Have you noticed your internet has slowed down even though your plan hasn't changed? Or is your router flickering more often than usual even though no one's home? It's possible that unauthorized devices have connected to your Wi-Fi network. This not only steals your data but also creates security risks: your router could be used to access personal data, bank accounts, or even use the network for illegal activities.
In this article you will find 7 proven methods, how to find out who is connected to your Wi-Fi - from simple methods through the router's web interface to advanced tools like Wireshark or FingWe will also tell you how identify "invisible" devices that disguise themselves as legitimate gadgets, and we'll give you instructions on how to block unwanted users on popular router models: TP-Link, ASUS, Keenetic, MikroTik and others.
No IT expertise required: all methods are described in detail, with step-by-step screenshots and explanations of technical terms. Whether you're a landlord, a small office owner, or simply looking to secure your home network, this guide will help you take control of your Wi-Fi.
1. Checking via the router's web interface (the easiest way)
Any modern router has a built-in control panel that displays a list of connected devices. This method works on 99% of models, including TP-Link Archer, ASUS RT, Keenetic And ZyxelThe main thing is to know your router's IP address and login information.
To open the web interface:
- Find out the IP address of your router. This is usually
192.168.0.1or192.168.1.1You can check this via the Windows command line:ipconfig | findstr "Default Gateway"On MacOS or Linux use the command:
netstat -rn | grep default - Enter the IP into the address bar of your browser (e.g.
http://192.168.0.1). - Log in. The default login/password is often found on the router sticker (usually
admin/adminoradmin/password).
The next step depends on your router model. Here's where to find a list of devices in popular firmware versions:
- 🔹 TP-Link:
Basic → Network MaporAdvanced → Network Tools → DHCP Clients - 🔹 ASUS:
Network map(in the main menu) orLocal Network → DHCP Server - 🔹 Keenetic:
Devices(on the main page) orHome Network → Client List - 🔹 MikroTik:
IP → DHCP Server → LeasesorWireless → Registration Table
In the list you will see:
- 📱 Device name (if it is not hidden)
- 🔢 MAC address (unique identifier)
- 🌐 IP address (local on the network)
- ⏱️ Connection time
⚠️ Attention: Some routers only show devices that received an IP via DHCP. If an attacker has manually assigned a static IP address, they may not appear in this list. To see All connected gadgets, check ARP table (we will talk about it below).
2. ARP table analysis (for advanced users)
ARP table (Address Resolution Protocol) is an internal registry of the router that stores the IP and MAC addresses of all devices it has interacted with. Unlike the list of DHCP clients, it displays All connected gadgets, even with manual network settings.
To view the ARP table:
- Connect to the router via
SSHor use the built-in terminal in the web interface (if available). - Enter the command:
arp -aOn MikroTik use:
/ip arp print
You will receive a list like this:
? (192.168.0.100) at 00:1a:2b:3c:4d:5e [ether] on eth0
? (192.168.0.101) at 00:1f:2e:3d:4c:5b [ether] on wlan0
Here:
192.168.0.100— device IP address00:1a:2b:3c:4d:5e- its MAC addresseth0orwlan0— connection type (cable or Wi-Fi)
Compare this list with your legitimate devices. Unknown MAC addresses are cause for concern. To simplify the check, use online services like MAC Vendors, which show the manufacturer by the first 6 characters of the MAC address.
3. Mobile applications for network scanning
If you're uncomfortable using your router's web interface or commands, use specialized apps. They scan your local network and display all connected devices with detailed information, including hostname, MAC address, manufacturer, and even activity history.
Top 5 apps for Android And iOS:
| Application | Platform | Peculiarities | Price |
|---|---|---|---|
| Fing | Android, iOS | Scans ports, identifies vulnerabilities, and maintains device history | Free ($2.99/month premium) |
| NetScan | Android | Shows connection speed, supports Wake-on-LAN | For free |
| IP Network Scanner | Android | Exports reports to CSV, checks open ports | For free |
| Network Analyzer | iOS | Tests speed and shows traffic route (traceroute) | $3.99 |
| WiFi Guard | Android | Automatically notifies you of new devices on the network | For free |
How to use Fing (for example Android):
- Download the app from Google Play or App Store.
- Connect to your Wi-Fi network.
- Click
Scan— after 10–30 seconds a list of devices will appear. - Tap any device to see details: MAC address, manufacturer, open ports.
The advantage of apps is that they often show hidden devices, which are not displayed in the router's web interface. For example, if an attacker connected through WPS or uses MAC-spoofing (MAC address spoofing), some applications will be able to calculate it.
⚠️ Attention: Apps only scan the subnet your device is in. If your router distributes multiple networks (for example,2.4 GHzAnd5 GHz), connect to each one in turn to check all connections.
4. Checking via the command line (Windows, MacOS, Linux)
If you don't have access to your router or prefer to work without a graphical interface, you can scan your network using the command line. This method is universal and works on any device.
For Windows:
- Open
Command line(Win + R→ entercmd). - Enter the command to view active connections:
arp -a - To get more data, use:
nbtstat -a [IP address]For example:
nbtstat -a 192.168.0.101
For MacOS/Linux:
- Open
Terminal. - Scan the network with the command:
nmap -sn 192.168.0.0/24(replace
192.168.0.0/24to your subnet). - For detailed information about the device:
sudo nmap -O 192.168.0.100
The result will look like this:
Nmap scan report for 192.168.0.100
Host is up (0.045s latency).
