Who's using my Wi-Fi? How to find and remove other people's devices from my network

Have you noticed that your internet is slower than usual, and your data is running out suspiciously quickly? Someone else may be accessing your Wi-Fi. According to KasperskyEvery fifth router in Russia has vulnerabilities that allow attackers to access the network without the owner's knowledge. The reasons for this can range from a forgotten password given to guests to a targeted hack by a neighbor looking to save on their data plan.

In this article we will figure out how check the list of connected devices, identify unauthorized ones, and reliably block unwanted "neighbors." You'll learn about hidden signs of unauthorized access that are often overlooked and receive a checklist for protecting your network. Important: Some methods require access to your router settings, so prepare your login details in advance (they're usually found on the device's sticker).

Signs that someone else is using your Wi-Fi

Before checking your device list, pay attention to these indirect signs. They'll help you determine if you need to worry:

  • 📉 A sharp drop in speed — especially during normal times when you're not downloading large files. For example, videos on YouTube starts to "freeze" on resolution 720p, although earlier it was going smoothly 4K.
  • 🔄 Unexplained reconnections — the router spontaneously disconnects from your devices, although the indicators are green.
  • 💸 Traffic limit exceeded — if you have a plan with a gigabyte limit, and they run out 20-30% faster than usual.
  • 🕵️ Activity during non-working hours — the data transfer indicators on the router blink at night when all family members are asleep.

One of these signs isn't a reason to panic - the problem could be overloaded provider network or equipment malfunction. But if you observe two or more symptoms at the same time, it's worth checking the list of connected devices. This is especially relevant for owners of routers with weak passwords (for example, 12345678 or admin) or those who have never changed the factory settings.

📊 Have you noticed suspicious activity on your Wi-Fi network?
Yes, the speed drops for no reason.
Yes, the traffic is used up too quickly.
No, but I want to check just in case.
I don't know how to determine this

Method 1: View the list of devices through the router's web interface

The most reliable method is to access your router's control panel. The instructions are universal for most models (TP-Link, ASUS, D-Link, Keenetic etc.), but the paths to the menu may differ slightly.

  1. Open your browser and enter your router's IP address in the address bar. This is usually 192.168.0.1 or 192.168.1.1The exact address is indicated on the device sticker.

  2. Enter your login and password (by default it is often admin/admin or admin/empty field). If you changed them, use your information.

  3. Go to the section with a list of connected devices. The paths may be:

    • 🔧 TP-Link: Wireless Mode → Wireless Mode Statistics or DHCP → DHCP Client List
    • 🖥️ ASUS: Network Map → Clients or Local Network → DHCP Server
    • 🌐 Keenetic: Devices → Device List

In the table you will see MAC addresses, IP addresses And device names (if they are not hidden). Pay attention to unknown gadgets - they can be blocked right here (usually there is a button Block or Disable).

What is a MAC address and why is it important?

A MAC (Media Access Control) address is a unique identifier for a network device, hardcoded into it at the factory. Unlike an IP address, which can change, a MAC address remains constant. While attackers can spoof an IP address, MAC addresses are harder to spoof, making blocking based on MAC addresses more reliable.

⚠️ Note: If you see in the list of devices several unknown gadgets with the same vendor (manufacturer) (For example, Xiaomi or Samsung), this may be a sign of use Wi-Fi repeater or smart devices neighbor. In this case, it's worth additionally checking your router's security settings.

Method 2: Using mobile apps to analyze the network

If accessing your router settings is inconvenient, you can use specialized apps. They scan the network and display all connected devices, including hidden ones. Popular options include:

  • 📱 Fing (Android/iOS) — identifies devices by MAC, shows their manufacturer and even network vulnerabilities.
  • 🛡️ WiFi Guard (Android) — Compares the current list of devices with the saved "white list" and notifies about new connections.
  • 🔍 NetScan (iOS) — scans the network and sorts devices by type (smartphone, PC, IoT gadget).

How to use (using example) Fing):

  1. Download and install the application from the official store.
  2. Connect to your Wi-Fi network.
  3. Start the scan - in 10-20 seconds you will receive a list of all devices with their MAC, IP and name (if available).
  4. Click on a suspicious device to see additional information: connection time, ports used, possible vulnerabilities.

The advantage of apps is that they can track activity in real time and notify you of new connections. The downside is that some features (such as device blocking) are only available in the paid version. Also, keep in mind that apps can't block devices directly—you'll still need to access the router settings to do so.

