Many users are unaware that their home router keeps detailed activity logs: from a list of connected devices to the history of websites visited. This information can be useful for monitoring children, identifying suspicious devices on the network, or analyzing traffic. However, access to such data depends on the router model and its firmware - not all devices store history in the same way.
In this article we will look at, What data can be extracted from a router?, how to find them in the control panels of popular brands (TP-Link, ASUS, Keenetic, MikroTik), and what to do if standard logs aren't saved. We'll also discuss legal and ethical aspects — when checking a background check can violate the law, and when it is completely justified.
Let us warn you right away: if you are looking for a way to track personal messages or passwords via a router - this is technically impossible without specialized software. The router only records network activity (IP addresses, domains, connection times), but not the contents of encrypted connections (for example, HTTPS-traffic).
1. What data does a router store: what can you actually find out?
Before you dig into the settings, it's important to understand, what story exactly can be extracted. Most consumer routers store the following types of data:
🔹 List of connected devices — MAC addresses, IP addresses, hostnames (if supported), and connection/disconnection times. This is the bare minimum that even budget models include.
🔹 Logs of visited sites (DNS queries) - some routers (for example, Keenetic or ASUS with Merlin firmware) keep records of the domains accessed by devices on the network. However, this only works for HTTP-traffic — HTTPS is encrypted.
🔹 Traffic statistics — the volume of downloaded/uploaded data for each device or across the network as a whole. Useful for identifying bandwidth-hungry devices.
🔹 System logs — connection errors, hacking attempts, and settings changes. This data is more often of interest to administrators than to regular users.
❌ What the router DOESN'T have:
- 📱 Message history in messengers (WhatsApp, Telegram)
- 🔒 Passwords for websites or accounts
- 📷 Contents of uploaded files or photos
- 🎥 Viewing history on YouTube/Netflix (domain only, not specific videos)
Important: Even if the router stores DNS requests, modern browsers (Chrome, Firefox) and applications increasingly use their own DNS servers (for example, Cloudflare or Google), bypassing the router logs.
2. How to view a list of connected devices
This is the simplest information that can be obtained on any router. List of active and recent connections usually displayed in the section DHCP, Local area network or Wireless mode.
Instructions for popular brands:
- 🔧 TP-Link:
Advanced Settings → Local Network → DHCP → DHCP Client List - 🔧 ASUS:
Network Map → Clients(both wired and Wi-Fi devices are displayed) - 🔧 Keenetic:
Devices → Device List(indicating the connection type and MAC address) - 🔧 MikroTik:
IP → DHCP Server → LeasesorWireless → Registration Table
In most cases you will see:
- 🖥️ Device name (if it is transmitted via the protocol
mDNSor configured manually) - 🔢 MAC address (unique identifier of the network card)
- 📡 IP address (local, issued by the router)
- ⏱️ Connection time (not all models show)
🔍 How to identify an unknown device?
- Copy MAC address from the list.
- Enter it into a search engine or use a service like MAC Vendors - this will show the manufacturer of the network adapter (for example, Apple, Samsung, Xiaomi).
- If the device is connected via Wi-Fi, check signal - a weak level may indicate a neighbor who has connected to your network.
☑️ Checking suspicious devices
3. How to view your browsing history
Here everything is more complicated: Most home routers do not save website history. by default. Exceptions are models with advanced features (e.g. ASUS RT-AX88U with firmware Merlin or Keenetic with the "Access Control" module).
🔧 Method 1: DNS query logs (if supported)
- Go to your router's control panel (usually at
192.168.1.1or192.168.0.1). - Find the section
Logs,System logorStatistics. - Look for posts mentioning
DNS queryor domain names (for example,google.com,vk.com).
📌 Example log from Keenetic:
[12:35:47] DNS query from 192.168.1.100: youtube.com
[12:36:01] DNS query from 192.168.1.100: api.whatsapp.com
⚠️ Note: If the devices are using DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT), the router won't see these requests. This is how modern browsers work (Firefox, Chrome) and OS (Windows 11, Android 12+).
🔧 Method 2: Forward DNS to a third-party server
If your router doesn't keep logs, you can configure it to use an external DNS server with logging, for example:
- 🌍 OpenDNS (with function
Stats) - 🌍 CleanBrowsing (filtering + logs)
- 🌍 NextDNS (flexible settings + 30-day history)
To do this, go to the router settings (Internet → DNS) specify the server addresses (for example, 45.90.28.167 For NextDNS) and register an account on their website.
How are DNS logs handled?
Modern apps (such as Telegram or Netflix) often use hardcoded DNS servers (such as Google's 8.8.8.8), ignoring router settings. To block this, disable alternate DNS in your device settings or use firewall rules on your router.
4. View traffic statistics by device
If the website history is not available, traffic statistics It can provide indirect information about activity. For example, if one device downloaded 10 GB of data overnight, that's cause for concern.
📊 Where to look for statistics:
| Router brand | The Path to Statistics | What does it show? |
|---|---|---|
| TP-Link | Advanced Settings → Traffic Statistics |
Total traffic by device per day/week/month |
| ASUS | Administration → Traffic Log |
Download/upload graphs by IP addresses |
| Keenetic | Statistics → Traffic |
Details by application (if Application Control is enabled) |
| Zyxel | Monitoring → Traffic Statistics |
Top 10 devices by traffic consumption |
🔍 How to analyze data?
