Have you noticed your internet has slowed down and your data is running out early? Perhaps strangers—neighbors, guests, or even hackers—have connected to your Wi-Fi. In this article, we'll look at... How to find out who is using your Wi-Fi, which websites connected devices visit, and what to do if you detect unauthorized access.
Modern routers allow you to monitor network activity, but not all users know where to find this information. We'll cover both standard network administrator tools and specialized traffic monitoring programs. It's important to understand that some methods require technical knowledge, while others are accessible even to beginners.
We warn you in advance: Tracking the websites other users visit may violate privacy laws unless you own the network or have obtained consent.Use this knowledge only to protect your network from hacking.
1. Check the list of connected devices via the router
The easiest way to identify "unnecessary" gadgets is to look at the list of active connections in the router control panel. Most modern models (TP-Link, ASUS, Keenetic, MikroTik) provide this information.
Instructions for popular brands:
- 🔹 TP-Link: Go to
Wireless Mode → Wireless Mode StatisticsorDHCP → DHCP Client List - 🔹 ASUS: Open
Network Map → ClientsorLocal Network → DHCP List - 🔹 Keenetic: Go to
Devices → Device ListorStatistics → Connected Devices - 🔹 MikroTik: IN
IP → DHCP Server → LeasesorWireless → Registration Table
Pay attention to the unknowns MAC addresses and device names. If you see a gadget with the name android-123456 or iPhone-789abcIf you see a device that isn't in your home, this is cause for concern. Many routers allow you to block unknown devices directly from this menu.
⚠️ Warning: MAC addresses can be spoofed! If you see a familiar device name but doubt its legitimacy, check the IP address and connection time.
Write down the MAC address and device name|
Check if a guest has connected to you recently|
Try turning off the device through the router control panel|
Change your Wi-Fi password if you have any concerns about security-->
2. Analyze traffic using the router's built-in tools
Some advanced routers can show not only a list of devices, but also volume of consumed trafficThis helps identify bandwidth-hungry gadgets that may be slowing down your internet.
Where to find traffic statistics:
- 📊 ASUS RT-AC86U and newer:
Adaptive QoS → Traffic Analysis - 📊 Keenetic:
Statistics → Traffic by Device - 📊 TP-Link Archer C7/C9:
Advanced Settings → Traffic Statistics - 📊 MikroTik:
IP → Traffic FloworTools → Traffic Monitor
If one of your devices is consuming a suspicious amount of data (e.g. 50GB in a day), it may indicate:
- 🎥 Video streaming in 4K
- 🕹️ Online games with big updates
- 🔄 Torrent clients or file downloads
- 🕵️♂️ Hacking the network and using it for illegal purposes
On routers ASUS with firmware Asuswrt-Merlin Traffic breakdown by protocol is available. You can see how much data is being spent YouTube, Netflix or Torrent.
⚠️ Note: The router's built-in tools only show overall traffic, not specific websites visited. For detailed analysis, specialized software is required.
3. Using third-party programs to monitor the network
If your router's capabilities aren't sufficient, you can install network analysis programs on your computer or smartphone. They'll show not only the connected devices, but also active compounds, ports used and sometimes even visited sites.
Popular programs for different platforms:
| Program | Platform | Possibilities | Complexity |
|---|---|---|---|
| Wireshark | Windows, macOS, Linux | Deep packet analysis, protocols, IP addresses | ⭐⭐⭐⭐ |
| GlassWire | Windows, Android | Real-time traffic monitoring, blocking suspicious connections | ⭐⭐ |
| Fing | iOS, Android, Windows | Network scanning, device discovery, port checking | ⭐ |
| NetCut | Windows, Android | Disconnecting devices from the network, analyzing the ARP table | ⭐⭐⭐ |
| Angry IP Scanner | Windows, macOS, Linux | Scanning IP addresses, searching for open ports | ⭐⭐ |
For beginners, the easiest way to start is with Fing (available on smartphones) or GlassWireThese programs display a list of devices with manufacturer (by MAC address), connection time, and traffic volume.
