When the internet starts to slow down, pages take forever to load, and speeds drop even with a good plan, it often raises suspicion. The first thought that comes to mind is: has someone else connected to my wireless network? It could be a rogue neighbor who simply password-protected their router and is using your traffic, or more serious attackers using your connection for illegal activities.
Fortunately, to carry out a full network diagnostics You don't necessarily need a laptop with a cable connection. Modern smartphones offer powerful tools and access to router settings, allowing you to identify all "guests" in minutes. In this article, we'll take a detailed look at methods for detecting uninvited users and ways to protect your home network.
Before you panic and change complex settings, it's best to rule out technical glitches. Sometimes router It's simply overheating or accumulating errors in the memory module. However, if you notice the wireless network (WLAN) indicator blinking actively when all your devices are in sleep mode or turned off, this is a sure sign of extraneous activity.
Direct check via the router's admin panel
The most reliable and accurate way to find out who's using your WiFi is to delve into the "brain" of your network—your router's web interface. You don't need a computer for this; a browser on your smartphone (Chrome, Safari, or Yandex) is sufficient. It's important that your phone is connected to the network you're checking, otherwise access to settings may be restricted.
You need to enter the gateway IP address in the browser's address bar. Most often, this is 192.168.0.1 or 192.168.1.1If you don't know the exact address, you can find it in your phone's Wi-Fi settings: tap the information icon (gear or letter "i") next to your network name and look for the "Gateway" or "Router" line.
After entering the address, the system will ask for a login and password. By default, these are often combinations admin/admin or admin/password, if you haven't changed them before. Once inside, look for a section with names like "Wireless," "Status," "Client List," or "DHCP Server."
This section displays a table of all devices currently connected or leased to an IP address. You'll see MAC addresses and sometimes device names. Your task is to match them to your existing equipment.
⚠️ Warning: If the default password for the router's admin panel has not been changed from the factory default, anyone connected to your WiFi can access the settings and block your access or reconfigure the network.
Analyzing the list of connected devices
When you open the client list, you'll see a series of lines with MAC addresses and possibly device names (Hostname). The names can be descriptive, such as Ivan-iPhone or Laptop-Asus, but they often appear as a jumble of letters and numbers or simply as "Unknown." How can you tell your TV from someone else's smartphone?
The first step is to make a complete list of your devices. Think about all the gadgets you have in your home: phones, tablets, smart plugs, consoles, Smart TVs. Disable WiFi on all but one device and see which one remains active in the list. You can mark its MAC address as "your own."
The MAC address consists of 12 characters (numbers and Latin letters). The first 6 characters (for example, A4:C3:F0) are called the OUI prefix and indicate the device's manufacturer. Knowing the manufacturer makes it easier to understand what kind of gadget it is. For example, if you don't have an Apple device, but a device with the Apple prefix appears in the list, this is cause for concern.
Also, pay attention to the number of connections. If you only have two smartphones and one laptop in your home, but the list shows 15 active clients, the problem is clearly not a router glitch. Some modern routers automatically mark new devices as "Unknown," making it easier to find.
Using mobile scanner apps
If logging into the web interface seems too complicated or your router's interface doesn't display clear information, specialized apps can help. They automatically scan your network, identify manufacturers by MAC addresses, and display the connection speed of each device.
One of the most popular and functional tools is the application FingIt's available for both Android and iOS. Once the scan starts, the program displays a list of all devices on the network, including their IP addresses, manufacturers, and open ports. This allows you to quickly identify anomalies.
Other useful utilities such as Wi-Fi Analyzer or Network Scanner, also provide detailed information. They can show not only who is connected but also how busy the channel is, which indirectly affects speed. However, client scanners are better suited for checking "neighbors."
Why might the app not see some devices?
Some smart devices (light bulbs, sensors) may go into sleep mode and not respond to scanner requests during scanning. Also, routers with AP Isolation can hide devices from each other even though they are connected to the network.
It's important to understand that such apps operate at the level of your local network. They can't penetrate your router's security unless you're logged in, but they do a great job of collecting the public data the router sends to all connected clients.
Decoding MAC addresses and device names
The hardest part of diagnosis is figuring out what a mysterious name like android-d9f20a1b or EspressifLet's look at the key features that will help you identify devices without guesswork.
Name Espressif or esp_... Almost always refers to ESP8266 or ESP32 microcontrollers. These are the "heart" of most inexpensive smart light bulbs, outlets, temperature sensors, and other IoT devices. If you've purchased a smart home, these devices should be on your list.
Devices with names starting with Direct- or Print-, are often printers or Wi-Fi Direct features that may be active even if printing isn't happening. Windows computers may show up as DESKTOP-XXXXX, and Apple devices - by the owner's name specified when setting up the iPhone or Mac.
