Slow internet speeds and persistent lag in online games are often the first warning signs that an uninvited guest has entered your home network. Even if you've changed your password, old saved settings on your guests' or neighbors' devices may allow them to connect automatically when a signal is available. Access control Connecting to your local network isn't just a way to save megabytes of traffic, but also a basic cybersecurity measure that prevents personal data theft.
Modern routers have powerful monitoring tools that allow you to see a list of all active clients in real time. Ignoring this feature can result in your bandwidth being used for illegal activities or downloading heavy content, which can lead to speed throttling by your ISP. In this article, we'll cover both software and hardware methods in detail. connection audit.
There are many ways to look under the hood of your network, from mobile apps to deep analysis via the command line. The specific method you choose depends on the model of your equipment, whether it's TP-Link, Keenetic, Asus or MikrotikThe main thing to understand is that even the most reliable protection requires periodic manual verification.
Symptoms of unauthorized network access
The first sign that someone is accessing your Wi-Fi is a sharp drop in internet speed, especially during peak hours when you're not using resource-intensive apps. If videos stop loading in HD and pages open with a noticeable delay, it's time to troubleshoot immediately. Anomalous activity indicators on the router may also indicate high traffic generated by other devices.
Blocked access to network resources or the inability to access router settings may indicate that someone has already changed the security configuration. An attacker could have changed the administrator password or reconfigured DNS servers for phishing attacks. In such cases, immediate password change and a complete reset of the router settings becomes the only correct solution.
⚠️ Warning: If you notice that the Wi-Fi indicator is blinking at a frantic rate when all your devices are asleep, this is a sure sign of background downloading or a botnet running on someone else's device on your network.
Sometimes the symptoms can be less obvious, such as smart lights or CCTV cameras turning off spontaneously due to bandwidth congestion. Signal interference IP address overload and overcrowding also lead to unstable operation of IoT devices. Regular monitoring of the client list helps identify such problems at an early stage.
Using the router's built-in web interface
The most reliable and accurate way to find out who is using your Wi-Fi is to access your router's control panel through a browser. To do this, enter the gateway IP address (usually 192.168.0.1 or 192.168.1.1) in the address bar and log in. Depending on the firmware, the section you're looking for may be called Client list, DHCP Server or Wireless Statistics.
The interface will display a table with all active connections, including MAC addresses, IP addresses, and sometimes device names. By comparing this data with the list of your devices, it's easy to identify rogue connections. Modern interfaces, such as Keenetic or Asus, often have a graphical representation of the network, where unknown devices are marked with an exclamation mark.
☑️ Check via web interface
In such cases, it's recommended to temporarily disable Wi-Fi on your devices one by one, watching for the entries to disappear from the list. This will allow you to accurately match MAC addresses to specific devices.
| Router brand | Path to the menu | Section title | Blocking capability |
|---|---|---|---|
| TP-Link | Wireless -> Wireless Statistics | Client list | Through MAC filtering |
| Keenetic | Client list (main) | Active devices | Direct blocking |
| Asus | Network Map -> Clients | Client list | Blocking access |
| D-Link | Wi-Fi -> Statistics | Associated clients | Through the MAC filter |
| Tenda | Wi-Fi Settings -> Client List | Online Users | Blocking |
What if the interface is in English?
If you can't find the section you need due to a language barrier, use the translator in your browser (right-click -> Translate to Russian) or look for sections with the words "Wireless", "Client", "Status", "DHCP".
Mobile applications for network analysis
For users who find it difficult to use a browser on a PC, there are specialized smartphone apps that scan Wi-Fi networks. Programs like Fing, WiFi Analyzer or Network Scanner Allows you to instantly see a list of all devices connected to the current network. These devices often provide more detailed information about the network adapter chip manufacturer than standard routers.
The advantage of mobile scanners is their ability to identify the device type (TV, printer, console) based on open ports and network behavior. This significantly simplifies the identification process, as you immediately see the "Smart TV" or "iPhone" icon, not just a string of numbers. However, such apps only work within your local network and cannot block the device directly through the router.
It's worth keeping in mind that some antivirus programs may detect network scanners as potentially unwanted software due to their activity. Therefore, such utilities should only be downloaded from official stores. Google Play or App StoreUsing questionable APK files can have the opposite effect—infecting your phone.
Analysis via command line and ARP table
For advanced users who prefer to work without installing additional software, there is a method for checking via the operating system command line. In Windows, this is done using the command arp -a, which displays a table of IP addresses corresponding to the physical MAC addresses of devices with which your computer has recently communicated. This method is advantageous for its speed and the fact that it doesn't require an internet connection.
C:\Users\Admin> arp -aInterface: 192.168.1.5 --- 0xb
Internet Address Physical Address Type
192.168.1.1 00-1a-2b-3c-4d-5e dynamic
192.168.1.10 aa-bb-cc-dd-ee-ff dynamic
192.168.1.255 ff-ff-ff-ff-ff-ff static
However, this method has a significant drawback: the ARP table only displays devices that actively interacted with your computer. "Sleeping" devices or those simply downloading torrents may not be included in the selection. To get a complete picture, you should first ping the entire address range or use more complex scripts.
In Linux and macOS the syntax may differ, the command is often used ip neigh or arp -a with flags. This method is ideal for quick checks on corporate networks or systems without a graphical interface. The key is to be able to distinguish dynamic entries from static ones to avoid blocking system gateways.
MAC address filtering and blocking
Once you've identified the intruder, the most effective defense is MAC address filtering. Each network adapter has a unique identifier that can be entered into Black List (list of prohibited) or, conversely, use White List (White List). In White List mode, only devices whose addresses you manually enter in the router settings will have access to Wi-Fi.
MAC filtering settings are usually located in the Wireless Security or Client filteringBy enabling this mode, you're guaranteed to block anyone attempting to connect from a new device, even if they know the password. This creates a double security barrier that's virtually impossible for the average user to overcome.
⚠️ Important: Be extremely careful when enabling MAC address filtering. If you accidentally blacklist your laptop or phone's address, you will lose access to your router's Wi-Fi settings and will only be able to change them via a LAN cable.
Keep in mind that MAC addresses can be spoofed (cloned) on advanced equipment, so this may not be sufficient for mission-critical networks. However, for a home network and to protect against neighbors, this level of protection is quite sufficient. Update your lists regularly if you purchase new equipment.
Frequently asked questions and problems during verification
Why are there unknown names showing up in the device list?
Routers often fail to correctly identify a device's name if the manufacturer doesn't specify it in the DHCP request. In this case, the default OS name or simply the MAC address is displayed. To identify the device, look up the first six characters of the MAC address (OUI) in the manufacturer's online databases.
Can the router show devices that are currently sleeping?
Typically, the list only displays active connections or those whose IP address lease time has not expired. If a device goes into sleep mode and disconnects, it may disappear from the active list but remain in the DHCP lease table until the timer expires.
Is it safe to use third-party scanning software?
Most popular apps from official stores are safe, but they require access to your entire local network. Make sure you trust the developer, as such programs could potentially collect data about your home network.
What should I do if I can't access my router settings?
If the administrator password has been changed and you don't know it, you'll need to perform a full reset of the router using the button on the device. This will restore the router's settings to factory defaults, and you'll be able to log in using the login information on the sticker, but you'll have to reconfigure your internet settings.
Does the number of connected devices affect the speed?
Yes, each connected client, even one not consuming traffic, creates a small load on the router's processor and takes up space in the NAT table. If there are a large number of devices (more than 20-30), budget routers may become unstable or even drop connections.