Every wireless network user is familiar with the sudden slowdown of their internet connection, with pages loading slowly. Often, the cause isn't a problem with your provider or weather conditions, but rather that someone else has connected to your access point. Modern smartphones allow you to run a full network diagnostic and identify all "guests" without even turning on your computer.
In this article, we'll explore proven methods for monitoring traffic and a router's active client list using only a mobile device. You'll learn how to distinguish between smart home system devices and unauthorized devices and understand the steps needed to protect your personal communications channel from unauthorized access.
Primary signs of unauthorized access
Before moving on to complex technical checks, it is worth paying attention to indirect symptoms that are often ignored. Speed drop Internet drops during peak hours may be normal, but if they occur suddenly in the middle of the night or early in the morning, it's cause for concern. It's also worth paying attention to the activity indicators on the router itself: if all your devices are turned off and the WLAN light is flashing rapidly, it means there's active data transfer.
Another warning sign is the inability to access the router settings. If you were previously able to access the control panel without any problems, but now the system returns an authorization error or the administrator password suddenly stops working, there's a high probability that the attacker has already changed your login credentials. In some cases, users notice strange redirects to advertising sites when attempting to open a search engine.
⚠️ Warning: Don't ignore a sudden increase in data usage if you have a metered data limit. Unauthorized users may download large files or use your connection for uploading, which will result in unexpected charges.
Modern Android and iOS operating systems have built-in notification mechanisms for new connections, but they don't always work correctly. Therefore, you should rely solely on objective data obtained through specialized software or the router's web interface. Only careful analysis will distinguish a false alarm from a real resource leak.
Using mobile apps to scan the network
The fastest way to get a list of all devices on a local network is to use specialized utilities. The leader in this niche for many years has been the app Fing, which is available free for both mobile platforms. It performs a deep port scan and provides detailed information about each device found, including the network card manufacturer and operating system type.
An alternative could be the utility WiFiman from the developers UbiquitiIt features a minimalist interface and lacks intrusive ads, making the verification process as convenient as possible. The program not only displays a list of clients but also allows you to run a speed test for each one, helping identify bandwidth-hogging connections.
When using third-party software, it's important to pay attention to the requested permissions. To function correctly, the scanner requires access to the local network and geolocation (this is a requirement for Android systems to work with the Wi-Fi module). Without these permissions, the app won't be able to see other devices within your wireless network.
- 📱 Fing — defines the device name, MAC address, vendor and open ports.
- 🚀 WiFiman — performs ping, checks speed and creates a network map.
- 🛡️ Network Scanner — a simple tool for quickly obtaining a list of IP addresses.
- 🔍 IP Tools — an all-in-one combine harvester with multiple diagnostic functions.
Once the scan starts, you'll see a list of all active nodes. Your task is to identify each device. Smartphones typically have the brand name (Samsung, Apple, Xiaomi) in their name, while TVs are often labeled as Android TV or LGE, and smart plugs may have strange numerical designations. If the list includes a device with the name Unknown or a brand that none of your equipment matches, this is a cause for concern.
Checking the router's web interface from your phone
The most reliable source of information is the router itself. To access its settings, open any browser on your smartphone (Chrome, Safari, Yandex) and enter the gateway's IP address in the address bar. Most often, this is 192.168.0.1 or 192.168.1.1, however, the exact address can be found in the Wi-Fi connection settings on the phone itself, in the "Details" or "Gateway" section.
After entering the address, the system will ask for your login and password. If you've never changed the default settings, they'll be found on a sticker on the bottom of the router. The default combinations often look like this: admin/admin or admin/passwordOnce in the control panel, you need to find a section that may be called "Status," "Network Map," "Clients," or "Wireless Statistics."
☑️ Actions upon detection of an intruder
The Attached Devices list displays all active connections in real time. Here you can see not only IP and MAC addresses, but also the connection type (2.4 GHz or 5 GHz). Some advanced router models, such as those from Keenetic or MikroTik, allow you to break the connection with a specific device or add it to the blacklist directly from the mobile interface.
AA:BB:CC:11:22:33
iPhone, PC, Unknown
Wireless, Ethernet
| Parameter | Description | Value to check |
|---|---|---|
| IP Address | A unique address on a local network | 192.168.x.x |
| MAC Address | Physical address of the network card | |
| Device Name | Device name (often edited) | |
| Connection Type | Connection type |
If you just turned off your laptop, it may still show up as active for a few minutes. To get a more accurate picture, it's best to refresh the status page or temporarily disconnect your devices to see who's still online.
