It's often frustrating when the internet starts to slow down and pages load with noticeable delays. Many users immediately blame their ISP or outdated equipment, forgetting about the possibility of unauthorized access. If you've noticed unusual activity in your router's indicators or simply want to secure your network, the first step should be checking connected devicesThis is a basic digital hygiene procedure that should be performed periodically.
There are several effective ways to identify "outsiders" in your network, from built-in router features to specialized software. Modern routers from manufacturers like Keenetic, TP-Link or Asus provide fairly transparent statistics. However, to get the full picture, it's important to understand how the customer list is formed and what data may be hidden from the average user during standard browsing.
In this article, we'll cover diagnostic methods, command line usage for advanced users, and the nuances of security settings. You'll learn not only how to find unauthorized devices but also how to quickly block their access. It's important to act quickly, as an unknown caller can not only hog your bandwidth but also access local resources, such as shared folders or network printers.
Visual diagnostics using router indicators
The simplest, though not the most accurate, method of initial assessment is to observe the physical indicators on the device's body. The light bulb, labeled as Wi-Fi, WLAN or depicted by an antenna symbol, flashes when data is being transmitted. If all your devices are turned off or in airplane mode, and the indicator continues to flash rapidly and erratically, this may indicate background network activity.
It's worth noting that some router models have LEDs that are constantly lit when the wireless module is enabled, and only change intensity under load. Therefore, relying solely on the blinking indicator isn't recommended. A more reliable option is to use the router manufacturer's proprietary mobile apps, which often provide digital LED status information with more detailed statistics.
⚠️ Attention: Lights may flash due to background Windows system updates, cloud storage synchronization, or smart devices (IoT) such as cameras or sensors. Don't jump to conclusions based solely on light bulbs.
For a precise diagnosis, it's best to use software methods. Visual inspection is only good for quickly determining whether data is being transmitted at all when you're not doing anything. A steady light or no light at all doesn't guarantee safety, as data packets may be transmitted in short pulses that are invisible to the naked eye.
Using the router's built-in web interface
The most reliable way to find out who is connected to your Wi-Fi is to log into your router's admin panel. To do this, you need to enter the gateway IP address (often 192.168.0.1 or 192.168.1.1) in the browser's address bar. After logging in (the login and password are usually found on a sticker on the bottom of the device), find a section called "Client List," "Network Map," "DHCP Server," or "Wireless Network Status."
This section displays a table of all active connections. Here you'll see MAC addresses, IP addresses, and often device names (Host Names). MAC address — This is a unique identifier for a network interface that is virtually impossible to forge accidentally. By comparing the list with your existing devices, you can easily identify any extra entries.
Interfaces vary from manufacturer to manufacturer, but the logic remains the same. For example, in routers MikroTik this is a section Leases in the DHCP menu, and in Asus — the "Clients" tab on the main page. If you spot a device you don't recognize, don't panic: it might be your old phone or a smart bulb you forgot to account for.
☑️ Check in the admin panel
For ease of analysis, you can use the following table to decipher the status of devices in different sections of the interface:
| Interface section | What does it show? | Data reliability |
|---|---|---|
| Wireless Statistics | Only currently active Wi-Fi connections | High (Wi-Fi only) |
| DHCP Leases | All devices that have received an IP address (including sleeping ones) | Maximum |
| ARP Table | IP and MAC address mapping table | Intermediate (technical) |
| System Log | Connection and disconnection history | Low (difficult to read) |
Network Analysis Using the Command Line (CMD)
For users who prefer not to access their router settings, there's a quick method available through the Windows operating system. The command line allows you to query your computer for a list of all devices with which it has exchanged data on the local network. This won't show everyone connected to the router, but it will identify active neighbors with whom it has direct contact.
Open the command prompt by typing cmd in the Start menu and run the command arp -aA list of IP addresses and their corresponding physical addresses (MAC) will appear on the screen. Static dynamic indicates that the address was obtained automatically, and static — written manually. Addresses starting with 192.168., relate to your local network.
C:\Users\User> arp -aInterface: 192.168.1.5 --- 0x3
Internet Address Physical Address Type
192.168.1.1 00-1a-2b-3c-4d-5e dynamic
192.168.1.15 a1-b2-c3-d4-e5-f6 dynamic
192.168.1.20 11-22-33-44-55-66 dynamic
This method is fast, but it has limitations. If a device on the network is sleeping or hasn't transmitted packets in a while, it may not be included in your computer's ARP table. Furthermore, the command line won't display the device name (e.g., "iPhone-Ivan"), making identification difficult without additional tools.
What to do if the list is empty?
If the arp -a command only shows the gateway (router), this doesn't mean the network is empty. Your firewall may be blocking broadcast requests, or other devices may simply be inactive. Try pinging the entire address range first, for example, with the command: for /L %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i (this will take some time). Then repeat arp -a.
