It's often frustrating when the internet slows down, pages take forever to load, and video calls drop out. However, outages can be caused not only by your ISP or a technical malfunction, but also by simple traffic theft. If you didn't change the default passwords when installing your router, a neighbor or even a passerby could connect to your network if the signal reaches the street.
It's quite easy to detect the presence of "illegal" devices on your own if you know where to look. Modern routers, whether TP-Link, Asus or Keenetic, have built-in monitoring tools that display a list of all active clients. Ignoring this aspect of cybersecurity is not recommended, as an unauthorized user gains access not only to the internet but also potentially to local files.
In this article, we'll cover all available verification methods: from the admin web interface to dedicated mobile apps. You'll learn how to distinguish your devices from others, understand how to instantly disable an intruder, and what security settings you need to implement right away to prevent a recurrence.
Symptoms of unauthorized network access
The first sign that someone is using your Wi-Fi is a sudden drop in connection speed. If your data plan offers high speeds, but the video in YouTube If the connection is buffering even at low quality, consider checking your client list. This is especially noticeable during peak hours, when the channel load is at its highest, and each additional traffic consumer significantly reduces bandwidth.
The second warning sign is strange behavior of the indicators on the router body. The light WLAN Or the wireless network icon may flash frantically, even when all your devices are turned off or in sleep mode. This indicates active data packet exchange, the source of which is unknown.
⚠️ Note: Actively flashing indicators may also indicate a background update of games or the operating system on your devices. Don't panic ahead of time; first check the download status on your PC and smartphones.
An indirect sign may be the inability to connect to your router for configuration. Since the number of simultaneous connections is limited by the device's hardware (usually 10-32 clients), attackers can simply "push" you out of the available connections by consuming all the DHCP slots.
Checking via the router's web interface
The most reliable and accurate way to find out who's using your Wi-Fi is to access your router's control panel. To do this, open any browser on a device connected to the network and enter the gateway's IP address. Most often, this is 192.168.0.1 or 192.168.1.1, however, the exact address is always indicated on the sticker on the bottom of the device.
After entering your login and password (which are also on the sticker if you haven't changed them), you need to find the section responsible for the wireless network. Depending on the model and firmware, it may be called Wireless, Wi-Fi, Status or Network mapThis is where the table of active connections is contained.
The table typically displays MAC addresses, IP addresses, and sometimes device names. To figure out which devices are yours and which aren't, the easiest way is to disable Wi-Fi on all your devices and see which entries disappear from the list. The remaining entries will be the offending ones you're looking for.
Using mobile apps for analysis
If you have limited access to a computer or want to check on the go, specialized smartphone apps are a great solution. Programs like Fing, WiFi Analyzer or proprietary utilities from router manufacturers scan the network and provide a detailed report on all connected nodes.
Such applications often have advanced functionality: they can determine the manufacturer of the device by the MAC address (for example, they will show Apple, Samsung or Xiaomi), which greatly simplifies identification. You don't have to guess who owns a device with an address. A4:5E:60:C2:11:22, the application will immediately suggest the brand.
Additionally, many of these apps allow you to run speed tests directly within the app and monitor network changes in real time. If a new device appears on the list, you'll receive an instant notification. This is especially convenient for monitoring children or guests who might connect without permission.
Instructions for popular router models
Interfaces vary greatly between manufacturers, so let's look at specific navigation paths for the most common brands. Knowing the exact menu locations will allow you to quickly find the information you need without a lot of searching.
For devices TP-Link (green interface) the path usually looks like this: tab Wireless -> submenu Wireless Statistics. In new models with a blue interface (Archer) you need to go to the main page Basic or Advanced and look at the network map, where the icons of connected clients are clickable.
In routers Asus with firmware AsusWRT you need to go to the main page Network Map. There will be a section on the right or below. Clients (Clients), which displays all active connections. Clicking on the computer or smartphone icon displays detailed information.
