Have you noticed your internet has become noticeably slower, even though your data plan remains the same? Or are your router's lights flashing like crazy when all your other home gadgets are asleep? In the digital age home network security No longer the preserve of IT specialists, it has become a necessity for every user. Unauthorized access to your access point can lead not only to traffic theft, but also to the leakage of personal data, the interception of passwords for banking applications, and the use of your IP address for illegal activities.
Modern routers Routers and routers provide ample tools for monitoring, but many equipment owners are unaware of the existence of "guests" on their network. A foreign device can sit idle for years or, conversely, actively download torrents while you're trying to load a page. Understanding How to see connected devices, is the first step to creating a secure perimeter for your digital fortress.
In this article, we'll explore proven methods for detecting intruders, from standard router settings to specialized software. You'll learn how to distinguish system processes from real devices, block unwanted connections, and configure protection so that even an advanced hacker can slip through. The most reliable method of protection is a comprehensive approach that includes changing the password, disabling WPS, and MAC address filtering. Let's start by analyzing the symptoms that should alert any attentive user.
Symptoms of strangers' presence on the network
The first warning sign is often an unexplained drop in connection speed. If you're paying for 100 Mbps and 4K video is lagging even at night, it's time to worry. However, don't panic: it could be caused by congestion from neighbors or problems with your provider. But if this is accompanied by strange indicator behavior router, which continue to actively blink when household members' computers and smartphones are turned off, the likelihood of hacking increases dramatically.
Another warning sign is the inability to access the router's admin panel. Attackers who gain access often change the administrator password to consolidate their presence. It's also worth paying attention to antivirus notifications if they appear on devices connected to Wi-Fi, even though files haven't been opened. This could indicate attempts at port scanning or attacks like Man-in-the-Middle.
- 📉 A sharp and constant decrease in internet speed for no apparent reason.
- 💡 Active blinking of the WLAN/Wi-Fi indicator at night or when no users are present.
- 🔒 Block access to router settings or change the network name (SSID) without your intervention.
- 📱 Unknown devices appearing in Bluetooth or DLNA connection lists.
⚠️ Note: Some smart devices (IoT), such as leak detectors or smart plugs, may transmit very little data, but their persistent presence in logs is normal. Do not confuse them with active loaders.
Checking via the router's web interface
The most reliable way to find out who's using your Wi-Fi is to look directly into the router's "brains." To do this, you need to enter the gateway IP address (usually 192.168.0.1 or 192.168.1.1) into the browser's address bar. After logging in (the default login and password are often found on a sticker on the bottom of the device, if you haven't changed them), find the section responsible for wireless networking.
Depending on the model and firmware, this section may have different names: Wireless, Wi-Fi, WLAN or StatusWe are interested in the subsection with the list of clients, often referred to as DHCP Client List or Attached DevicesThis displays all devices assigned an IP address by your router. The list will show IP addresses, MAC addresses, and sometimes device names.
The main difficulty for a beginner is identifying which device is which. A computer can be called DESKTOP-XYZ, and the phone is Android-123, but often the names remain standard, for example, Unknown or simply a set of characters. This is where MAC address comparison comes in handy. Every network interface in the world has a unique identifier.
To understand who is who, you can use a simple table of names and device types that are commonly found on home networks:
| Device type | Approximate name on the network | Nature of activity |
|---|---|---|
| Smartphone (Android) | Android, Samsung, Xiaomi | Constant background traffic |
| Laptop (Windows) | DESKTOP-.., LAPTOP-.. | Periodic updates, torrents |
| Smart TV | LG webOS, Samsung TV | High traffic when watching videos |
| IoT (Light bulbs, sockets) | TP-LINK, Tuya, SmartLife | Minimal, rare traffic |
If you see a device in the list that you can't identify, don't rush to block it. First, try turning off Wi-Fi on all your devices and see if the suspicious entry disappears from the list. If it remains, it's the intruder. For a more in-depth analysis, you can use ping commands or an ARP table, but for a basic check, a visual inspection of the DHCP list is sufficient.
Using specialized programs
A router's web interface is good, but not always user-friendly, especially if you need to quickly scan the network from a phone or tablet. This is where specialized network auditing utilities come in handy. They scan a range of addresses and display not only device names but also the network equipment manufacturer, significantly simplifying identification.
One of the most popular programs for PC is WireShark for deep packet analysis, but for quick inspection, simpler tools like Angry IP Scanner or Advanced IP ScannerThey work by pinging all possible addresses in a subnet and reporting live hosts. On mobile platforms, apps like Fing or Network Analyzer.
The advantage of such programs is their level of detail. They can display open ports, the device's operating system, and the time it was last seen online. This allows you to identify "sleeping" neighbors who only connect once a day to transfer data. Furthermore, many apps can assign device names and keep a connection history.
- 📱 Fing — the leader among mobile scanners, determines the device type and brand.
- 💻 Advanced IP Scanner — a lightweight and fast utility for Windows that does not require installation.
- 🛡️ GlassWire — monitors traffic in real time and alerts you about new connections.
- 🍏 Network Analyzer — a powerful tool for iOS and Android with detailed technical information.
⚠️ Note: Program interfaces and functionality may change with updates. Always consult the official developer guides if the default menu paths do not match those described in older manuals.
MAC address analysis and device identification
When you find an unknown device, the key to solving the mystery is its MAC address. This is a physical address consisting of 12 hexadecimal characters (e.g., 00:1A:2B:3C:4D:5E). The first three bytes (the first 6 characters) are called OUI (Organizationally Unique Identifier) and indicate the manufacturer of the network module.
There are many online services and databases where you can enter the first 6 characters of a MAC address and find out the manufacturer. If the address belongs to a company Apple, Samsung or Huawei, it's most likely someone's phone or tablet. If the manufacturer is Espressif or Realtek, it could be a smart light bulb or a cheap Wi-Fi adapter from a neighbor's laptop.
What is a spoofed MAC address?
Modern versions of iOS and Android use MAC address randomization to protect privacy. This means a phone can present itself to the network under different addresses, making it difficult to consistently identify by its hardware. However, on a home network, this rarely conceals the connection itself.
Most often, you'll see the actual addresses of the devices. If you find a device with a MAC address that matches your router's manufacturer but doesn't match any of your other devices, this is a reason to thoroughly check your cables and WPS settings.
Methods of blocking and protecting the network
Once the enemy is identified, they need to be neutralized. The simplest, but not always effective, method is to change your Wi-Fi password. This will disconnect everyone, including your devices, which will have to be reconnected. However, if your neighbor has brute-force software, they may be able to guess a new key, especially if you use a complex but common combination.
A more reliable method is MAC filteringYou can enable "White List" mode in your router settings. This will allow only devices whose MAC addresses you've manually entered into the table to access the network. All others, even with the password, will be blocked. This is a labor-intensive process if you have many devices, but it's extremely secure.
It is also critical to disable the feature WPS (Wi-Fi Protected Setup)This technology, which allows for connection at the push of a button, has vulnerabilities that allow the PIN code to be recovered within a few hours. In modern routers, WPS is often enabled by default and must be manually disabled in the wireless security section.
☑️ Wi-Fi Security Checklist
Don't forget to update your router's firmware. Manufacturers regularly release patches to fix security holes. Older versions of the software may contain backdoors that allow an attacker to gain complete control of the device, bypassing the need to brute-force the Wi-Fi password.