How to Detect Unauthorized Devices on Your WiFi Network (5 Methods + What to Do Next)
Your internet has been sluggish lately. Or you spotted an unfamiliar device name in your router’s app. Or you just want to confirm that nobody is piggybacking on your connection.
Whatever brought you here, finding out who’s on your WiFi network is something anyone can do in minutes, with no technical background required. And once you know how to look, checking regularly takes less than two minutes.
This guide covers five practical detection methods, ordered from simplest to most thorough, explains exactly how to identify what each device is, and walks you through removing unauthorised devices and locking your network down so it doesn’t happen again.
📋 Quick Answer : How to Detect Unauthorised WiFi Devices
Fastest method: Log into your router’s admin panel (usually
192.168.1.1or192.168.0.1) → find Connected Devices, DHCP Client List, or Attached Devices → compare the list against every device you own.Best free app: Fing (iOS/Android) , scans your network in seconds and identifies every connected device with manufacturer information.
Most thorough (catches all devices): Wireless Network Watcher (Windows) or Nmap , ARP-based scanners that detect every device regardless of how it obtained its IP address, including devices using static IPs that might not appear in the DHCP list.
Why Unauthorised Devices on Your WiFi Are a Real Problem
Finding an unknown device on your network isn’t just about someone watching Netflix at your expense. The actual security risks are meaningful:
- Bandwidth theft; obvious and annoying, but the least serious concern
- Traffic interception; on an unsegmented network, a sophisticated attacker can perform man-in-the-middle attacks against your other devices
- Access to shared resources; shared folders, printers, and NAS drives are accessible to any device on your main network
- Legal liability; if someone uses your IP address for illegal downloads or other activity, it traces back to your connection
- Malware spread; a compromised device on your network can scan and attack your other devices.
According to a 2025 Norton Cyber Safety Insights Report, 31% of UK households had at least one unauthorised device connected to their home WiFi at some point during the year. The number is comparable in the US, Canada, and Australia. This isn’t rare.
Signs Someone May Be Using Your WiFi Without Permission
Before diving into detection methods, these are the signals that something might be wrong:
| Warning Sign | What It Could Mean |
|---|---|
| Internet noticeably slower than usual | Unauthorised device consuming bandwidth |
| Router activity lights blinking when you’re not using anything | Background device activity on the network |
| Devices on your network disconnecting unexpectedly | IP address conflicts from unexpected devices |
| Unusually high data usage from your ISP | Ongoing data consumption by unknown devices |
| Unknown device names in a router app notification | New device has joined the network |
| Router feels warm / more active than usual | Higher-than-normal traffic volume |
Any of these is worth investigating; the detection methods below take just a few minutes and give you a definitive answer.
Related: Latest Router Security Features to Protect Your Online Privacy
Method 1: Check Your Router’s Admin Panel (Easiest)
This is where everyone should start. Your router maintains a live list of every device currently connected to your network, no app required.
Step 1: Find Your Router’s IP Address
Windows:
- Press Windows + R, type
cmd, press Enter - Type
ipconfigand press Enter - Look for Default Gateway under your active connection; that’s your router’s IP
macOS:
- Apple menu → System Settings → Network
- Click your WiFi connection → Details
- Look for Router; that’s the IP
iPhone/iPad: Settings → WiFi → tap (i) next to your network → look for Router
Android: Settings → WiFi → tap your network → look for Gateway
The most common addresses are 192.168.1.1 and 192.168.0.1. You can also check the sticker on the underside of your router.
Step 2: Log Into the Admin Panel
Type the IP address directly into your browser’s address bar (not the search bar) and press Enter. You’ll see a login prompt.
If you’ve never changed the credentials, they’re usually printed on the router’s label. Common defaults:
- TP-Link:
admin/admin - ASUS:
admin/admin - Netgear:
admin/password - Linksys: (no username) /
admin
Step 3: Find the Connected Device List
Navigate to the section showing connected devices. The label varies by brand:
| Router Brand | Where to Find Connected Devices |
|---|---|
| TP-Link | Advanced > Network > DHCP Server > DHCP Client List |
| ASUS | Network Map > Clients (or the main dashboard) |
| Netgear | Attached Devices (or Advanced > Administration) |
| Eero | Eero app → Devices tab |
| Google Nest | Google Home app → WiFi → Devices |
| D-Link | Status > Wireless Clients |
| Linksys | Status > Local Network > DHCP Client Table |
Step 4: Review and Identify Every Device
You’ll see a list showing each device’s hostname (name), IP address, and MAC address. Cross-reference this against every device you own:
- Smartphones (each family member’s)
- Laptops and desktop computers
- Tablets
- Smart TV and streaming sticks
- Gaming consoles (PS5, Xbox, Nintendo Switch)
- Smart home devices (Alexa, Google Home, thermostats, cameras)
- Printers
- Network-attached storage (NAS)
⚠️ Important limitation: Your router’s DHCP client list only shows devices that obtained an IP address automatically. A technically skilled intruder using a manually assigned static IP could avoid appearing in this list. For a more thorough scan that catches all devices regardless of IP assignment method, use Method 3 or 4 below.
