How to Find Out Who's Connected to My Wi-Fi by IP Address: A Complete Guide

Have you noticed your internet has slowed down, and unknown devices have appeared in the list of connected devices? Or just want to check if someone is using your Wi-Fi without permission? Identifying devices by IP address — is one of the most reliable ways to identify "hares" on your network. But how do you do it correctly, without breaking the law or risking the security of your own data?

In this article we will discuss 5 working methodsHow to find out who is connected to your Wi-Fi via IP: from viewing the list of devices in the router's admin panel to using specialized programs like WireShark or Advanced IP ScannerYou will also learn how to distinguish legitimate devices from others, what is MAC address And why replacing it doesn't guarantee anonymity. And finally, instructions on how to permanently block unwanted users.

Important: All methods described are legal if you check your own networkScanning other people's networks without the owner's permission may be considered a violation. Federal Law No. 149-FZ "On Information, Information Technologies, and Information Protection".

1. Checking connected devices via the router's web interface

The easiest and safest way is to go to your router settings. Most modern routers (TP-Link, ASUS, Keenetic, MikroTik) display a list of connected devices with their IP, MAC addresses and even names (if the gadget broadcasts them).

How to do it:

  • 🔌 Connect to the router via cable or Wi-Fi (preferably from a device that is already online).
  • 🌐 Enter the router's IP address in the browser's address bar. This is usually 192.168.0.1 or 192.168.1.1The exact address can be found on the sticker on the device body.
  • 🔑 Enter your login and password (by default it is often admin/admin, but it’s better to use your own data).
  • 📊 Find the section with connected devices. Depending on your firmware version, it may be called:
    • TP-Link: DHCP → DHCP Clients or Wireless Mode → Wireless Mode Statistics
    • ASUS: Network map or Local Network → DHCP Server
    • Keenetic: Devices or Local area network

In the table you will see:

Field What does it mean? Example of meaning
Host Name Device name (if it broadcasts one) iPhone-12-Pro, DESKTOP-7X8V9P1
IP Address Local IP on your network 192.168.0.103
MAC Address Unique physical address of the device 00:1A:2B:3C:4D:5E
Connection Type Connection type (Wi-Fi or cable) Wireless / Ethernet
⚠️ Attention: If the list contains devices with unknown MAC addresses or without names (Unknown, --), this may indicate an unauthorized connection. However, some legitimate devices (such as smart bulbs or cameras) may also appear without names.
📊 What kind of router do you have?
TP-Link
ASUS
Keenetic
MikroTik
D-Link
Another

2. Using the command line (Windows, macOS, Linux)

If you don't want to access your router settings or don't have access to them, you can scan the network using standard operating system tools. This method works on Windows 10/11, macOS And Linux.

For Windows:

  1. Open Command line (Win + R → enter cmdEnter).
  2. Enter the command to view all devices on the local network:
    arp -a

    It will show a table of IP and MAC addresses mapping.

  3. To refresh the data (if the list is empty), run:
    ping 192.168.0.255
    

    arp -a

    (replace 192.168.0. to your subnet).

For macOS/Linux:

  1. Open Terminal.
  2. Enter:
    nmap -sn 192.168.0.0/24

    (replace 192.168.0. to your subnet).

  3. Or use:
    arp -n

The result will look like this:

? (192.168.0.101) at 00:1a:2b:3c:4d:5e [ether] on eth0

? (192.168.0.102) at (incomplete) on eth0

? (192.168.0.103) at a1:b2:c3:d4:e5:f6 [ether] on eth0

⚠️ Attention: Teams arp And nmap Only devices that have recently communicated with your computer are shown. For a full network scan, it's best to use specialized programs (see the next section).
macOS: brew install nmap Linux (Debian/Ubuntu): sudo apt install nmap Windows: download from the official website nmap.org (check the "Add to PATH" box during installation).-->

3. Network scanning programs: Advanced IP Scanner, Angry IP Scanner, WireShark

Standard OS tools provide limited information. For a detailed analysis, it's better to use specialized software. Let's take a look. 3 popular utilities:

Advanced IP Scanner (Windows)

A free program with a simple interface. Shows:

  • 🖥️ IP and MAC addresses all devices on the network;
  • 🏷️ Hostnames (if available);
  • 🔌 Network card manufacturer (by MAC);
  • 🔒 Remote control capability (via RDP or HTTP).

How to use:

  1. Download and install the program from the official website.
  2. Start scanning (button Scan).
  3. Wait for it to complete (usually 1-2 minutes).
  4. Browse the list of devices. Unknown gadgets will be marked as Unknown.

