Wi-Fi Scanner: How to Identify Freeloaders and Protect Your Network

Have you noticed your internet is slower than usual, or your data is running out early? Perhaps unauthorized devices have connected to your Wi-Fi—neighbors, guests who forgot to disconnect, or even hackers using your connection for illegal activities. According to research KasperskyEvery fifth router in Russia has vulnerabilities that allow attackers to connect to the network without the owner's knowledge.

In this article we will look at 7 proven programs for Windows, Android, macOS, and iOS, which will help you identify all connected users, determine their MAC addresses, IP addresses, and even block unwanted devices. You'll learn how to use your router's built-in tools, which apps provide the most detailed information, and what to do if you detect a rogue connection. We'll pay special attention to free solutions — they cover 90% of the tasks of the average user.

Important: Network monitoring must be carried out only within your own infrastructureScanning other people's networks without the owner's permission may be considered a violation. Federal Law No. 149-FZ "On Information" (Article 272 of the Criminal Code of the Russian Federation).

1. Built-in router tools: the first step without software

Before installing third-party software, check the capabilities of your router. Most modern models (TP-Link, ASUS, Keenetic, MikroTik) have a built-in function for displaying connected devices. Simply go to the web interface at 192.168.0.1 or 192.168.1.1 (check the router sticker).

Instructions for popular brands:

  • 🔹 TP-Link: Go to Wireless Mode → Wireless Mode Statistics or DHCP → DHCP Client List.
  • 🔹 ASUS: Open Network map in the main menu - all devices with IP, MAC and names will be displayed there.
  • 🔹 Keenetic: In the section Devices You can see active connections, history, and even restrict access.
  • 🔹 Xiaomi/Mi Router: In the mobile app Mi Wi-Fi There is a "Devices" tab with traffic details.

Limitations of this method: Some routers only show active devices (those currently online), not all devices that have ever been connected. The list may also show hidden devices with random MAC addresses (function MAC Randomization (in iOS/Android 10+).

📊 What kind of router do you have at home?
TP-Link
ASUS
Keenetic
Xiaomi
D-Link
Another

2. Top 3 Windows Programs: From Simple to Professional

If your router's built-in tools aren't enough, use specialized software. We've tested dozens of utilities and selected three of the most effective PC solutions.

Program Type Key Features Cons
Wireless Network Watcher (NirSoft) Free Scans the network, displays IP/MAC, device names, manufacturer by MAC, export to CSV No device blocking, English interface
SoftPerfect WiFi Guard Shareware Tracks new devices, keeps history, and alerts you to suspicious MAC addresses. The free version is limited to 10 devices.
Advanced IP Scanner Free Scans the local network, identifies open ports, integrates with Radmin Not specialized for Wi-Fi, may show extra devices (printers, NAS)

Wireless Network Watcher — the best choice for beginners. The program requires no installation, works with any network card, and displays real names of devices (if they are not hidden). For example, if someone connected to your network iPhone 13 Pro Max, the utility will display its model by MAC address.

How to use:

  1. Download the archive from the official website NirSoft (check the file hash for viruses!).
  2. Unzip and run WNetWatcher.exe (does not require administrator rights).
  3. Click Start Scan — after 10–30 seconds a list of devices will appear.
  4. Pay attention to the columns Device Name (name) and Network Adapter Company (chip manufacturer).

Unknown MAC addresses without device names|

Devices with names "Android", "Unknown" or random characters|

Chip manufacturers that are not in your home (eg. Samsung, if you only have Apple)|

IP addresses outside your subnet (e.g. 192.168.2.x at your 192.168.1.x)

-->

SoftPerfect WiFi Guard Suitable for those who want to automate monitoring. The program creates a "whitelist" of allowed devices and notifies of new connections. In the paid version ($29) Blocking via ARP spoofing is available, but the free features are sufficient for home use.

3. Mobile apps: control Wi-Fi from your phone

For smartphone owners on Android And iOS There are convenient apps that scan the network directly from your phone. The main advantage is that you don't need to connect to the router via cable or find a PC.

Top apps:

  • 📱 Fing (Android/iOS) — identifies devices, ports, and network vulnerabilities. The free version limits the number of scans.
  • 📱 NetScan (Android) - shows MAC, IP, host names and even connection speed.
  • 📱 WiFi Scanner (iOS) - simple interface, integration with Apple HomeKit.
  • 📱 IP Tools (Android) - A comprehensive set of utilities, including ping, traceroute, and port scanner.

Example of working with Fing:

  1. Connect to your Wi-Fi network on your phone.
  2. Launch the application and click Scan.
  3. In the list of devices, pay attention to:
  • 🔴 Devices with the status "Unknown" or without a name.
  • 🔴 MAC addresses starting with B8:27:EB (Raspberry Pi) - These are often used to create "black boxes" for hacking.
  • 🔴 Devices with open ports (e.g. 22/SSH or 3389/RDP).

iOS limitation: because of politics Apple applications in App Store cannot gain full access to low-level network information. Therefore, iPhone you will see less data than on Android.

How do Wi-Fi scanners deceive?

Some devices (especially on Android 10+) use MAC address randomizationThis means they generate a new MAC address every time they connect to the network, making them more difficult to track. To disable this feature on your phone, go to Settings → Wi-Fi → Advanced → Private MAC Address and deactivate the option.

4. Advanced Methods: Traffic Analysis and Blocking

If you've discovered a suspicious device, simply knowing its MAC address isn't enough. It's important to understand What is it doing on your network?: downloading torrents, sending spam, or simply sitting idle. For this, you'll need traffic analysis tools.

