Have you noticed that your internet has become slower and your data is running out suspiciously quickly? Perhaps it's your Wi-Fi networks neighbors, guests, or even hackers have connected. According to research, More than 30% of home networks have at least one unauthorized connection, which not only steals traffic but also creates security risks for your data.
In this article you will find 7 proven methodsHow to identify unauthorized devices on your network—from viewing the list of connected devices in the router's web interface to using specialized apps. We'll also explain how to block unauthorized users and protect your network from repeated intrusions. These instructions are suitable for routers. TP-Link, ASUS, Keenetic, Zyxel and other popular brands.
1. Checking via the router's web interface
The most reliable way is to access your router's control panel. This doesn't require any additional software, just a browser and access to the device's settings.
First, open any browser (Chrome, Firefox, Edge) and enter your router's IP address in the address bar. This is usually 192.168.0.1 or 192.168.1.1, but may vary depending on the model. You can find the address on the sticker on the back of the device or in the instructions. After entering the IP, an authorization window will appear - use the login and password (by default, it is often admin/admin or admin/password).
- 🔍 Find the section
DHCP,Local area networkorWireless mode(the name depends on the router model). - 📋 Look for tabs like
Client list,Connected devicesorWireless Clients. - 🔄 Refresh the page to see current connections—some routers only show active devices.
The table will display all gadgets connected to your network: IP addresses, MAC addresses, hostnames (if recognized), and connection type (cable or Wi-Fi). Compare this list with your devices. Unknown MAC addresses or strange names (e.g., android_123456) should be a warning sign.
⚠️ Attention: If you have never changed the password for your router admin panel, do it immediately! Standard combinations like admin/admin are known to hackers and allow them to gain complete control over your network.
2. Using mobile applications
If accessing your router settings is inconvenient, use specialized smartphone apps. They scan your network and display all connected devices in a convenient view.
Popular apps for Android And iOS:
- 📱 Fing — identifies devices, their manufacturers (by MAC address), and even network vulnerabilities. A free version with basic functionality is available.
- 🛡️ NetCut — not only shows connected gadgets, but also allows you to block them (requires root rights on Android).
- 🔍 WiFi Guard — compares current connections with a "white list" of your devices and signals new ones.
- 📊 IP Tools — a multifunctional tool with a network scanner, ping test and traceroute.
How to use such applications:
- Install the application from the official store (Google Play or App Store).
- Connect to your Wi-Fi network.
- Start the scan - this is usually a button
ScanorNetwork analysis. - Review the list of devices. Apps often show the manufacturer (for example, Apple, Samsung, Xiaomi), which helps identify other people's gadgets.
⚠️ Note: Some applications (eg. NetCut) can block devices on the network, but this requires superuser rights (root) on Android. Using such tools incorrectly can disrupt your network.
Write down its MAC address|Check if a guest has connected with your permission|Try disconnecting the device through the router|Change the Wi-Fi password|Enable MAC address filtering-->
3. MAC Address Analysis: How to Identify a Fake Device
MAC address (Media Access Control) is a unique identifier for a network device assigned during manufacturing. The first six characters of the MAC address can be used to identify the device's manufacturer. For example:
00:1A:79— Samsung3C:5A:B4— Google (devices Nest, Pixel)B8:27:EB— Raspberry Pi78:31:C1— Apple (iPhone, MacBook)
To find out the manufacturer by MAC address, use online services like MAC Vendor Lookup or Wireshark OUI Lookup. Just enter the first 6 characters of the address (e.g. 00:1A:79), and the service will show the brand.
| MAC prefix | Manufacturer | Typical devices |
|---|---|---|
00:0D:4B |
MSI | Laptops, motherboards |
00:1E:68 |
Cisco | Routers, switches |
28:CF:DA |
Apple | iPhone, iPad, MacBook |
74:23:44 |
Xiaomi | Smartphones, smart devices |
B0:48:7A |
TP-Link | Routers, signal repeaters |
If in the list of connected devices you see a MAC address with a prefix that does not match your gadgets (for example, Cisco(If you don't have equipment from that brand), this is a sure sign of a foreign connection. You should also be wary if:
- 🔄 The device appears online at unusual times (for example, at night).
- 📥 It consumes a lot of traffic (you can check it in the router settings or through applications like GlassWire).
- 🔌 Connects via cable, even though you don't have any wired devices.
4. View active connections on your computer
If you have a PC or laptop with Windows, macOS or Linux, you can view active connections on the network without accessing the router. This method is less reliable (it only shows devices in your network segment), but it can be useful as an additional check.
For Windows:
- Open
Command line(Win + R→ entercmd→Enter). - Enter the command:
arp -aAll IP addresses and corresponding MAC addresses on the local network will be displayed.