Devices Keenetic (previously Zyxel) are renowned for their user-friendly interface. The main "System Monitor" page displays a network diagram at a glance. Clicking the home network icon opens a list of all clients. You can also rename a device for convenience or block access right there.
☑️ Network security check
Table of device identification by MAC address
One of the key parameters for identification is the MAC address. This is a unique identifier for a network card, consisting of 12 hexadecimal digits. The first six characters (OUI) identify the hardware manufacturer, helping to identify the connected device.
Below is a table with examples of MAC address prefixes from popular manufacturers. By comparing the first three character pairs of the address in the router's client list with the data in the table, you can quickly eliminate your devices.
| Prefix (OUI) | Manufacturer | Typical devices | Probability in a home network |
|---|---|---|---|
00:1A:2B |
Apple | iPhone, iPad, MacBook | High |
3C:5A:B4 |
Samsung | Smartphones, tablets, TV | High |
F4:F5:D8 |
Android smartphones, Chromecast | Average | |
00:50:C2 |
IEEE Registry | Various network cards | Low |
It's worth noting that modern smartphones (iOS and Android) can use the "Private Wi-Fi Address" feature when connecting to new networks. This hides the device's real MAC address and generates a random one. This can confuse whitelist filtering, so it's best to disable this feature on your devices for home networks.
Blocking Intruders and Protecting Your Network
Once you've identified an intruder, you should block them immediately. In the router's web interface, next to the device's name or MAC address, there's usually a "Block," "Deny," or lock icon button. Clicking this button will blacklist the intruder's address (Black List).
However, simply blocking your connection is a temporary measure. If you haven't changed your password, an attacker might try to reconnect, especially if they're using password-guessing software. Therefore, the most effective method is to completely change your Wi-Fi security key.
It is recommended to use the encryption standard WPA2-PSK or WPA3Old protocol WEP It can be hacked in minutes by any schoolchild with a phone. The password must be complex: contain upper- and lower-case letters, numbers, and special characters, and be at least 12 characters long.
It's also worth paying attention to the WPS function. It's designed to simplify connection, but it's one of the biggest security holes. In the wireless network settings (Wireless Settings) find the item WPS and set the value Disable or Disabled.
⚠️ Note: Router interfaces are constantly being updated. The layout of menu items may differ from that described in the instructions. If you don't find the option you need, check the official documentation on the manufacturer's website for your model.
Frequently Asked Questions (FAQ)
Can a neighbor find out my password if I haven't told it to anyone?
Yes, this is possible if you have WPS enabled or are using a weak password that is guessed programmatically. The password could also have been saved on a friend's device that the neighbor had access to, or you could have shared it with your guests and then forgotten to change it.
Can a connected neighbor see my files on my computer?
By default, Windows blocks discovery in public network profiles. However, if you have a home network configured with password-less file or printer sharing, access is theoretically possible. It's best to always use the "Public Network" profile for Wi-Fi connections.
Will my internet speed decrease if I just lock my device without changing the password?
Yes, your speed will return to normal as the channel becomes free. However, the blocked user will still see your network and can try to reconnect or use other attack methods, so changing your password is essential.
What should I do if I can't access my router settings (I forgot my administrator password)?
If the password for the web interface (not the Wi-Fi password, but the password for the router settings) is lost or changed, a factory reset is the only solution. To do this, press and hold the button Reset on the router body for about 10-15 seconds. After this, the device will need to be configured again.
Hidden MAC filtering feature
Many users don't know that instead of a blacklist (blocking), they can use a whitelist. In this mode, ONLY devices whose MAC addresses you manually add to the list will be able to connect to the Wi-Fi. This is the highest level of protection, but it requires registering each new device (a guest's phone, a new tablet) via a cable or temporarily enabling filtering.
In summary, monitoring connected devices is a basic skill for a modern user. Regularly checking your client list, using strong passwords, and disabling vulnerable features like WPS will make your home network an impenetrable fortress for free internet users.