More experienced users can try Wireshark, but be careful: the program is captivating all packages online, including potentially sensitive information. Use filters to avoid breaking the law:
ip.addr == 192.168.1.100 && http.request.method == "GET"
4. Set up parental controls to monitor activity
Many routers support the function parental control, which not only restricts access to websites, but also leads visitor logThis is a legal way to find out what resources connected devices (for example, children or employees) are visiting.
How to enable parental controls:
- 🔧 TP-Link:
Additional settings → Parental controls - 🔧 ASUS:
Adaptive QoS → Parental ControlorFirewall → URL Filter - 🔧 Keenetic:
Family → Parental Controls - 🔧 Zyxel Keenetic:
Security → Access Control
In the settings you can:
- 📝 Keep a log of visited websites (not available on all models)
- 🕒 Limit internet access time
- 🚫 Block specific categories of websites (social networks, games, torrents)
- 📱 Bind rules to specific devices by MAC address
For example, on routers ASUS with firmware Asuswrt-Merlin module available AiProtection, which shows:
- 🛡️ Blocked malicious websites
- 📊 Visitor statistics by category (social media, video, games)
- ⚠️ Network hacking attempts
⚠️ Note: Visitor logs take up router memory. Set up automatic log clearing or export if you use this feature regularly.
5. Check DNS queries to identify visited sites
All devices on your network access DNS serversto convert website names (eg. google.com) into IP addresses. By intercepting these requests, you can find out which resources connected devices are visiting.
Methods for analyzing DNS queries:
- 🔄 Setting up your DNS server (For example, Pi-hole on Raspberry Pi). It will log all requests.
- 🖥️ Using programs like dnstop (Linux) or DNSQuerySniffer (Windows).
- 📊 Router log analysis, if it supports DNS logging (available at MikroTik, pfSense).
Example command to view DNS queries in real time on Linux (requires root privileges):
sudo tcpdump -i eth0 udp port 53
What can you see in DNS logs:
- 🌐 Names of visited websites (e.g.
vk.com,youtube.com) - ⏱️ Website access time
- 📱 The device from which the request was made (by IP or MAC)
- 🔍 Attempts to connect to suspicious domains (may indicate viruses)
On routers MikroTik You can configure DNS query logging via:
/ip dns set allow-remote-requests=yes
/tool sniffer set filter-interface=bridge filter-port=53 file-name=dns_log
How to protect your DNS queries from eavesdropping?
If you don't want network owners to see what sites you visit, use encrypted DNS:
- 🔒 Set up
DNS-over-HTTPS(DoH) in the browser (Chrome, Firefox) - 🛡️ Use
DNS-over-TLS(DoT) on device (Android 9+, iOS 14+) - 🌍 Connect to a VPN (but this hides all traffic, not just DNS)
6. Detection of suspicious activity based on indirect signs
Even without specialized tools, you can suspect that someone else is using your Wi-Fi. Look for the following signs:
- 🐢 Internet slowdown at the usual time (in the evening, when everyone is at home)
- 📉 Unexplained decrease in traffic (if you have a limited tariff)
- 🔄 Router indicator activity at night when everyone is sleeping
- 🔌 Unknown devices on the network (see section 1)
- 🔒 Attempts to log into the router panel (authentication logs)
For example, if your router is flashing like Christmas lights at 3 a.m. and everyone at home is asleep, it's time to check your list of connected devices. The same goes for a situation where your internet speed drops to 1 Mbps for no apparent reason.
Some routers (eg. ASUS With AiProtection) are able to detect:
- 🕵️♂️ Brute-force attacks (brute-force)
- 🦠 Infected devices on the network (botnets, mining)
- 🔄 Suspicious outgoing connections (for example, on ports 22, 3389)
If you notice any such activity, please contact us immediately. change your Wi-Fi password and scan your devices for viruses. It's possible your network was hacked not to steal your internet connection, but for more dangerous purposes (such as sending spam).
