How to check who's connected to your Wi-Fi and block unwanted devices

Is your internet slowing down and your data plan is dwindling? Someone else might be accessing your Wi-Fi. According to Juniper ResearchMore than 30% of home networks have unsecured access points, and 15% of users don't even know how to check the list of connected devices. In this article, we'll look at how to identify "uninvited guests," determine their MAC addresses, and permanently block access to your network—without unnecessary technical complications.

Verification methods vary depending on the router model and firmware, but the general process is the same: log into the admin panel, review the client list, and apply filtering. We'll cover options for popular brands (TP-Link, ASUS, Keenetic, MikroTik), as well as universal methods through mobile applications and third-party utilities. Important: MAC address blocking isn't a panacea—experienced attackers can spoof it, so combine methods.

If you're a landlord or owner of an office where Wi-Fi is shared among multiple people, learn to distinguish legitimate devices from suspicious ones. For example, a tenant's smartphone with the name iPhone-12-Pro - this is normal, but the unknown Android-5a3f8d Activity at 3 a.m. is cause for concern. At the end of this article, you'll find a FAQ with answers to commonly asked questions, including "Can I find out who's using my Wi-Fi by name or IP?"

📊 How often do you check the devices connected to your Wi-Fi?
Never
Once every six months
Only if the internet is slow
Regularly, once a month

1. How to access the router settings and find a list of connected devices

The first step is accessing the admin panel. To do this:

  • 🌐 Enter in the address bar of your browser 192.168.0.1 or 192.168.1.1 (less often) 192.168.8.1 for some models TP-Link). If the page does not open, check your router's IP using the command ipconfig (Windows) or ifconfig (macOS/Linux).
  • 🔑 Enter your login and password. By default, this is often admin/admin or admin/passwordIf the data has changed, use the button Reset on the back panel of the router (hold for 10 seconds).
  • 🔍 Look for sections like DHCP Clients List, Connected Devices, Wireless Clients or Local area network (in Russian-language firmware). In Keenetic This List of devices, V ASUSNetwork map.

Example path for popular routers:

BrandPath to the list of devicesDefault login/password
TP-LinkBasic → DHCP → DHCP Clients Listadmin/admin
ASUSNetwork Map → Clientsadmin/admin
KeeneticList of devices (main menu)No password (login only) admin)
MikroTikIP → DHCP Server → Leasesadmin (password is empty)
ZyxelNetwork → Local Area Network → DHCPadmin/1234

If your router gives an error when logging in, check:

  • 🔌 Is the Ethernet cable connected to the port? LAN (if you are logging in from a PC).
  • 📶 Are you connected to this network's Wi-Fi (mobile devices sometimes "forget" the network).
  • 🔄 Reboot the router using the button Power or by removing the power supply for 30 seconds.
⚠️ Attention: If you haven't changed the default administrator password, anyone connected to your network can access your router settings. Be sure to set a strong password (at least 12 characters, including numbers and special characters) in the "Administrator" section. System Tools → Password (or similar).

2. How to distinguish your devices from others: analyzing the client list

In the list of connected devices you will see the following columns: IP address, MAC address, Host name (Device Name), Connection time And Connection type (Wi-Fi/ETH). Your task is to identify all your gadgets.

Signs of "own" devices:

  • 📱 Host name: contains the gadget model (for example, iPhone-14-Pro, Samsung-Galaxy-S22).
  • ⏱️ Connection time: matches your activity (for example, your smartphone connects in the morning and disconnects at night).
  • 🔄 MAC address: You can check it with the sticker on the device body or through its settings (for example, in Settings → About device on Android).

Signs of foreign devices:

  • 🤖 Strange names like android-5f3d8a or esp_123456 (possibly a neighbor's smart light bulb).
  • 🕒 Connecting at unusual times (for example, 2:00 a.m. when everyone is asleep).
  • 📡 MAC address starts with B8:27:EB (Raspberry Pi), DC:A6:32 (smart sockets) or other prefixes that are not typical for your gadgets.
How do I find out my device's MAC address?

On Android: Settings → About phone → General information → Wi-Fi MAC address.
On iOS: Settings → Wi-Fi → ⓘ next to the network → MAC address.
On Windows: run the command ipconfig /all V Command line and look for the line Physical address.
On macOS: System Preferences → Network → Advanced → Ethernet/Wi-Fi → MAC Address.

If you spot a suspicious device, don't rush to block it. It could be:

  • 💡 Smart technology (lamps Xiaomi Yeelight, robot vacuum cleaner Roborock).
  • 🎮 Game console (for example, PlayStation or Nintendo Switch neighbor, if the networks intersect).
  • 🖥️ A virtual machine or a second router in repeater mode.

