Have you noticed your internet has slowed down, and unknown devices have appeared in the list of connected devices? Or just want to check if someone is using your Wi-Fi without permission? Identifying devices by IP address — is one of the most reliable ways to identify "hares" on your network. But how do you do it correctly, without breaking the law or risking the security of your own data?
In this article we will discuss 5 working methodsHow to find out who is connected to your Wi-Fi via IP: from viewing the list of devices in the router's admin panel to using specialized programs like WireShark or Advanced IP ScannerYou will also learn how to distinguish legitimate devices from others, what is MAC address And why replacing it doesn't guarantee anonymity. And finally, instructions on how to permanently block unwanted users.
Important: All methods described are legal if you check your own networkScanning other people's networks without the owner's permission may be considered a violation. Federal Law No. 149-FZ "On Information, Information Technologies, and Information Protection".
1. Checking connected devices via the router's web interface
The easiest and safest way is to go to your router settings. Most modern routers (TP-Link, ASUS, Keenetic, MikroTik) display a list of connected devices with their IP, MAC addresses and even names (if the gadget broadcasts them).
How to do it:
- 🔌 Connect to the router via cable or Wi-Fi (preferably from a device that is already online).
- 🌐 Enter the router's IP address in the browser's address bar. This is usually
192.168.0.1or192.168.1.1The exact address can be found on the sticker on the device body. - 🔑 Enter your login and password (by default it is often
admin/admin, but it’s better to use your own data). - 📊 Find the section with connected devices. Depending on your firmware version, it may be called:
- TP-Link:
DHCP → DHCP ClientsorWireless Mode → Wireless Mode Statistics - ASUS:
Network maporLocal Network → DHCP Server - Keenetic:
DevicesorLocal area network
- TP-Link:
In the table you will see:
| Field | What does it mean? | Example of meaning |
|---|---|---|
| Host Name | Device name (if it broadcasts one) | iPhone-12-Pro, DESKTOP-7X8V9P1 |
| IP Address | Local IP on your network | 192.168.0.103 |
| MAC Address | Unique physical address of the device | 00:1A:2B:3C:4D:5E |
| Connection Type | Connection type (Wi-Fi or cable) | Wireless / Ethernet |
⚠️ Attention: If the list contains devices with unknown MAC addresses or without names (Unknown,--), this may indicate an unauthorized connection. However, some legitimate devices (such as smart bulbs or cameras) may also appear without names.
2. Using the command line (Windows, macOS, Linux)
If you don't want to access your router settings or don't have access to them, you can scan the network using standard operating system tools. This method works on Windows 10/11, macOS And Linux.
For Windows:
- Open
Command line(Win + R→ entercmd→Enter). - Enter the command to view all devices on the local network:
arp -aIt will show a table of IP and MAC addresses mapping.
- To refresh the data (if the list is empty), run:
ping 192.168.0.255arp -a(replace
192.168.0.to your subnet).
For macOS/Linux:
- Open
Terminal. - Enter:
nmap -sn 192.168.0.0/24(replace
192.168.0.to your subnet). - Or use:
arp -n
The result will look like this:
? (192.168.0.101) at 00:1a:2b:3c:4d:5e [ether] on eth0? (192.168.0.102) at (incomplete) on eth0
? (192.168.0.103) at a1:b2:c3:d4:e5:f6 [ether] on eth0
⚠️ Attention: TeamsmacOS:arpAndnmapOnly devices that have recently communicated with your computer are shown. For a full network scan, it's best to use specialized programs (see the next section).
brew install nmap
Linux (Debian/Ubuntu): sudo apt install nmap
Windows: download from the official website nmap.org (check the "Add to PATH" box during installation).-->
3. Network scanning programs: Advanced IP Scanner, Angry IP Scanner, WireShark
Standard OS tools provide limited information. For a detailed analysis, it's better to use specialized software. Let's take a look. 3 popular utilities:
Advanced IP Scanner (Windows)
A free program with a simple interface. Shows:
- 🖥️ IP and MAC addresses all devices on the network;
- 🏷️ Hostnames (if available);
- 🔌 Network card manufacturer (by MAC);
- 🔒 Remote control capability (via RDP or HTTP).
How to use:
- Download and install the program from the official website.
- Start scanning (button
Scan). - Wait for it to complete (usually 1-2 minutes).
- Browse the list of devices. Unknown gadgets will be marked as
Unknown.