7. Legal aspects: what is possible and what is not
Before you begin monitoring your network activity, it's important to understand the legal restrictions. Russia and most countries around the world have laws regarding data privacy And privacy.
What is allowed:
- ✅ Check list of connected devices (MAC, IP, name)
- ✅ Analyze total traffic (data volume, protocols used)
- ✅ Block unknown devices on your network
- ✅ Customize parental control for minors
What is prohibited or requires consent:
- ❌ Intercept and read the contents of transmitted data (for example, messages in instant messengers)
- ❌ Collect personal information (logins, passwords, search history)
- ❌ Disseminate data about websites visited to third parties
- ❌ Use the information obtained for blackmail or pressure
In Russia, illegal interception of traffic is punishable under the article Article 138 of the Criminal Code of the Russian Federation ("Violation of the privacy of correspondence, telephone conversations, postal, telegraphic, or other communications"). The maximum penalty is up to 4 years' imprisonment.
If you are a landlord and provide Wi-Fi to tenants, be sure to include the following in your lease agreement:
- 📜 The right to monitor traffic to prevent illegal activity
- 🚫 Ban on using the network to distribute pirated content
- ⚠️ Warning about possible blocking of devices due to suspicious activity
⚠️ Warning: If you discover that your Wi-Fi is being used for illegal activities (distribution of pirated content, hacking attacks), contact the police immediately. Otherwise, the network owner may be held liable.
FAQ: Frequently Asked Questions about Wi-Fi Security
Is it possible to find out which specific websites are visited by connected devices?
Yes, but with some reservations:
- 🔍 Through parental control on the router (if supported)
- 🖥️ Using programs like Wireshark (requires skills)
- 📊 Through DNS logs (only domain names are visible, not specific pages)
However, collecting such information may violate privacy laws if you do not warn network users.
How to block an unknown device on the network?
Blocking methods:
- From the router panel: find the device in the client list and select "Block" or "Ban."
- Through
MAC filtering: Add the device's MAC address to the blacklist (Wireless Mode → MAC Filter). - Change your Wi-Fi password - all devices will disconnect.
- Use programs like NetCut (Android/Windows) to force shutdown.
On routers MikroTik blocking is carried out by the command:
/ip firewall filter add chain=forward mac-address=00:11:22:33:44:55 action=drop
Can my neighbor connect to my Wi-Fi if I hide the network name (SSID)?
Hiding SSID (Hidden Network) does not protect from the connection! An attacker can:
- 🔍 Detect the network using programs like inSSIDer or Wiggle Wi-Fi.
- 📡 Connect manually, knowing the network name (even if it is hidden).
- 🔑 Pick a password if it is weak (for example,
12345678).
Hiding your SSID only makes it more difficult for legitimate users to connect. For protection, use WPA3, complex password and disable WPS.
What should I do if my Wi-Fi is hacked?
Follow the algorithm:
- Disconnect your router from the Internet (remove the provider cable).
- Reset your router to factory settings (button
Resetfor 10 seconds). - Update your router firmware to the latest version.
- Reconfigure the network:
- Install WPA3 (or WPA2-AES, if WPA3 is not supported)
- Create a complex password (example:
k7#pL9!vN2@qR4) - Turn it off
WPS,UPnPand remote access - Turn on firewall And DDoS protection (if any)
If the hack continues, your router may be vulnerable. Consider purchasing a new model with support. WPA3 and regular firmware updates.
Is it possible to track who specifically connected to my Wi-Fi (for example, a neighbor)?
Technically determine the identity It is impossible to identify a person by MAC address or IP. However, it is possible:
- 📡 Estimate device location by signal level (programs like Fing show signal strength in dBm).
- 🕵️♂️ Find out device manufacturer by the first 3 bytes of the MAC address (for example,
00:1A:79— Samsung). - 📅 View connection time (if it matches the schedule of neighbors, this is an indirect sign).
To accurately identify the perpetrator, a police report and router logs will be required. Independent actions (such as "signal warfare" with a neighbor) may be considered a violation of the law.