Angry IP Scanner (Windows/macOS/Linux)

A cross-platform, open-source utility. Supports:

  • 🔍 Port scanning;
  • 📡 Export results to CSV/TXT;
  • 🔄 IP range settings.

WireShark (advanced traffic analysis)

If you need to not only see devices but also analyze their activity (for example, what sites they visit), use WireSharkThis is a professional tool that requires skills in working with network protocols.

⚠️ Attention: Usage WireShark It is illegal to intercept traffic on other people's networks. You can only analyze traffic on your own network. your own traffic (for example, to detect suspicious activity).

Check your MAC address using an online database (e.g. macvendors.com)

Compare with the MAC addresses of your gadgets

Try disabling it temporarily (via the router)

Block permanently if it is confirmed that this is a "hare"-->

4. How to determine the device manufacturer by MAC address

Every MAC address Contains information about the network card manufacturer. The first 3 bytes (6 characters) are the unique company identifier (OUI — Organizationally Unique Identifier). They can be used to determine which device is connected.

Examples:

  • 📱 00:1A:79Apple (iPhone, MacBook);
  • 💻 00:0C:29VMware (virtual machines);
  • 📺 00:1E:58Samsung (TVs, smartphones);
  • 🎮 00:1F:33Sony (PlayStation).

How to find out the manufacturer:

  1. Copy the first 6 characters of the MAC address (eg. 00:1A:79).
  2. Enter them on one of the sites:
  • Get the name of the manufacturing company.
  • Example of transcript:

    MAC address Manufacturer Possible device
    00:1A:79:XX:XX:XX Apple iPhone, iPad, MacBook
    3C:5A:B4:XX:XX:XX Google Google Nest, Chromecast, Pixel
    78:31:C1:XX:XX:XX Xiaomi Smartphone, smart lamp, robot vacuum cleaner
    00:0C:29:XX:XX:XX VMware Virtual machine

    If the MAC address starts with 02:00:00, 06:00:00, or 0A:00:00, it may be a locally administered address (easy to spoof). Such addresses are often used by hackers or MAC changing programs.

    5. How to block an unknown device by IP or MAC

    If you have identified a stray on your network, there are two ways to block it:

    Method 1: Blocking by MAC address (recommended)

    A MAC address is harder to forge than an IP address, so this method is more reliable.

    Instructions for TP-Link:

    1. Log into your router's web interface.
    2. Go to Wireless Mode → MAC Filter.
    3. Select Enable filtering.
    4. Add the MAC address of the unwanted device to the blacklist.
    5. Save the settings.

    For ASUS:

    1. Local Area Network → Access Control.
    2. Select Blacklist.
    3. Add MAC address and save.

    Method 2: IP to MAC Binding (DHCP Reservation)

    This method does not block the device, but prevents it from obtaining a new IP.

    How to make on Keenetic:

    1. Local Network → DHCP Server.
    2. Find the section IP to MAC Binding.
    3. Add an entry with a MAC address and a fixed IP (eg. 192.168.0.254).
    4. Block this IP in your firewall settings.
    5. ⚠️ Attention: IP blocking is less secure, as an attacker can change it manually or obtain a new one via DHCP. Always use MAC address for secure locking.

      6. Additional security measures: how to prevent unauthorized access

      Blocking "free riders" is a reaction to the problem. It's much more effective. prevent their appearance. Here 5 key measures:

      • 🔐 Complex Wi-Fi password: Use WPA3 (or WPA2-PSK (for older devices). The password must be at least 12 characters long, with a mixture of uppercase and lowercase letters, numbers, and symbols (!@#$%). Example: kL9#pQ2$mN1!.
      • 🔄 Changing your password regularly: Change it every 3-6 months.
      • 📵 Disabling WPS: Protocol WPS Vulnerable to brute-force attacks. Disable it in your router settings.
      • 👤 Guest network: If you have frequent guests, create a separate network with limited access to local resources.
      • 🔍 Connection monitoring: Install a device tracking app (eg. Fing for smartphones).

      For maximum security, please set up firewall router:

      • Block incoming connections from the Internet (except for necessary ports).
      • Turn it off UPnP (simplifies attacks from outside).
      • Turn on DoS protection (if available in firmware).
      What to do if your router is hacked?

      If you notice suspicious activity (for example, changes to your router settings without your permission), follow these steps:

      1. Reset your router to factory settings (button Reset on the body).

      2. Update the firmware to the latest version (protects against known vulnerabilities).

      3. Change your admin panel login/password (do not use standard ones admin/admin).

      4. Check your computers for viruses (malware can steal Wi-Fi data).

      If the problem persists, consider purchasing a new router with support. WPA3 and built-in antivirus (for example, ASUS AiProtection).