Related: How to Monitor Network Traffic on Your Home Router
Method 2: Use the Fing App (Easiest Mobile Method)
Fing is the most popular free network scanner for home users and is consistently the top recommendation across security professionals and home networking guides.
What Fing Does
- Scans your entire WiFi network in seconds
- Identifies every connected device with its name, manufacturer, IP address, and MAC address.
- Shows device type (phone, laptop, TV, router, IoT device)
- Alerts you when new devices join your network
- Maintains a history of all devices that have ever appeared on your network
How to Use Fing
- Download Fing free from the App Store (iOS) or Google Play (Android)
- Make sure your phone is connected to the WiFi network you want to scan
- Open Fing and tap Scan Network or Devices
- Fing automatically scans and lists all connected devices within about 30 seconds.
- Tap any device to see full details, including the manufacturer
- Star or name the devices you recognise; any unnamed device warrants investigation
Fing tip: Fing identifies device manufacturers from MAC address prefixes , you’ll often see “Samsung Electronics,” “Apple,” “Amazon Technologies,” etc., which helps you immediately classify most devices even when the hostname is unhelpful.
For continuous, always-on monitoring without leaving your phone connected, Fingbox is a dedicated hardware device that plugs into your router and sends real-time alerts when new devices join your network. It works with any router.
Method 3: Wireless Network Watcher (Windows, Catches Hidden Devices)
Wireless Network Watcher by NirSoft is a free Windows utility that uses ARP (Address Resolution Protocol) scanning rather than DHCP queries. This is important because it detects every device communicating on the network, including those with statically assigned IP addresses that don’t appear in the DHCP list.
How to Use Wireless Network Watcher
- Download Wireless Network Watcher free from nirsoft.net; no installation required, just run the executable.
- Ensure your Windows PC is connected to the WiFi network you want to scan
- Launch the program; it automatically starts scanning
- Within 30–60 seconds, it shows every device on the network with: IP address, MAC address, device name, manufacturer, and active/inactive status
- Look for any device you don’t recognise
You can also enable background scanning in options; Wireless Network Watcher will run quietly and alert you via a sound or popup when a new device appears on the network.
Method 4: Nmap, The Most Thorough Free Scanner (Advanced)
Nmap (Network Mapper) is the industry-standard network discovery tool used by security professionals worldwide. It’s free, highly capable, and available for Windows, Mac, and Linux.
For home use, Nmap with a basic command gives you a comprehensive view of all devices on your network:
Basic Nmap Network Scan
- Download Nmap from nmap.org (includes a GUI called Zenmap for Windows users who prefer not to use the command line)
- Open Command Prompt (Windows) or Terminal (Mac/Linux)
- Find your network’s IP range: run
ipconfig(Windows) orifconfig(Mac) and note your IP address (e.g.,192.168.1.45) and subnet mask - Run this command, replacing the range with your actual network:
nmap -sn 192.168.1.0/24
This performs a “ping sweep”; it sends packets to every possible IP in the range and reports which ones respond. The /24 covers addresses 192.168.1.1 through 192.168.1.254.
- The output shows every responding device with its IP address and MAC address.
For more detail, including device type and open services:
nmap -O 192.168.1.0/24
Nmap advantage over DHCP methods: Because Nmap uses ARP at the network layer, it detects devices that have bypassed the DHCP server entirely by using static IPs , the most effective evasion technique used by sophisticated intruders.
Method 5: Advanced IP Scanner (Windows, User-Friendly Alternative)
Advanced IP Scanner is a free Windows tool with a graphical interface that’s more approachable than Nmap for non-technical users, while still providing ARP-based scanning that goes beyond DHCP lists.
- Download free from advanced-ip-scanner.com
- Install and launch
- The program auto-detects your network range; click Scan
- Within about a minute, you’ll see every device with IP, MAC address, manufacturer, and hostname
- You can also directly access shared folders on Windows PCs in the list and remotely connect to devices, useful for legitimate network management
How to Identify an Unknown Device: The Step-by-Step Process
Finding an unfamiliar device on your network is common; most households have more connected devices than people realise (smart plugs, printers, old tablets, a neighbour’s phone that auto-connected years ago). Before assuming the worst, follow these identification steps:
Step 1: Check the MAC Address Manufacturer
The first 6 characters of any MAC address identify the manufacturer. Use a free lookup tool:
Type in the MAC address; you’ll immediately see the manufacturer (e.g., “Apple Inc.”, “Samsung Electronics”, “Amazon Technologies”, “Espressif Inc.” for ESP32-based smart home devices).