Method 3: Checking via the command line (for advanced users)

This method is suitable for Windows, macOS or Linux and doesn't require any additional software. It will show all devices actively exchanging data with your computer on the local network.

For Windows:

  1. Open the command prompt: press Win + R, enter cmd and press Enter.
  2. Enter the command:
    arp -a

    You will see a table with IP and MAC addresses of devices.

  3. For more detailed information, please use:
    nbtstat -a [IP address]

    (replace [IP address] on the suspicious one from the list).

For macOS/Linux:

  1. Open the terminal.
  2. Enter the command:
    nmap -sn 192.168.1.0/24

    (replace 192.168.1.0/24 to your subnet, if it is different).

  3. To scan a specific IP in detail:
    nmap -O [IP address]

This method requires some technical knowledge, but it gives the most accurate information about devices on the network, including their operating systems and open portsHowever, it will not show devices that are currently inactive (for example, a smartphone in sleep mode).

⚠️ Attention: Teams nmap may be blocked by some providers or corporate networks. If you receive an error, try using Fing or other software.

Method 4: Analyze the router log (connection logs)

Many routers keep a connection log, recording all network access attempts, including unsuccessful ones. This is useful if you suspect someone tried to connect but was unable to (for example, due to an incorrect password).

How to view logs:

  1. Go to the router's web interface (instructions in Method 1).
  2. Find the section with logs. The paths may be:
    • 📜 TP-Link: System Tools → System Log
    • 📋 ASUS: Administration → Journal
    • 📑 Keenetic: System → Logs
  • Search for entries with tags Authentication failed (authentication failed) or New device connected (new device).
  • In the magazines you can find:

    • 🕒 Connection time - If someone connects at night, this is a clear sign of unauthorized access.
    • 🔄 Frequent password attempts - this could be a brute-force attack.
    • 📱 Unknown MAC addresses — even if the device did not connect, its MAC could remain in the logs.

    If you see suspicious activity, it is recommended change your Wi-Fi password and enable additional security measures (more on that in the next section).

    Change your Wi-Fi password to a complex one (at least 12 characters, with numbers and special characters)|

    Enable MAC address filtering|

    Disable WPS function (it is vulnerable to hacking)|

    Update your router firmware to the latest version|-->

    Method 5: Using the provider's functions (personal account)

    Some internet service providers (eg. Rostelecom, Beeline, MTS) provide tools for monitoring your home network in your personal account. This is convenient if you don't want to access your router settings.

    How to check:

    1. Log in to your personal account on the provider's website.
    2. Find the section My network, Wi-Fi Management or Home Internet.
    3. Look at the list of connected devices. For example, Rostelecom this is a tab Devices in the section Wi-Fi.
    4. If available, enable notifications for new connections.

    The advantages of this method:

    • ✅ No need to remember your router password.
    • ✅ You can manage the network remotely (for example, via the provider's mobile app).
    • ✅ Some providers offer automatic blocking of unknown devices.
    ⚠️ Note: Personal account functionality depends on your provider and plan. If you have a budget plan, some options may not be available. In this case, use the other methods in this article.

    How to Block Someone Else's Device: Step-by-Step Instructions

    If you've identified a rogue device on your network, you need to block it. Here's a general procedure:

    1. Change your Wi-Fi passwordUse a complex combination of letters (in mixed case), numbers, and symbols. An example of a strong password: k7#pL9!vN2@qRAvoid obvious choices like birthdays or pet names.

    2. Enable MAC address filteringIn the router settings, find the section Wireless Network → MAC Filter (or similar) and add only your devices to the "whitelist". This does not provide 100% protection (MAC can be forged), but it will make the task more difficult for an attacker.

    3. Disable WPSThis feature simplifies connecting devices, but has critical vulnerabilities. In the router settings, find WPS and deactivate it.

    4. Update your router firmwareManufacturers regularly release patches to close vulnerabilities. Check the section Software update or Firmware in the web interface.

    5. Change the network name (SSID). Don't use standard names like TP-Link_1234It's better to come up with a neutral name that doesn't reveal the router model (for example, HomeNet-5G).

    6. Enable guest network For friends. If you frequently grant access to guests, create a separate network with limited rights (no access to local resources).