For precise identification, use online OUI (Organizationally Unique Identifier) databases. By entering the first six characters of the MAC address in the search, you'll get the manufacturer's name. This will help you filter out unnecessary information: if the manufacturer Huawei, and you only have a router Keenetic and telephone Samsung, then Huawei is an outsider.
Signs of hidden mining and botnets
The worst-case scenario is when someone connects to your WiFi not just for free internet, but to set up botnets or mine cryptocurrency. In this case, a single infected device can create a workload comparable to that of a dozen active users.
The main sign of such activity is abnormally high traffic at night or when no one is home. If your router's lights are flashing wildly and your internet speed drops to zero, even though no one is watching 4K videos, it's time to sound the alarm. Attackers could be using your network to send spam or launch DDoS attacks, and your ISP will be held responsible.
An indirect sign could be router overheating. If the device is hot to the touch, even though the load is minimal, its processor may be busy processing someone else's data. Also, pay attention to any strange behavior on your own devices: pop-up ads in the browser, unknown processes—all of these could indicate that someone has gained access not only to your WiFi, but also to your local network.
The table below shows comparative characteristics of normal load and signs of burglary:
| Parameter | Normal operation | Signs of outside interference |
|---|---|---|
| WLAN indicator | Flashes intermittently when in use | Lights up constantly or flashes very frequently when idle |
| Internet speed | Stable, corresponds to the tariff | Sharp drops, ping jumps to 1000+ ms |
| Router temperature | Warm | Very hot, even without load |
| Client list | Famous devices | Unknown MAC addresses, fake manufacturers |
How to block uninvited guests
If you discover someone else's device, you need to act quickly and decisively. The simplest, but temporary, solution is to change the WiFi network password. After changing the password, all devices will be disconnected, and you'll have to reconnect yours. This is guaranteed to kick out the "neighbor," but if the password was stolen through a virus on one of your PCs, the situation could repeat itself.
A more effective method is MAC address filtering (Blacklist/Whitelist). In the router settings (Wireless MAC Filtering section), you can add the intruder's MAC address to the blacklist. The router will then ignore any connection attempts from that address, even if the attacker has the correct password.
The most reliable, but labor-intensive method is to enable the whitelist (Allow List). In this mode, only only Devices whose MAC addresses are added to the allowed list are allowed. All others, even with the password, will be unable to connect. The downside is that every time you buy a new gadget or have guests over, you'll have to manually enter their addresses into the router settings.
☑️ What to do when detecting an intruder
⚠️ Note: Router interfaces (Keenetic, TP-Link, Asus, MikroTik) are constantly being updated. The menu location may differ from the one described. If you can't find the option you need, refer to the manufacturer's manual for your model or look for screenshots specific to your firmware version.
Prevention and strengthening of network security
Once you've kicked out the uninvited guests, it's important to close the door to prevent them from returning. First, turn off the feature. WPS (Wi-Fi Protected Setup). This technology allows you to connect to a network by pressing a button or using a PIN code, but it is extremely vulnerable to brute-force attacks. In modern routers, WPS is often enabled by default.
Make sure you're using a modern encryption standard. In the wireless network settings (Wireless Security), select the mode WPA2-PSK (AES) or, if your devices support it, WPA3WEP or WPA/TKIP modes are considered obsolete and can be easily cracked with special programs in a few minutes.
It's also a good idea to disable remote management of the router from the external network (WAN). This will prevent attempts to hack the admin panel from the ISP or the internet. Restrict access to settings to the LAN/WLAN interfaces.
Don't forget to change the password for your router's admin panel. Factory default passwords are admin/admin are known to all hackers and scanning scripts. Make this password unique and complex, different from the WiFi password itself.
Frequently Asked Questions (FAQ)
Can my neighbor see what websites I visit if he is connected to my WiFi?
If the connection isn't secured by additional protocols, this is theoretically possible. However, most modern websites use the protocol HTTPS, which encrypts the contents of the pages. The neighbor will only be able to see the domain name (for example, youtube.com), but not specific videos or search history. For complete anonymity, use a VPN.
Will my internet speed decrease if one other device connects to my WiFi?
Yes, your speed will decrease because the WiFi channel is shared among all connected clients. If your neighbor starts watching 4K videos or downloading large files, your speed could drop to practically zero, especially on the 2.4 GHz frequency, where channels are narrow and prone to interference.
Is it safe to use WiFi finder apps (WiFi Map and similar)?
Using such apps carries risks. They often operate on a data-sharing principle: you gain access to password databases, but the app may broadcast your location and network information publicly. Be careful and check the permissions you grant to such apps.
What should I do if I can't access my router settings to change the password?
If you don’t remember the password for the admin panel, you will have to reset the router to factory settings (button Reset (On the case, hold it for 10-15 seconds.) After this, the router will return to the factory login and password (indicated on the sticker), but you will have to reconfigure the internet and network name.