Angry IP Scanner (Windows/macOS/Linux)
A cross-platform, open-source utility. Supports:
- 🔍 Port scanning;
- 📡 Export results to
CSV/TXT; - 🔄 IP range settings.
WireShark (advanced traffic analysis)
If you need to not only see devices but also analyze their activity (for example, what sites they visit), use WireSharkThis is a professional tool that requires skills in working with network protocols.
⚠️ Attention: Usage WireShark It is illegal to intercept traffic on other people's networks. You can only analyze traffic on your own network. your own traffic (for example, to detect suspicious activity).
Check your MAC address using an online database (e.g. macvendors.com)
Compare with the MAC addresses of your gadgets
Try disabling it temporarily (via the router)
Block permanently if it is confirmed that this is a "hare"-->
4. How to determine the device manufacturer by MAC address
Every MAC address Contains information about the network card manufacturer. The first 3 bytes (6 characters) are the unique company identifier (OUI — Organizationally Unique Identifier). They can be used to determine which device is connected.
Examples:
- 📱
00:1A:79— Apple (iPhone, MacBook); - 💻
00:0C:29— VMware (virtual machines); - 📺
00:1E:58— Samsung (TVs, smartphones); - 🎮
00:1F:33— Sony (PlayStation).
How to find out the manufacturer:
- Copy the first 6 characters of the MAC address (eg.
00:1A:79). - Enter them on one of the sites:
Example of transcript:
| MAC address | Manufacturer | Possible device |
|---|---|---|
00:1A:79:XX:XX:XX |
Apple | iPhone, iPad, MacBook |
3C:5A:B4:XX:XX:XX |
Google Nest, Chromecast, Pixel | |
78:31:C1:XX:XX:XX |
Xiaomi | Smartphone, smart lamp, robot vacuum cleaner |
00:0C:29:XX:XX:XX |
VMware | Virtual machine |
If the MAC address starts with 02:00:00, 06:00:00, or 0A:00:00, it may be a locally administered address (easy to spoof). Such addresses are often used by hackers or MAC changing programs.
5. How to block an unknown device by IP or MAC
If you have identified a stray on your network, there are two ways to block it:
Method 1: Blocking by MAC address (recommended)
A MAC address is harder to forge than an IP address, so this method is more reliable.
Instructions for TP-Link:
- Log into your router's web interface.
- Go to
Wireless Mode → MAC Filter. - Select
Enable filtering. - Add the MAC address of the unwanted device to the blacklist.
- Save the settings.
For ASUS:
Local Area Network → Access Control.- Select
Blacklist. - Add MAC address and save.
Method 2: IP to MAC Binding (DHCP Reservation)
This method does not block the device, but prevents it from obtaining a new IP.
How to make on Keenetic:
Local Network → DHCP Server.- Find the section
IP to MAC Binding. - Add an entry with a MAC address and a fixed IP (eg.
192.168.0.254). - Block this IP in your firewall settings.
- 🔐 Complex Wi-Fi password: Use
WPA3(orWPA2-PSK(for older devices). The password must be at least 12 characters long, with a mixture of uppercase and lowercase letters, numbers, and symbols (!@#$%). Example:kL9#pQ2$mN1!. - 🔄 Changing your password regularly: Change it every 3-6 months.
- 📵 Disabling WPS: Protocol
WPSVulnerable to brute-force attacks. Disable it in your router settings. - 👤 Guest network: If you have frequent guests, create a separate network with limited access to local resources.
- 🔍 Connection monitoring: Install a device tracking app (eg. Fing for smartphones).
- Block incoming connections from the Internet (except for necessary ports).
- Turn it off
UPnP(simplifies attacks from outside). - Turn on
DoS protection(if available in firmware). - 🔹
192.168.x.x,10.x.x.x,172.16.x.x–172.31.x.x- This private IPs, used in many local area networks. - 🔹 If you are connected to a VPN or corporate network, such addresses may also be present there.
- 🔹 To accurately identify your network, check
Router IP(default gateway). - 🔹 In most OS (Windows, Linux, Android) the MAC address can be changed manually or using programs (Technitium MAC Address Changer).
- 🔹 Some routers allow you to clone your MAC address.
- 🔹 If the MAC address starts with 02:00:00, 06:00:00, or 0A:00:00, it is most likely fake.
- 🔹 Some malware connects to the network periodically (for example, to send data).