    After blocking, check the network again in 10-15 minutes. If the device reappears, it could mean:

    • 🔄 The password was cracked using brute force.
    • 📡 Someone is using Wi-Fi repeater, previously connected to your network.
    • 🕵️ Your network has a "weak link" - a device with a virus that is distributing access (for example, a smartphone with the Internet turned on Wi-Fi Hotspot).

    Additional measures to protect your Wi-Fi network

    To minimize the risk of being hacked again, follow these tips:

    Protective measure How to apply Efficiency
    Disabling remote control In the router settings (Administration → Remote Access) disable access from the Internet. ⭐⭐⭐⭐⭐
    Hiding the SSID In the Wi-Fi settings, disable the option Broadcast SSIDThe network will become invisible to outsiders. ⭐⭐⭐
    Using a VPN on a router Set up a VPN server on your router (if supported) or use VPN on your devices. ⭐⭐⭐⭐
    Disabling UPnP In the security settings, deactivate UPnP - this closes potential loopholes. ⭐⭐⭐⭐
    Regularly check your devices Once a month, review the list of connected gadgets via the router or app. ⭐⭐⭐⭐⭐

    It is also worth paying attention to smart devices on your network (cameras, speakers, light bulbs). They often have weak default passwords and can become a backdoor for hacking. Update the firmware on all IoT-gadgets and change their default passwords.

    FAQ: Frequently Asked Questions about Wi-Fi Security

    Is it possible to find out who exactly connected to my Wi-Fi?

    It is impossible to accurately identify a person by MAC or IP, but it is possible to obtain indirect data:

    • 📱 Device manufacturer — by the first characters of the MAC address (for example, B8:27:EB belongs Raspberry Pi).
    • 🌐 Active connections - some applications (for example, Fing) show which websites the device visits.
    • 📡 Signal strength - if the device is connected with high power, it is located close by (perhaps in your apartment).

    To accurately identify the perpetrator, you will need the help of your provider or law enforcement agencies (if it is fraud).

    What should I do if my neighbor hacked my Wi-Fi and refuses to disconnect?

    Algorithm of actions:

    1. Change your password to the most complex one (at least 15 characters with mixed cases).
    2. Enable MAC address filtering.
    3. Disable WPS and UPnP.
    4. If your neighbor continues to connect, contact your ISP and report unauthorized access. They may block their device at the hardware level.
    5. In extreme cases - change the router (if the old one has critical vulnerabilities).

    Legally, using someone else's Wi-Fi without the owner's consent is equivalent to unauthorized access to computer information (Article 272 of the Criminal Code of the Russian Federation). However, proving a neighbor's guilt is difficult—router logs and an expert assessment would be required.

    Can illegal activities be carried out through my Wi-Fi?

    Technically, yes. If an attacker has connected to your network, they can:

    • 🕵️ Download pirated content (your IP will be recorded by copyright holders).
    • 💳 Commit fraudulent actions (for example, attacking websites).
    • 📧 Send spam (your IP may be blacklisted).

    To minimize risks:

    • Use VPN on a router (if it supports this feature).
    • Set up firewall to block suspicious connections.
    • Check your network regularly for foreign devices.

    If you discover that illegal activity has been committed through your Wi-Fi, immediately contact your provider and report the hack. They can provide logs confirming the unauthorized access.

    How to protect your Wi-Fi from future hacking?

    Checklist for maximum protection:

    Change the default router password (not admin/admin)|

    Use WPA3 encryption (or WPA2 if WPA3 is not supported)|

    Disable WPS and UPnP|

    Enable MAC address filtering|

    Update your router firmware to the latest version|

    Hide SSID (disable network name broadcasting)|

    Set up a guest network for temporary connections|

    Install a network monitoring app (eg Fing)|

    Check the list of connected devices once a month|-->

    Additionally, you can use intrusion detection systems (IDS), such as Snort or Suricata, but setting them up requires advanced knowledge.

    Is it true that ISP routers are less secure?

    Yes, often routers provided by providers (Rostelecom, MGTS, Dom.ru), have:

    • 🔓 Standard passwords (for example, those indicated on the sticker).
    • 🔄 Outdated firmware (providers do not always update it automatically).
    • 📡 Vulnerable features enabled by default (WPS, remote control).

    Recommendations:

    • Immediately after connection change your password on your own.
    • Check for firmware updates in your provider's personal account.
    • If your router is very old (for example, it was issued 5+ years ago), consider buying a new one with support WPA3.