Have you noticed your internet has slowed down even though you haven't changed your plan? Or is your router flickering more frequently than usual, as if it's transmitting data idly? Perhaps unauthorized devices have connected to your Wi-Fi network—neighbors, guests who forgot to disconnect, or even hackers exploiting vulnerabilities in your old password. In 2026, when the number of smart gadgets in homes is growing exponentially, manually monitoring all connections is virtually impossible.
Fortunately, there are specialized programs - network scanners, which show a complete list of devices on your local network, their IP addresses, MAC addresses, manufacturers, and even the bandwidth they consume. In this article, we'll discuss how they work and which tools are best to use. Windows And Linux, and what to do if you detect a suspicious connection. And also, why standard router tools are often insufficient for a complete analysis.
Why default router settings don't always help
Most users access the router's web interface (usually at 192.168.0.1 or 192.168.1.1) and look at the list of connected devices in the section DHCP Clients or Connected DevicesHowever, this method has critical drawbacks:
- 🔍 Incomplete data: The router only shows devices that are actively exchanging packets. If an attacker is connected but not transmitting data, they may not be listed.
- ⏳ Update delay: the list is updated every few minutes, while the scanner shows current connections in real time.
- 📵 No information about the manufacturer: Without a MAC address, it is difficult to distinguish a legitimate device (for example, Xiaomi Mi Band) from the fake.
In addition, many budget routers (for example, models TP-Link Archer C50 or D-Link DIR-615) limit the number of devices displayed to 10–15, making monitoring useless in homes with a large number of gadgets. Network scanners do not have these limitations.
Top 5 Network Scanners for Windows (2026)
For the operating system Windows 10/11 There are many utilities available, but we've selected those that combine functionality, simplicity, and security. All programs on the list support Russian and don't require extensive networking knowledge.
| Program | Type | Key Features | Cons |
|---|---|---|---|
| Advanced IP Scanner | Free | MAC address scanning, manufacturer detection, remote PC shutdown, Radmin integration | Ads in the free version, no traffic chart |
| Wireshark | Free | Deep packet inspection, protocol filters, support VoIP |
Complex interface, requires skills |
| Angry IP Scanner | Free | Cross-platform, export to CSV/JSON, plugins for advanced scanning |
Slow scanning of large networks |
| SoftPerfect Network Scanner | Shareware | Port scanning, vulnerability detection, report generation | Limit of 10 scans per day in the free version |
| GlassWire | Paid | Real-time traffic monitoring, blocking of suspicious devices, notifications | Paid license (~$40), high CPU load |
Important: Programs like Advanced IP Scanner or Angry IP Scanner They don't require installation—they can be run from a flash drive, which is convenient for checking other people's networks (for example, in an office or at a relative's).
How to Use a Network Scanner: A Step-by-Step Guide
Let's look at the process using an example Advanced IP Scanner — one of the most popular utilities. The instructions will also work for other programs with minimal modifications.
Download the program from official website (Avoid third-party sources—they often contain viruses.) Install or run the portable version.
Open the program and click
ScanBy default, your router's subnet will be scanned (for example,192.168.0.0/24).After 10-30 seconds, a list of devices will appear. Note the columns:
- 🖥️ IP address — a unique identifier on the network.
- 🔑 MAC address — the device's serial number (it can be used to identify the manufacturer).
- 🏷️ Manufacturer — the brand of the device (for example, Apple, Samsung).
- 📡 Status — whether the device is currently active.
Right-click on the suspicious device and select Copy MAC addressThis address can then be added to the router's blacklist.
Check the MAC address through an online database (for example, MAC Vendors)|
Compare with your list of gadgets (smartphones, smart bulbs, printers)|
Try disabling it through the router (section MAC Filtering)|
Change your Wi-Fi password to a more complex one (at least 12 characters with numbers and special characters) -->
How to identify a "legitimate" device from a stranger
Not all unknown devices on the network are malicious. These are often:
- 📱 Guests, who connected earlier and forgot to disconnect.
- 💡 Smart devices (sockets TP-Link Tapo, cameras Xiaomi, robot vacuum cleaners) that you haven't used for a long time.
- 🖨️ Old printers or MFPs, which automatically connect to the network.
To distinguish your own from someone else's:
Take a look manufacturer by MAC address. If this Apple, but you don’t have devices of this brand - alarm signal.