3. How to block a device by MAC address: step-by-step instructions

MAC address blocking is the most secure method at the router level. Even if an attacker learns the Wi-Fi password, their device will be unable to connect. Instructions for different firmware versions:

For routers TP-Link:

  1. Go to Advanced → Security → Access Control.
  2. Turn on Access Control (switch to position ON).
  3. Select mode Blacklist (black list).
  4. Add the MAC address of the unwanted device manually or select from the list DHCP Clients List.
  5. Save settings (Save).

For routers ASUS:

  1. Open Wireless Network → MAC Filter.
  2. Select Enable MAC address filtering and regime Ban.
  3. Enter the MAC address in the format XX:XX:XX:XX:XX:XX (without dashes).
  4. Click Add And Apply.

For routers Keenetic:

  1. Go to List of devices.
  2. Find the suspicious device and click on it.
  3. Select Block Internet access or Block Wi-Fi connection.
  4. Confirm the action.

Make sure the MAC address is entered correctly (case is not important, but the characters must match)

Check that the device is really someone else's (compare it with your gadgets)

Save the changes and reboot the router to apply the rules.

Check that your devices have not lost network access.

-->

MAC addresses can be spoofed, so to be on the safe side, combine blocking with changing the Wi-Fi password and disabling the WPS function (it is vulnerable to hacking).

⚠️ Attention: Some firmware (for example, MikroTik RouterOS) require creating a separate firewall rule to block by MAC. If the device still connects after adding it to the blacklist, check the rule priority in IP → Firewall → Filter Rules.

4. Alternative blocking methods: changing the password and setting up a guest network

If MAC blocking doesn't work or you're unsure how secure it is, try these additional steps:

1. Change your Wi-Fi password

  • 🔐 Go to Wireless → Wireless Security (or similar section).
  • Select encryption type WPA2-PSK (or WPA3-PSK, if supported).
  • Create a password that is at least 12 characters long and includes numbers, letters, and special characters (e.g. WiFi_7#kL9!pQ2).
  • 📱 After changing the password, all devices will be disconnected and you will have to reconnect them.

2. Setting up a guest network

  • 🏠 Create a separate network for guests in Guest Network (or Guest network).
  • 🔒 Set a different password for it and limit the speed (optional) Bandwidth Control).
  • 🚫 Disable local network access (Enable AP Isolation) so that guests cannot see your devices.

3. Disabling WPS

  • 🔌 WPS is vulnerable to brute-force attacks. Disable it. Wireless → WPS (translate into Disabled).
  • 🛡️ If WPS is needed for smart devices (such as a printer), enable it only during setup, then disable it.

4. Hiding the network name (SSID)

  • 👁️ In Wireless → Basic Settings turn it off Enable SSID Broadcast.
  • ⚠️ This won't protect you from experienced hackers, but it will reduce the number of accidental connections.

5. Mobile Wi-Fi Monitoring Apps: Overview and Instructions

If accessing your router settings is inconvenient, use specialized apps. They display a list of connected devices, their activity, and even geolocation (for some router models).

Top 5 apps for Android and iOS:

ApplicationPlatformFunctionsPrice
FingAndroid, iOSNetwork scanner, device detection, port checkingFree ($29.99/year premium)
WiFi GuardAndroidMonitoring new devices, connection notificationsFor free
NetScaniOSLAN scanning, identifying manufacturers by MAC$4.99
TP-Link TetherAndroid, iOSManaging TP-Link routers and blocking devicesFor free
Keenetic NetFriendAndroid, iOSDevice control, parental controls, guest networkFor free

How to use Fing (universal option):

  1. Download the app from App Store or Google Play.
  2. Connect to your Wi-Fi network.
  3. Click Scan — after 10–20 seconds a list of devices will appear.
  4. Click on a suspicious device to see its MAC address, manufacturer, and open ports.
  5. If you need to block, copy the MAC and add it to the router's blacklist (as in Section 3).

WiFi Guard convenient for automatic monitoring:

  • 🔔 Set up notifications about new devices in Settings → Notifications.
  • 📊 Check your connection history in the section History.
  • 🔍 Use the function WhoIsto determine the manufacturer by MAC.
⚠️ Attention: Mobile apps only show devices that are active at the time of scanning. If the attacker is disconnected, they won't be listed. For complete control, combine the apps with your router settings.

6. Advanced methods: firewall, IP and VLAN restrictions

If standard methods don't help, try advanced settings. They require technical knowledge but provide maximum control.

1. IP blocking in the firewall

For example, in MikroTik:

/ip firewall filter add chain=forward src-address=192.168.88.100 action=drop comment="Block intruder" disabled=no

Where 192.168.88.100 — IP address of the unwanted device.

2. Time-Based Access

  • ⏰ In routers ASUS And TP-Link there is a function Time Scheduling.
  • 🕒 Set up Wi-Fi access only during certain hours (for example, from 8:00 AM to 11:00 PM).
  • 🚫 Outside this interval, the network will be inaccessible even with the correct password.

