accept connections only from a strictly defined list of devices (whitelist). Even with the password, an intruder won't be able to connect because their physical address isn't on the whitelist.

⚠️ Attention: MAC addresses can be spoofed (cloned). MAC filtering is a good barrier against random neighbors, but it's not a complete defense against a skilled hacker who can copy the address of your authorized laptop.

It's also recommended to disable the WPS function. This technology is designed for quick connection without entering a password, but it has known vulnerabilities that allow someone to guess the PIN code in a matter of hours. Leaving WPS enabled leaves the door open to hackers. Disable it in the section Wireless -> WPS.

Security Prevention and Configuration

To prevent the "neighbor's Wi-Fi" problem from returning, it's important to maintain basic digital security hygiene. Regularly update your router firmware. Manufacturers release patches to fix