      7. Common Mistakes and Myths When Searching for Devices by IP

      When trying to identify "free riders," many people make mistakes that lead to false conclusions. Let's take a look. 5 most common myths:

      Myth 1: "If the IP starts with 192.168, it's definitely my router."

      In fact:

      • 🔹 192.168.x.x, 10.x.x.x, 172.16.x.x–172.31.x.x - This private IPs, used in many local area networks.
      • 🔹 If you are connected to a VPN or corporate network, such addresses may also be present there.
      • 🔹 To accurately identify your network, check Router IP (default gateway).

      Myth 2: "MAC addresses cannot be spoofed."

      In fact:

      • 🔹 In most OS (Windows, Linux, Android) the MAC address can be changed manually or using programs (Technitium MAC Address Changer).
      • 🔹 Some routers allow you to clone your MAC address.
      • 🔹 If the MAC address starts with 02:00:00, 06:00:00, or 0A:00:00, it is most likely fake.

      Myth 3: "If a device is inactive, it can be ignored."

      In fact:

      • 🔹 Some malware connects to the network periodically (for example, to send data).
      • 🔹 Smart devices (lamps, cameras) can "wake up" on a schedule.
      • 🔹 To identify such devices, scan the network at different times of the day.

      Myth 4: "All unknown devices are hackers."

      In fact:

      • 🔹 Many IoT devices (smart plugs, thermostats) do not broadcast their names.
      • 🔹 Neighboring routers in mode WDS or Mesh can be displayed as separate devices.
      • 🔹 Before blocking, check if the MAC address belongs to your smart home.

      Myth 5: "Changing your Wi-Fi password will remove all unwanted access."

      In fact:

      • 🔹 Devices with saved credentials will connect automatically.
      • 🔹 Some routers cache devices even after changing the password.
      • 🔹 To ensure that everyone is kicked out, reset your router to factory settings.

    FAQ: Answers to Frequently Asked Questions

    Is it possible to find out who exactly is using an IP address (name, address)?

    No. By local IP (For example, 192.168.0.101) you can only identify a device on your network. To identify a person, you need to:

    1. Find MAC address devices.
    2. Try to contact him (for example, through ping or specialized utilities like nmap).
    3. If this is someone else’s device, block it (see section 5).

    The owner's identity can only be determined through law enforcement agencies (if an offense has been committed).

    Why does my router show up with multiple IP addresses in the device list?

    This is normal. The router may have:

    • 🔹 192.168.0.1 — main IP for management;
    • 🔹 192.168.1.1 - if you have several subnets;
    • 🔹 Additional IPs for guest network, VPN or IPTV.

    Also, some routers reserve IP addresses for their services (for example, ASUS uses 192.168.50.1 For AiMesh).

    Is it possible to track a device by IP if it has already been turned off?

    Yes, but with some reservations:

    • 🔹 The router can save connection history (section Logs or System log).
    • 🔹 If it is enabled on the router DHCP server, he could give the device an IP, which would be stored in the cache (arp -a in Windows).
    • 🔹 Specialized programs (for example, WireShark) can store traffic logs.

    However, if the device was connected a long time ago and the router was rebooted, the data could be erased.

    How to protect yourself from programs that spoof MAC addresses?

    If an attacker uses MAC spoofing, the following will help:

    • 🔹 Filtering by multiple parameters: Block not only MAC, but also IP and hostname.
    • 🔹 Turning on 802.1X (port authentication): requires login/password for each device (available on corporate routers).
    • 🔹 Disconnection DHCP: Assign IP manually and block all others.
    • 🔹 Using VPN for a local network: All devices are connected through a secure tunnel.

    On household routers, the most effective method is change your Wi-Fi password regularly and track new connections.

    Is it legal to scan your network for other people's devices?

    Yes, scanning own network legal if:

    • 🔹 You own the router or have permission to administer the network.
    • 🔹 You don't intercept other devices' traffic (such as passwords or personal data).
    • 🔹 You do not use the information you receive to attack other people's devices.

    The following are considered illegal:

    • 🚫 Scanning other people's networks without permission.
    • 🚫 Traffic interception (for example, through WireShark) for the purpose of data theft.
    • 🚫 Connect to other people's devices (even if they are on your network).

    In Russia, illegal access to computer information is punishable by Article 272 of the Criminal Code of the Russian Federation.