- 📈 Activity peaks at unusual times (such as 3 a.m.) may indicate background updates or viruses.
- 🎮 Large outgoing traffic (upload) — a sign of a torrent client or cloud backup.
- 🔄 Constant exchange of small packets - possibly a botnet or spyware.
⚠️ Attention: Some routers (eg. TP-Link (with factory firmware) reset statistics upon reboot. To avoid this, configure automatic saving of logs to a USB drive (if the router supports it).
5. Advanced Features: Third-Party Firmware
If the standard functions of the router are limited, alternative firmware can expand logging capabilities. Popular options:
🔧 DD-WRT - supports detailed traffic logs, MAC address restrictions and even VPN-server. Suitable for many models TP-Link, ASUS, Netgear.
🔧 OpenWRT - flexible firmware with the ability to install additional packages (for example, nlbwmon to monitor traffic or dnscrypt-proxy for DNS encryption).
🔧 Tomato - user-friendly interface with traffic visualization and support QoS (device prioritization).
⚠️ Warning: Installing third-party firmware can void the warranty And if the firmware is incorrect, brick the router. Before updating:
- Check the model compatibility on the firmware website.
- Make a backup of your current settings.
- Use a wired connection (not Wi-Fi!).
🔹 An example of setting up logging in OpenWRT:
- Install the package
nlbwmonthroughopkg install nlbwmon. - Start the service:
/etc/init.d/nlbwmon start. - View statistics in
Lucy (LuCI) → Statistics → Traffic.
6. Legal and Ethical Considerations: When Background Checking Is Illegal
Before digging into your connection history, it's worth remembering legislative restrictionsIn Russia and most countries eavesdropping on someone else's traffic without consent may be classified as a violation of the right to privacy of correspondence (Article 138 of the Criminal Code of the Russian Federation) or unauthorized access to information (Article 272 of the Criminal Code of the Russian Federation).
✅ When is a background check legal?
- 🏠 You are the owner of the router and network, and you check your devices or devices for minor children (with their knowledge).
- 🔒 There is a suspicion of network hacking (for example, unknown devices in the client list).
- 📄 You are the network administrator in the office and act within the framework of corporate policy (with notification of employees).
❌ When is history checking illegal?
- 🕵️ You analyze traffic neighbors, who have connected to your network (even if they use it without permission).
- 📱 You check your history adult family member without his consent.
- 💼 You use data for blackmail or distribution of personal information.
⚠️ Attention: Even if you are the owner of the network, saving logs with personal data (for example, social media browsing history) may be considered the processing of personal information. In Russia, this is regulated Federal Law No. 152 "On Personal Data", and long-term storage of such logs may require user consent.
🔹 What to do if you find suspicious activity?
- If this is unknown device — change your Wi-Fi password and enable MAC address filtering.
- If this is a virus on one of the gadgets - check it with an antivirus and update the firmware.
- If you suspect targeted hacking — Contact a cybersecurity specialist.
7. Alternative ways to track online activity
If the router does not provide the required information, you can use external tools:
🖥️ Network monitoring programs:
- 🛡️ Wireshark - deep packet analysis (requires skills).
- 📊 GlassWire — visualization of traffic by applications (for Windows).
- 📱 Fing — network scanning and device tracking (mobile versions available).
🌐 Cloud services:
- 🔒 OpenDNS — blocking unwanted websites + request logs.
- 🛡️ NextDNS — content filtering and detailed statistics.
- 👨👩👧👦 Qustodio - parental control with activity reports.
🔧 Configuring your router for enhanced logging:
If your router supports syslog, you can redirect logs to an external server:
- Find the section in your router settings
System Tools → System Log. - Specify the IP address of the server for logs (you can use free solutions like Papertrail).
- Set up filtering to save only the events you need (e.g.
DNS queries).
FAQ: Frequently asked questions about router history
❓ Is it possible to find out which specific pages were viewed on a website (for example, on YouTube)?
No, the router only sees the domain (for example, youtube.com), but not specific pages or videos. This requires access to the user's account or specialized software on their device.
❓ How long does the router store connection history?
It depends on the model:
- Budget routers (for example, TP-Link TL-WR840N) store logs for several hours or until reboot.
- Advanced models (eg ASUS RT-AX86U) can store data for up to 30 days.
- With third-party firmware (for example, DD-WRT) the storage period is configured manually.
❓ Is it possible to restore the history after resetting the router?
No, when resetting to factory settings (Reset) All logs and statistics are permanently deleted. If you need long-term history, configure log export to an external server or USB drive.
❓ Does the router see traffic through the VPN?
The router will see that the device is connected to the VPN server (by IP address), but not traffic contentDNS requests can also be hidden if the VPN uses its own DNS.
Is it legal to install firmware on a router to covertly log employee traffic?
In Russia this is regulated Labor Code (Articles 87, 88) And Federal Law No. 152The employer has the right to control the corporate network, but must:
- Notify employees about monitoring (in the internal labor regulations).
- Do not save personal data unless necessary (for example, correspondence in instant messengers).
- Use data for official purposes only.