This alone often identifies the device type. A MAC prefix belonging to Apple is almost certainly an iPhone, iPad, or Mac. One belonging to Amazon is likely an Echo or Fire device.
Step 2: Note the Device Hostname
The hostname (the device’s self-reported name) often reveals the device type:
iPhone,iPad,MacBook-Pro→ Apple devicesDESKTOP-XXXXX,LAPTOP-XXXXX→ Windows computersAndroid-XXXX→ Android phone or tabletEcho-XXXX,Amazon-XXXX→ Amazon Alexa deviceESP32-XXXX,ESP8266-XXXX→ DIY smart home or IoT devicePHILIPS-HUE-BRIDGE→ Philips Hue lighting hub(blank)orUnknown→ Device not broadcasting a hostname
Step 3: Temporarily Block the Device and See What Stops Working
If you still can’t identify it:
- Note the unknown device’s MAC address
- Block it temporarily using your router’s MAC filtering or device blocking feature
- Wait a minute and check which of your household devices has lost connectivity
- The device that lost connection is the unknown device; now you can identify it by which device it is
If nothing in your household loses connectivity after blocking, the device is genuinely not yours.
Step 4: Disconnect All Your Devices and Rescan
Another approach: turn off WiFi on every device you own, one by one, and rescan after each. Each device that disappears from the list when you disconnect it is yours. Whatever remains after disconnecting everything you own is unauthorised.
What to Do When You Find an Unauthorised Device
Immediate Steps
1. Change your WiFi password immediately. Changing the password disconnects all currently connected devices, authorised and unauthorised alike. Reconnect your own devices with the new password. The unauthorised user will be locked out.
This is the fastest, most effective first response. Do this before anything else.
2. Block the device’s MAC address. Even after changing the password, proactively blocking the device prevents it from reconnecting if they somehow obtain the new password:
- Note the device’s MAC address from your router’s device list
- Log into your router’s admin panel
- Go to MAC Filtering, Access Control, or Wireless MAC Filter (varies by brand)
- Add the MAC address to the block list
- Save; the device is now permanently refused connection
Related: How to Block Specific Devices from Accessing Your Router
3. Reboot your router. A reboot clears active connections and forces all devices to re-authenticate with the new password.
Follow-Up Security Steps
4. Change your router admin password. If someone has been on your network for a while, they may have accessed your router’s admin panel with default credentials. Change the admin username and password immediately:
- Log in to the admin panel
- Go to Administration or System Settings
- Change both the admin username and password to something strong and unique
5. Enable WPA3 or WPA2-AES encryption. If your router is set to an older encryption standard (WEP, TKIP, or WPA1), upgrade it now. WPA3 is the current standard; WPA2 with AES is the minimum acceptable. Find this in your Wireless Security settings.
Related: Understanding WPA3 Encryption: Why Your Router Needs WPA3
6. Disable WPS (WiFi Protected Setup). WPS is a convenience feature that lets devices connect by pressing a button or entering an 8-digit PIN. The PIN-based WPS method has a known vulnerability that allows brute-force attacks. Disable it:
- Router admin panel → Wireless Settings → WPS
- Toggle it off and save
7. Update your router’s firmware. Check for and install any available firmware updates; find this in your router’s Administration or Advanced settings. Firmware updates frequently patch security vulnerabilities.
8. Consider setting up network segmentation. If you’ve had repeated unauthorised access concerns, or if you have IoT devices (see how to secure IoT devices) that could serve as entry points, moving those devices to a guest network provides an additional layer of protection.
Related: Is Guest WiFi Safe? How to Create a Secure Guest Network
How to Prevent Unauthorised Access Going Forward
Detection is reactive. These preventive measures stop unauthorised devices from connecting in the first place:
Use a Strong, Unique WiFi Password
The most fundamental protection. Your WiFi password should be:
- At least 12 characters (16+ is better)
- A mix of upper and lower-case letters, numbers, and symbols
- Not a dictionary word, name, or predictable pattern (address, birthdate, etc.)
- Not shared with people who no longer need access
A strong password makes brute-force attacks impractical. With WPA3, even dictionary attacks become computationally infeasible.
Set Up a Guest Network for Visitors
Instead of giving visitors your main WiFi password, which lets them share it further, use it when they visit, and connects them to the same network as your personal devices, create a separate guest network:
- Guests get internet access but can’t reach your main devices
- You can change the guest password freely without disrupting your main network
- When a guest’s visit is over, you can disable or rotate the guest password
Related: How to Set Up Parental Controls on Your Router
Enable New Device Notifications
Many modern router apps let you receive a push notification whenever a new device joins the network:
- TP-Link Tether: Notifications in app settings
- ASUS Router app: Notification settings
- Eero app: Settings → Notifications → New Device Joined
- Google Home app: Notifications for new device connections
- Fing app: Set up network monitoring alerts (free tier)
This gives you real-time awareness without needing to manually check regularly.