- 🔹 Smart devices (lamps, cameras) can "wake up" on a schedule.
- 🔹 To identify such devices, scan the network at different times of the day.
- 🔹 Many IoT devices (smart plugs, thermostats) do not broadcast their names.
- 🔹 Neighboring routers in mode
WDSorMeshcan be displayed as separate devices. - 🔹 Before blocking, check if the MAC address belongs to your smart home.
- 🔹 Devices with saved credentials will connect automatically.
- 🔹 Some routers cache devices even after changing the password.
- 🔹 To ensure that everyone is kicked out, reset your router to factory settings.
⚠️ Attention: IP blocking is less secure, as an attacker can change it manually or obtain a new one via DHCP. Always use MAC address for secure locking.
6. Additional security measures: how to prevent unauthorized access
Blocking "free riders" is a reaction to the problem. It's much more effective. prevent their appearance. Here 5 key measures:
For maximum security, please set up firewall router:
What to do if your router is hacked?
If you notice suspicious activity (for example, changes to your router settings without your permission), follow these steps:
1. Reset your router to factory settings (button Reset on the body).
2. Update the firmware to the latest version (protects against known vulnerabilities).
3. Change your admin panel login/password (do not use standard ones admin/admin).
4. Check your computers for viruses (malware can steal Wi-Fi data).
If the problem persists, consider purchasing a new router with support. WPA3 and built-in antivirus (for example, ASUS AiProtection).
7. Common Mistakes and Myths When Searching for Devices by IP
When trying to identify "free riders," many people make mistakes that lead to false conclusions. Let's take a look. 5 most common myths:
Myth 1: "If the IP starts with 192.168, it's definitely my router."
In fact:
Myth 2: "MAC addresses cannot be spoofed."
In fact:
Myth 3: "If a device is inactive, it can be ignored."
In fact:
Myth 4: "All unknown devices are hackers."
In fact:
Myth 5: "Changing your Wi-Fi password will remove all unwanted access."
In fact:
FAQ: Answers to Frequently Asked Questions
Is it possible to find out who exactly is using an IP address (name, address)?
No. By local IP (For example, 192.168.0.101) you can only identify a device on your network. To identify a person, you need to:
- Find MAC address devices.
- Try to contact him (for example, through
pingor specialized utilities like nmap). - If this is someone else’s device, block it (see section 5).
The owner's identity can only be determined through law enforcement agencies (if an offense has been committed).
Why does my router show up with multiple IP addresses in the device list?
This is normal. The router may have:
- 🔹
192.168.0.1— main IP for management; - 🔹
192.168.1.1- if you have several subnets; - 🔹 Additional IPs for guest network, VPN or
IPTV.
Also, some routers reserve IP addresses for their services (for example, ASUS uses 192.168.50.1 For AiMesh).
Is it possible to track a device by IP if it has already been turned off?
Yes, but with some reservations:
- 🔹 The router can save connection history (section
LogsorSystem log). - 🔹 If it is enabled on the router
DHCP server, he could give the device an IP, which would be stored in the cache (arp -ain Windows). - 🔹 Specialized programs (for example, WireShark) can store traffic logs.
However, if the device was connected a long time ago and the router was rebooted, the data could be erased.
How to protect yourself from programs that spoof MAC addresses?
If an attacker uses MAC spoofing, the following will help:
- 🔹 Filtering by multiple parameters: Block not only MAC, but also IP and hostname.
- 🔹 Turning on
802.1X(port authentication): requires login/password for each device (available on corporate routers). - 🔹 Disconnection
DHCP: Assign IP manually and block all others. - 🔹 Using VPN for a local network: All devices are connected through a secure tunnel.
On household routers, the most effective method is change your Wi-Fi password regularly and track new connections.
Is it legal to scan your network for other people's devices?
Yes, scanning own network legal if:
- 🔹 You own the router or have permission to administer the network.
- 🔹 You don't intercept other devices' traffic (such as passwords or personal data).
- 🔹 You do not use the information you receive to attack other people's devices.
The following are considered illegal:
- 🚫 Scanning other people's networks without permission.
- 🚫 Traffic interception (for example, through WireShark) for the purpose of data theft.
- 🚫 Connect to other people's devices (even if they are on your network).
In Russia, illegal access to computer information is punishable by Article 272 of the Criminal Code of the Russian Federation.