3. Separating the network into VLANs

  • 🌉 Create separate virtual networks for different types of devices (for example, VLAN 10 for smartphones, VLAN 20 for smart home).
  • 🔒 Configure firewall rules to prevent communication between VLANs.
  • 📡 VLAN support is required in the router (available in MikroTik, Ubiquiti, some models ASUS).

4. Using the range (for experienced users)

  • 📡 Reduce your Wi-Fi transmission power Wireless → Advanced Settings → Tx Power.
  • 🏠 This will reduce the coverage area, and neighbors will not be able to connect from a long distance.
  • ⚠️ Disadvantage: Your devices at the edge of the zone may also lose signal.
How to set up VLAN on an ASUS router?

1. Go to Local Network → Route.

2. Create a new VLAN with a unique ID (For example, 10).

3. Assign ports or SSIDs to this VLAN.

4. In Wireless network Create a separate access point assigned to a VLAN.

5. Set up a firewall in Firewall → Basic Rulesto prohibit traffic between VLANs.

7. What to do if nothing helps: extreme measures

If foreign devices continue to appear despite all efforts, it is possible:

  • 🔓 Your router is infected with malware (for example, VPNFilter or Mirai).
  • 🕵️ Someone has physically connected to your router (via WAN-port or button WPS).
  • 📡 Your Wi-Fi signal reaches too far and your neighbors are using directional antennas.

Actions in such cases:

  1. Reset your router to factory settings.

    Click the button Reset for 10-15 seconds. After reset Be sure to update your firmware to the latest version (chapter System Tools → Firmware Upgrade).

  2. Check your router for vulnerabilities.

    Use the service RouterSecurity.org or utility RouterPassView (for Windows) to find known vulnerabilities.

  3. Install alternative firmware.

    For example, OpenWRT or DD-WRT (supported by many routers) TP-Link, ASUS, Netgear). They give more control over security.

  4. Change your router.

    If the model is outdated (for example, TP-Link WR740N or D-Link DIR-300), its hacking is often a matter of time. Modern routers (for example, ASUS RT-AX88U or Keenetic Ultra) have better protection.

Signs of an infected router:

  • 🔄 Spontaneous reboots.
  • 📡 Unknown open ports (check via 2ip.ru/port-scan).
  • 💻 Changing DNS servers in the settings (for example, on 8.8.8.8 or 1.1.1.1 without your knowledge).
  • 📈 A sharp increase in outgoing traffic (check in Bandwidth Monitor).
⚠️ Attention: If the router is infected, changing the Wi-Fi password won't help—an attacker can still gain access through a backdoor. The only reliable solution is a firmware reset and update (or a replacement).

FAQ: Frequently Asked Questions about Wi-Fi Security

Is it possible to find out who exactly is using my Wi-Fi (name, address)?

No, you can only determine the device model and manufacturer using the MAC address or IP (for example, Apple or Samsung). To identify a person, you need to:

  1. File a complaint with the police (if it concerns traffic theft or a hacker attack).
  2. Use legal methods of signal triangulation (requires special equipment and permission).

In most cases, simply locking the device is enough.

Why does the device reappear online after being blocked by MAC?

Possible reasons:

  • The MAC address is spoofed (it can be changed in Android/iOS/Windows settings).
  • The router did not save the settings (check that you clicked Save/Apply).
  • The device connects via a different MAC (some gadgets have multiple network interfaces).

Solution: combine MAC blocking with other methods (changing the password, disabling WPS).

How to protect Wi-Fi from hacking 100%?

There is no absolute protection, but these measures will make it as difficult as possible for attackers:

  1. Use WPA3-PSK (or WPA2-PSK With AES encryption).
  2. Turn it off WPS, UPnP and remote access (Remote Management).
  3. Enable the firewall and disable it Ping from outside (ICMP).
  4. Update your router firmware regularly.
  5. Use VPN for critical devices (eg. ProtonVPN or NordVPN).
Is it possible to lock a device by name (eg "iPhone")?

No, blocking only works by MAC address or IP. The device name (hostname) is easily spoofed, so routers do not support filtering by this parameter. The exception is some enterprise solutions (e.g., Cisco Meraki), where you can create rules based on the name, but this requires additional software.

Is it true that my neighbors can hack my Wi-Fi in 5 minutes?

Depends on settings:

  • 🔴 If you have WEP encryption or password 12345678 - Yes, the hack will take seconds.
  • 🟡 If WPA2 with a simple password (for example, qwerty) - vulnerable to brute force attacks (may take hours).
  • 🟢 If WPA3 + complex password + disabled WPS - hacking is unlikely without physical access to the router.

Use services like WifiCrackerTest (not for hacking, but to test the strength of your password!).