Deep analysis programs:

  • 🛡️ Wireshark — the "gold standard" for packet interception. Allows you to see what websites a device visits and what protocols it uses.
  • 🛡️ GlassWire — visualizes traffic by device, shows the geolocation of connections.
  • 🛡️ PRTG Network Monitor — a professional monitoring solution (there is a free version for 100 sensors).

Instructions for blocking a device via a router:

  1. Go to the router's web interface (usually 192.168.0.1).
  2. Find the section MAC filtering (or Parent Control, Access Control).
  3. Add the MAC address of the unwanted device to the blacklist.
  4. Save the settings and reboot the router.

⚠️ Attention: MAC blocking isn't foolproof. An attacker can spoof their device's MAC address to an authorized one. For complete security, change your Wi-Fi password to a complex one (at least 12 characters, including numbers and special characters) and enable encryption. WPA3 (or WPA2-AES, if WPA3 is not supported).

5. How to identify a "hare": signs of a foreign device

Not all unknown devices on the network are malicious. These could be:

  • 📺 Smart devices (TV, speaker, light bulb) that you forgot to set up.
  • 🖨️ Printer or MFP with network connection.
  • 🎮 Game console (PlayStation, Xbox) with automatic connection.
  • 🤖 Robot vacuum cleaner or other IoT technology.

Signs that there are definitely strangers on the network:

  • 🚨 Unknown MAC address with a prefix that does not match your devices (check the first 6 characters via database of manufacturers).
  • 🚨 High traffic during non-working hours (for example, at night when everyone is sleeping).
  • 🚨 Connections to unusual ports (for example, 445/SMB, 23/Telnet).
  • 🚨 Device with a name like "android_12345" or "host-abcde".

⚠️ Attention: If a device with a MAC address appears on the network 00:00:00:00:00:00 or FF:FF:FF:FF:FF:FFThis could be a sign of ARP spam (a network attack). Immediately disconnect your router from the internet and check your security settings.

6. Alternative methods: without programs and a router

If you don't have access to your router or the ability to install software, use these methods:

Method 1: Via the Windows command line

  1. Click Win + R, enter cmd and run as administrator.
  2. Run the command:
    arp -a

    It will display an ARP table with IP and MAC addresses of all devices on the local network.

  3. Compare the list with devices you know.

Method 2: Via the macOS/Linux terminal

  1. Open Terminal.
  2. Enter:
    nmap -sn 192.168.1.0/24

    (replace 192.168.1.0/24 to your subnet).

  3. Get a list of all hosts with MAC addresses and names.

Method 3: Via Google Home or Apple HomeKit

If you have a smart speaker (Google Nest, Apple HomePod), check the list of devices in the corresponding application (Google Home or House). All gadgets connected to your network, including third-party ones, are stored there.

7. What to do if you find a stowaway: a step-by-step plan

Have you found an unknown device? Follow these steps:

  1. Step 1: Make sure it's not your device
    • Check the MAC addresses of all your gadgets (on stickers or in settings).
    • Disconnect your devices from the network one by one and see if the “hare” disappears.
  2. Step 2: Lock your device
    • Add its MAC address to the router's blacklist (section MAC Filter).
    • Or change your Wi-Fi password (all devices will disconnect).
  3. Step 3: Strengthen your network security
    • Turn on WPA3 (or WPA2-AES).
    • Turn it off WPS (vulnerable to brute force).
    • Hide network SSID (Hide SSID) - not very effective, but will make life more difficult for random connections.
  • Step 4: Scan your devices for viruses
    • Sometimes "hares" appear due to an infected computer on your network that has become part of a botnet.
    • Scan all PCs and smartphones Kaspersky Virus Removal Tool or Malwarebytes.

    ⚠️ Attention: If your internet continues to slow down after blocking the "hare" connection, the problem may not be with the third-party device, but with:

    • 🐢 Channel congestion (for example, someone in the house is watching 4K video).
    • 📡 Interference from neighboring networks (check in Wi-Fi Analyzer).
    • 🔌 Router malfunctions (overheating, outdated firmware).

    FAQ: Frequently Asked Questions about Wi-Fi Monitoring

    ❓ Is it possible to find out which websites a connected device visits?

    Yes, but for this you need special programs like Wireshark or GlassWireThey intercept traffic and show the domains the device is accessing. However, this may violate privacy laws if you analyze someone else's device traffic without their consent.

    ❓ Why do non-existent MAC addresses appear in the device list?

    This could be:

    • 👻 Scanning artifact (the program made a mistake).
    • 👻 Virtual device (for example, a virtual machine or a Docker container).
    • 👻 Network attack (for example, ARP spoofing).

    Check the address via database of manufacturers. If it belongs Unknown or Private, this is suspicious.

    ❓ How do I permanently block my device?

    No method is 100% guaranteed, but a combination of these steps will make the task as difficult as possible:

    1. Add the MAC address to the router's blacklist.
    2. Change your Wi-Fi password to a complex one.
    3. Turn on MAC filtering (allow only known addresses).
    4. Update your router firmware to the latest version.
    5. Turn it off UPnP And WPS in the settings.
    ❓ Is it legal to scan your network?

    Yes, scanning own networks are legal if you:

    • ✅ You are the owner of the router or have permission to administer it.
    • ✅ Do not intercept the traffic of other users (for example, neighbors).
    • ✅ Do not use the obtained data for hacking or blackmail.

    Scanning other people's networks without consent is a violation. Federal Law No. 149 and may entail liability.

    ❓ Why do "hares" return after changing the password?

    Possible reasons:

    • 🔄 The password is too simple (can be brute-forced).
    • 🔄 Someone at home told the password to strangers.
    • 🔄 The router is infected with malware (for example, VPNFilter).
    • 🔄 You have it enabled WPS, which is vulnerable to hacking.

    Solution: Perform a full reset of the router (Reset button), update the firmware and configure from scratch.