MAC address analysis and device identification
The key identifier of any network equipment is MAC addressThis is a unique combination of six pairs of hexadecimal digits assigned by the network card manufacturer and, in theory, should never be repeated. The first three pairs of characters (OUI) are used to identify the device manufacturer, even if it's labeled "Device 1."
There are online databases and app features that can tell you which company the equipment belongs to based on its MAC address prefix. For example, the prefix 00:1A:2B may indicate a device Tenda, A 3C:5A:B4 — for products AppleIf you see a device listed with a vendor whose hardware you don't have (for example, an unknown network card), it's almost certainly a third-party device.
What is MAC address randomization?
Modern versions of iOS and Android use a private Wi-Fi address when connecting to new networks. This means the phone will present itself to the router as a random MAC address, different from the actual physical one. This can be confusing when trying to configure filtering based on the hardware address, as the address will change after reconnecting.
However, it's important to consider the MAC address randomization feature implemented in iOS 14 and Android 10+. To protect privacy, smartphones can generate a temporary address each time a connection is established. Therefore, relying solely on the MAC address to maintain a list of "private" devices becomes more difficult, and the connection time and hostname must also be taken into account.
For accurate identification, it's recommended to create an inventory of your devices in advance. Write down the MAC addresses of your TV, console, each smartphone, and smart speaker. This will take 10 minutes, but will save you hours of frustration later when checking your network. Comparing the list directly with your address book is the most reliable method.
Methods of blocking and protecting the network
If an intruder is detected, act now. The most effective method is to change your Wi-Fi password. This will disable all devices, and you'll have to reconnect them with a new key. The password should be complex: at least 12 characters, including upper- and lower-case letters, numbers, and special characters.
A more flexible tool - MAC filteringYou can enable "Whitelist" mode in your router settings. In this mode, only devices whose MAC addresses have been manually entered into the database will be able to access the network. All others, even with the password, will be unable to connect. This provides a high level of security, although it does require manual configuration of each new device.
- 🔒 Change password - a radical, but 100% effective method of resetting all connections.
- 🚫 Blacklist — blocking a specific intruder without changing the access key.
- 📝 Whitelist — allowing access only to trusted MAC addresses.
- ⏳ Schedule — disabling Wi-Fi at night through the router settings.
⚠️ Caution: Be extremely careful when enabling MAC filtering. If you enter an incorrect address or make a character error, you may block your own network access and lose the ability to manage the router via Wi-Fi.
It is also recommended to disable the function WPS (Wi-Fi Protected Setup). This technology allows you to connect with the push of a button, but it has known vulnerabilities that allow attackers to brute-force the PIN code and access the network even without knowing the master password. Disabling WPS closes this loophole.
Frequently asked questions and problems during verification
Users often encounter a device listed as "Unknown" or with a strange character set. In 90% of cases, these are smart home components: temperature sensors, smart light bulbs, or IoT modules in home appliances. They often lack displays to display their names and use standard network chips, which are incorrectly detected by the system.
Another common question: can my neighbor sniff my Wi-Fi if I've changed the password? Theoretically, if you have WPS enabled or are using a weak encryption protocol. WEP (which can be hacked in minutes), then yes. Modern protocols WPA2/WPA3 If the password is complex, it is almost impossible to crack it by brute force at home.
Don't panic if the number of connected devices is one more than you expected. Perhaps friends came over, and their phones automatically connected to the network and saved their profiles. Such devices may appear in the list sporadically, even if the guests are not home.
FAQ: Answers to frequently asked questions
Can a router show which websites a connected device is visiting?
A typical home router only displays the connection, IP/MAC addresses, and the amount of data transferred. It doesn't see the traffic content unless a special sniffer or parental controls with logging functionality are configured. However, the internet service provider technically has access to the DNS request history, but this data is protected by the Communications Act.
Why does the app show 5 devices, but the router only shows 3?
This could be due to old records being cached in the app. Alternatively, some devices (such as sleeping IoT sensors) aren't sending data packets right now, and the router considers them inactive, even though they're technically authorized. It's also possible that there's a guest network that appears as a separate interface.
Are free Wi-Fi test apps safe to use?
Popular apps from official stores (Google Play, App Store) from reputable developers are safe. They only scan your local network and don't transmit your personal data (passwords, photos) to their servers. However, avoid installing questionable APK files from third-party websites.
What should I do if I can't access my router settings from my phone?
Make sure your phone is connected to the router's Wi-Fi network, not your mobile data. Check the correct gateway IP address in the connection settings. If the page isn't loading, try using Incognito mode in your browser or clearing your browser cache.