MAC Address: 00:1A:2B:3C:4D:5E (Apple)
If you see devices with unknown MAC addresses or manufacturers (eg. Unknown, Xiaomi, when you don’t have gadgets of this brand), this is a reason to block them.
What to do if nmap is not installed?
On Windows, download nmap from the official website (https://nmap.org/) and add it to your PATH.
On MacOS install via Homebrew: brew install nmap.
On Linux (Debian/Ubuntu): sudo apt install nmap.
5. How to identify "invisible" devices (MAC spoofing, hidden connections)
Experienced attackers can disguise their devices by spoofing the MAC address (MAC-spoofing) or using rare connection protocols. Here's how to detect them:
Method 1: Traffic Monitoring
Use programs like Wireshark (free) or GlassWire (paid) to analyze network traffic. They show:
- 📊 Volume of transferred data (unexpectedly high traffic from an unknown device)
- 🔄 Suspicious connections (for example, to servers in other countries)
- ⚡ Unusual protocols (For example,
TOR,VPN)
Method 2: Checking the router log
In the router's web interface, find the section Logs or System log (usually in Advanced/Administration). Look for entries like this:
DHCP: Assign IP 192.168.0.105 to MAC 00:1A:2B:3C:4D:5E— assigning an IP address to a new deviceWireless: Associated MAC 00:1F:2E:3D:4C:5B— Wi-Fi connectionFirewall: Blocked attack from 192.168.0.103- hacking attempts
Method 3: Test for "ghost" devices
Turn it off All Your Wi-Fi gadgets (including smart light bulbs, TVs, and printers) are blocked. If active MAC addresses remain in the list of connected devices, they are 100% unauthorized users.
6. Blocking unwanted devices
Once you've identified any unwanted devices, you need to block them. Here's how to do this on different routers:
TP-Link:
- Go to
Advanced → Wireless → MAC Filter. - Select
Enable filteringand add unknown MAC addresses to the blacklist. - Save the settings and reboot the router.
ASUS:
- Open
Local Network → MAC Filter. - Enter the MAC address and select
Block. - Apply the changes.
Keenetic:
- Go to
Home Network → Devices. - Find the unwanted device and click
Block.
Universal method (for all routers):
Change your Wi-Fi password to a more complex one (at least 12 characters, including numbers and special characters). This will disconnect all users, preventing them from reconnecting without a new password.
Change the password to WPA3 (or WPA2 if WPA3 is not supported)
Disable WPS (vulnerable to hacking)
Enable MAC address filtering
Update your router's firmware
Hide SSID (don't show network name)-->
⚠️ Attention: MAC address blocking isn't the most reliable measure, as MAC addresses can be spoofed. It's best to combine it with other methods, such as a complex password or disabling the MAC address. WPS and regular network monitoring.
7. Additional security measures
To minimize the risk of re-hacking, follow these steps:
1. Update your router firmware
Outdated firmware contains vulnerabilities that hackers exploit. Check the latest version in the section System → Software Update.
2. Disable remote control
In the router settings (Administration → Remote Management) Disable internet access. This will prevent hacking through vulnerabilities in the web interface.
3. Set up a guest network
If you need to share Wi-Fi with guests, create a separate network with limited access to local resources:
- 🔧 On TP-Link:
Guest Network → Enable - 🔧 On ASUS:
Guest Network → Add Network
4. Turn on notifications for new devices
Some routers (eg. Keenetic) and applications (for example, Fing) can send push notifications when a new gadget is connected. Configure them in the section Notifications.
5. Check connected devices regularly
Add a weekly network scan to your calendar. It only takes 5 minutes, but it can help you spot a hack early.
FAQ: Frequently Asked Questions about Wi-Fi Security
Is it possible to find out who exactly connected to my Wi-Fi (name, address)?
No, you can't identify a user by their MAC or IP address. The most you can learn is the device model (e.g., iPhone 12 or Samsung Galaxy S21) and manufacturer (by MAC address). Identifying a specific individual will require the involvement of law enforcement agencies.
What should I do if my neighbor hacked my Wi-Fi and refuses to disconnect?
First, change your password to a more complex one (use WPA3 or WPA2-AES) and block its MAC address. If this does not help, contact your ISP - some operators (for example, Rostelecom or Beeline) can help with blocking at the hardware level. As a last resort, file a police report under Article 272 of the Russian Criminal Code ("Unauthorized access to computer information").
Can a hacker connect to me even if I hide my SSID?
Yes. Hiding the network name (SSID) does not protect against hacking - experienced users can find the network using scanners like Kismet or Wiggle Wi-FiThis only creates a minor inconvenience for legitimate users. It's better to focus on a strong password and MAC address filtering.
How can I check if a smart device (such as a camera or TV) is stealing my data?
Use apps like GlassWire or built-in traffic monitoring in the router (section Statistics or TrafficIf your camera transmits gigabytes of data per day, it may have been hacked and used for broadcasting or mining. Update your device's firmware and change its password.
Is it possible to track a hacker by IP address?
IP address on the local network (for example, 192.168.0.100) is useless for tracking. The external IP (assigned by the ISP) can be checked through services like 2ip.ru, but it usually belongs to the provider, not a specific person. Identifying the perpetrator would require legal action.