Specialized programs and network scanners
If the built-in tools seem too complicated or not informative enough, third-party utilities can come to the rescue. Programs like Fing (available for PC and smartphones), Wireless Network Watcher or Advanced IP Scanner They are capable of performing a deep subnet scan. They not only display MAC addresses but also attempt to identify the device manufacturer based on the first bytes of the address (OUI), as well as open ports.
The advantage of such programs is their clarity. They often assign icons to devices (laptop, phone, printer) and allow you to give them understandable names. This is critical when there are dozens of devices on the network. You'll immediately see that "Unknown Device" with a MAC address starting with 00:50:56, is actually a virtual machine or a specific brand of equipment.
⚠️ Attention: When installing free network scanners, carefully check the boxes in the installer. Often, along with a useful utility, you'll be asked to install an additional browser or antivirus software that you don't need.
Mobile versions of such apps are especially convenient, as they allow you to check the network directly from your phone, from anywhere in your home. They can also alert you to new devices connected to the network by enabling background monitoring. This turns your smartphone into a pocket-sized tool for the network administrator.
Why might the list contain unknown devices?
Finding an unfamiliar name or MAC address in a list often leaves users stumped. However, before changing your password, it's worth taking stock of your digital life. In the age of the Internet of Things (IoT) It's not just phones and laptops that connect to Wi-Fi. Smart plugs, robot vacuum cleaners, and TVs are also connected. Samsung or LG, game consoles, and even smart refrigerators all have network interfaces.
Often the names of these devices on the network look like a set of letters and numbers (for example, android-5f3a2b or ESP8266). If you recently purchased new equipment, it may have automatically connected to the network, remembering the password. It's also worth checking the guest area, if you have one enabled—guest phones that you forgot to track may be connecting there.
Another cause is virtual adapters. Computers with virtualization software (VirtualBox, VMware) or Android emulators installed can create virtual network cards that the router perceives as separate physical devices. This is normal and does not require intervention.
Network Security: Blocking and Changing Passwords
If, after a thorough check, you've confirmed that someone has indeed connected to your Wi-Fi, you need to take decisive action. The most effective method is to completely change your wireless network password. Go to your security settings (Wireless Security) and select the encryption type WPA2-PSK or WPA3Avoid outdated protocol WEP, which can be hacked in minutes.
Your password must be complex: at least 12 characters, containing uppercase and lowercase letters, numbers, and special characters. After changing your password, all devices will be disabled, and you'll have to re-enter the new key on each device. This is inconvenient, but it's the only guaranteed way to expel an intruder who might have copied your old password.
An additional security measure is MAC address filtering. You can enable "White List" mode in your router settings, allowing access only to specific, known devices. However, this method is labor-intensive to maintain: every time guests arrive with a laptop, you'll have to manually add their MAC address to the allowed list.
⚠️ Attention: Router interfaces are constantly being updated. The layout of menu items may differ from that described in the instructions. If you can't find the setting you need, look for "Filter," "Access Control," or "Blacklist/Whitelist" in the menu.
Don't forget to regularly update your router firmware. Manufacturers patch security vulnerabilities that allow hackers to access settings or intercept traffic. Keeping your firmware up-to-date is essential for the stable operation of your home network.
Is it possible to see my neighbor's browsing history?
Technically, a router owner can configure traffic logging, but in standard home routers, this feature is usually disabled or requires a USB drive. Furthermore, most websites use the HTTPS protocol, which encrypts page content, so only the domain name can be seen, not specific actions or passwords.
Frequently Asked Questions (FAQ)
Can my neighbor hack my Wi-Fi if I have a strong password?
If modern WPA2/WPA3 encryption is used and the password is truly complex (a random set of characters), then a brute-force attack would take hundreds of years. However, if you have WPS enabled, it can be used to bypass the password. It is recommended to disable WPS in your router settings.
Can a connected neighbor see my files on my computer?
By default, modern operating systems (Windows 10/11, macOS) ask, "Do you want this computer to be discoverable?" when connecting to a new network. If you answer "No" or the network is marked as "Public," access to your files is blocked. This poses a risk if you have network discovery enabled and don't have passwords on shared folders.
How do I know the maximum number of devices my router supports?
Theoretically, the Wi-Fi standard allows for up to 254 devices to be connected (DHCP limit), but the actual limit depends on the router's processor power and RAM. Budget models can become unstable with just 15-20 active clients, losing packets and reducing speed.
Will my device's MAC address change if I reset my phone's network settings?
The physical MAC address is hardcoded into the hardware and doesn't change after a reset. However, modern smartphones (iOS and Android) use a feature called "MAC address randomization" to protect privacy. When connected to different networks, the phone may present itself with different virtual MAC addresses. In the Wi-Fi settings for a specific network, you can select "Use device MAC address" to make the address permanent.