Check it out host name (column
Hostname). Attackers often disguise themselves under standard names likeandroid-1234ordesktop-pc.Disconnect all your devices from Wi-Fi and run the scan again. Any remaining devices on the list are definitely unrelated.
Signs of a hacker connection
🔴 A device with a MAC address that starts with 00:0C:29 or 00:1C:14 (often used in virtual machines for attacks).
🔴 Constant traffic to ports 445 (SMB), 3389 (RDP) or 22 (SSH) - a sign of a hacking attempt.
🔴 Device with hostname type admin, router or backup, which is not on your network.
How to Block Other People's Devices: 3 Ways
If you're sure there's a rogue device on your network, act quickly. Here are three reliable methods:
1. Through MAC address filtering in the router
Go to your router settings (usually 192.168.0.1) and find the section MAC Filtering or Access Control. Add the suspicious MAC address to the blacklist (Deny). Minus: Experienced hackers can spoof a MAC address.
2. Change your Wi-Fi password
Change your network password to a complex one (example: W7f#9Kp2$Lm1!) and use the encryption standard WPA3-Personal (If your router supports it). This will disconnect all other devices, but you'll have to reconnect your devices.
3. Device isolation via VLAN
Advanced method for routers with support VLAN (For example, ASUS RT-AX88U or MikroTik). Create a separate network for the suspicious device and restrict its internet access. Requires networking knowledge.
Linux Scanners: Terminal vs. GUI
Users Linux (For example, Ubuntu or Kali Linux) can use both graphical utilities and console commands. The latter are often more powerful but require knowledge of the terminal.
Graphical utilities
- 🐧 Zenmap — GUI for Nmap with network visualization.
- 🌐 Wireshark — the same as on Windows, but with better integration into Linux.
- 📊 Netdiscover — a specialized scanner for wireless networks.
Console commands
For quick scanning, built-in tools are sufficient:
# Scanning devices on the local network (replace 192.168.0 with your subnet)nmap -sn 192.168.0.0/24
View active connections in real time
sudo arp-scan --localnet
IP traffic monitoring (requires sudo)
iftop -i wlan0
Warning: Commands like nmap -A (aggressive scanning) may be considered an attack by some routers and lead to blocking your device.
What to do if the scanner does not show devices
Sometimes network scanners don't display some devices. Causes and solutions:
| Problem | Cause | Solution |
|---|---|---|
| Smart devices (IoT) are not visible | Many IoT gadgets (for example, Xiaomi Mi Home) use the protocol BLE or Zigbee, which are not displayed in the IP scan. |
Use specialized applications like Fing (for mobile devices) or check the list in the manufacturer's app (e.g. Mi Home). |
| The scanner freezes | Large network (>50 devices) or slow processor. | Limit the IP range (eg. 192.168.0.1-192.168.0.50) or use nmap with a flag -T4 (fast scan). |
| "Dead" devices are shown | Router ARP table cache or DHCP leases. | Clear the cache with the command ip neigh flush all (Linux) or reboot the router. |
FAQ: Frequently Asked Questions about Network Scanners
❓ Can I use the scanner on someone else's network (for example, in a cafe)?
Technically yes, but this may be illegalIn most countries, scanning other people's networks without permission is considered hacking (Article 272 of the Russian Criminal Code). The exception is if you're the network administrator (for example, checking the Wi-Fi in your office).
❓ Why does the scanner show my device twice?
This happens if your PC/smartphone is connected to the network via both Wi-Fi and Ethernet, or if the device has multiple network interfaces (e.g., virtual machines or VPN tunnels). Check the command output. ipconfig /all (Windows) or ifconfig (Linux).
❓ How to scan a network on Android or iPhone?
The following applications are suitable for mobile devices:
- 📱 Fing (Android/iOS) - simple interface, port scanning.
- 📱 Network Analyzer (Android) - shows connection speed and open ports.
- 📱 iNet (iOS) - supports
Bonjour-devices (for example, Apple TV).
❓ Is it possible to find out which websites a connected device visits?
Network scanners only show IP addresses and ports. To see the websites you visit, you need traffic sniffer (For example, Wireshark) or setting DNS logging on the router.
❓ Why did someone else's device connect again after changing the password?
Possible reasons:
- The device has saved the old credentials (for example, a smartphone with the function
Auto-Connect). - The attacker uses WPS pin (vulnerable protocol, disable it in your router settings!).
- Your router is infected with malware (eg. VPNFilter), which gives access to outsiders.
Solution: Disable WPS, update your router's firmware and check it for viruses using a utility Router Scan.