- To see active connections, use:
net viewor
nbtstat -a [IP address]
For macOS/Linux:
- Open
Terminal. - Enter the command to scan the network:
nmap -sn 192.168.1.0/24(replace
192.168.1.0/24to your router's subnet, if it's different). - To view the ARP table:
arp -a
These commands will show all devices your computer has recently interacted with. Compare the list with your devices. Unknown IP and MAC addresses may indicate unauthorized connections.
⚠️ Attention: TeamsnmapAndarprequire administrator rights. On corporate networks, such scanning may be prohibited by security policy.
5. Traffic monitoring: who is using your internet?
If someone else's device appears on the network, it's likely consuming bandwidth. You can track bandwidth-hungry users using:
- 📊 Built-in router tools (section
Statistics,TrafficorBandwidth Control). - 🖥️ PC programs: GlassWire, NetBalancer, Wireshark (for experienced users).
- 📱 Mobile apps: Fing, Network Analyzer.
For example, in routers ASUS there is a tab Traffic Analyzer, which shows how much data each device is consuming. If a particular device is downloading gigabytes in the background (for example, 10 GB per hour), this is a reason to be wary.
In the program GlassWire (For Windows) you can see not only the overall traffic but also which specific applications are consuming it. If unknown processes or suspicious connections to external servers appear in the list, this may indicate hacker activity.
How to enable traffic monitoring on a TP-Link router
1. Go to the router's web interface (usually 192.168.0.1).
2. Go to Advanced → Statistics → Traffic Statistics.
3. Enable the option Enable Traffic Statistics and press Save.
4. After 10–15 minutes, check the report – it will contain data for each device.
6. Blocking third-party devices
Found someone else's device? It's time to disable it. Here 3 reliable ways:
Method 1: Filtering by MAC address
- Go to your router settings.
- Find the section
MAC FilterorMAC address filtering(usually inWireless Mode → Security Settings). - Add the MAC addresses of your devices to the whitelist (allow only them to connect).
- Save the settings and reboot the router.
Method 2: Blocking via client list
In some routers (for example, Keenetic) you can click on the unknown device directly in the list of connected devices and select Block or Disconnect.
Method 3: Change your Wi-Fi password
The most radical, but effective method:
- Go to
Wi-Fi settingsorWireless Settings. - Change it
Network password(use a complex combination of letters, numbers and symbols). - Save the changes - all devices will be disconnected and will only be able to connect with the new password.
⚠️ Note: After changing your password, you'll have to reconnect all your devices. Prepare a list of devices in advance to avoid forgetting anything.
7. How to protect your network from repeated intrusions
To prevent anyone from connecting to your network without permission, follow these guidelines:
- 🔐 Use WPA3 (or at least WPA2-PSK) instead of the outdated one WEP or WPAIn the router settings, select
Security type: WPA2/WPA3-Personal. - 🔄 Update your router firmware regularly—manufacturers patch vulnerabilities in new versions.
- 📵 Turn off
WPS(Wi-Fi Protected Setup) - this protocol is vulnerable to brute-force attacks. - 👥 Create
guest networkfor friends - it will be isolated from your main network. - 🔍 Turn on
Firewallin the router settings (usually in the sectionSecurityorProtection).
It is also worth disabling remote control of the router (option Remote Management) if you don't use it. This will prevent external access to the settings.
If your router supports IEEE 802.11w (protection against attacks like Evil Twin), enable this option. This prevents connections to fake access points masquerading as your network.
FAQ: Frequently Asked Questions about Wi-Fi Security
Is it possible to find out who exactly connected to my Wi-Fi (name, address)?
No, a MAC address or IP address can only identify the device model and manufacturer. It's impossible to identify a user without involving law enforcement and the ISP. If you suspect data theft, contact the police with evidence (router logs).
What should I do if someone else's device reappears after being blocked?
This means the hacker has either cracked your password or spoofed your MAC address. Here's what to do:
- Change your Wi-Fi password to a more complex one (at least 12 characters, with numbers and special characters).
- Enable MAC address filtering and add only your devices to the list.
- Update your router firmware to the latest version.
- If the problem persists, reset your router to factory settings and set it up again.
Can my neighbor connect to my network if I hide the SSID?
Hide network name (optional) Hide SSID) does not protect against connection. An experienced user can find your network using scanners (for example, Wigle WiFi) and connect manually. This only makes it more difficult for random users to connect, but it doesn't stop attackers.
How can I check if my router has been hacked?
Signs of a hacked router:
- Unknown devices in the list of connected devices.
- Changed settings (e.g. different DNS server).
- Advertising or redirects to strange sites.
- The router is slow or overheating.
If you notice any of this, reset the router to factory settings (button Reset on the back panel) and set it up again with a new password.
Is it possible to track the location of a device connected to my network?
At home, no. Location can only be determined approximately (for example, if the device is connected via a cable, it is within the cable's radius). Precise tracking requires specialized tools and access to mobile operator data, which only law enforcement agencies can legally do.