Check Your Connected Device List Monthly
Even with notifications enabled, a brief monthly review of your connected device list takes two minutes and catches anything that may have slipped through. This is particularly valuable if you have many smart home devices that can make the list hard to read at a glance.
Keep an Inventory of Your Devices’ MAC Addresses
Create a simple list (a note on your phone is fine) of every device you own and its MAC address. When you check your router’s device list, any MAC address not on your inventory is immediately identifiable as unknown.
Find MAC addresses:
- iPhone/iPad: Settings → General → About → WiFi Address
- Android: Settings → About Phone → Status → WiFi MAC Address
- Windows: Command Prompt →
ipconfig /all→ Physical Address (under your WiFi adapter) - Mac: System Settings → Network → WiFi → Details → Hardware Address
- Gaming consoles: Settings → Network (usually in the device information section)
WiFi Network Security Checklist
Use this monthly to stay ahead of any unauthorised access:
Detection:
- Logged into router admin panel and reviewed connected device list
- Cross-referenced all devices against my known device inventory
- Investigated any unfamiliar MAC addresses or device names
- Run Fing scan to catch any devices not in the DHCP list
Prevention:
- WiFi password is at least 12 characters and hasn’t been shared unnecessarily.
- Router admin password has been changed from the default
- WPA3 or WPA2-AES encryption is enabled
- WPS is disabled
- Router firmware is up to date
- Guest network is set up for visitors (separate from main network)
- New device notifications are enabled in the router app
Common Mistakes When Checking for Unauthorised Devices
| Mistake | What to Do Instead |
|---|---|
| Only checking the DHCP list and missing static-IP devices | Use Fing, Wireless Network Watcher, or Nmap for ARP-based scanning |
| Panicking about every unfamiliar device name | Check the MAC manufacturer first; most “unknowns” are your own devices |
| Blocking your own device by mistake | Always cross-reference before blocking; temporarily disconnect devices to identify them |
| Changing WiFi password but not the router admin password | Both need to be changed after a security incident |
| Relying on MAC filtering as your only security | MAC addresses can be spoofed; it’s one layer, not a complete solution |
| Never checking after initial setup | Set a monthly calendar reminder for a 2-minute device list review |
| Sharing your main WiFi password with guests | Set up a guest network; share that password instead |
Related: Can Routers Track Internet History? What WiFi Owners Can See
Myth vs. Fact: Unauthorised WiFi Devices
Myth: If my WiFi has a password, nobody can access it. Fact: A password is essential but not foolproof. Weak passwords can be cracked. WPS vulnerabilities can be exploited. A neighbour may have been given your password in the past. Someone in range may have used a deauthentication attack to capture and crack your WPA2 handshake. Regular checks remain important even with a password.
Myth: All connected devices will appear in my router’s device list. Fact: The DHCP client list only shows devices that requested an IP automatically. A device using a manually configured static IP won’t appear there. ARP-based scanners (Fing, Wireless Network Watcher, Nmap) detect every communicating device regardless of IP assignment method.
Myth: MAC address filtering is enough to secure my network. Fact: MAC addresses can be spoofed; an attacker who intercepts your network traffic can see an approved MAC address and change their device’s MAC to match it. MAC filtering adds a layer of difficulty but is not a reliable primary defence.
Myth: Changing my WiFi password will permanently remove unauthorised users. Fact: Changing the password removes current access. If the root cause isn’t addressed- weak password, shared password with too many people, WPS enabled – a motivated intruder may find their way back. Combine a password change with a full security review.
Myth: My router would notify me if something unusual was happening. Fact: Most consumer routers do not have built-in intruder detection or automatic alerts. Active monitoring, either through the router app with notifications enabled, or a tool like Fing, is required to catch new devices proactively.
Related: WiFi Security for Beginners: How to Secure Your Home WiFi Network
Conclusion
Detecting unauthorised devices on your WiFi network takes minutes and requires no special technical knowledge. Start with your router’s admin panel or the Fing app; either gives you a clear picture of every connected device in under two minutes.
For a more thorough scan that catches devices using static IPs, Wireless Network Watcher or Nmap are free tools that close that gap.
If you find something unexpected, changing your WiFi password is the fastest, most effective first response. Follow that with blocking the specific device’s MAC address, updating your router admin credentials, disabling WPS, and confirming your encryption is set to WPA3 or WPA2-AES.
Long-term, the combination of a strong WiFi password, a guest network for visitors, and monthly device list check-ins puts you in a position where unauthorised access is both difficult and quickly detected.
Frequently Asked Questions
How do I know if someone is using my WiFi without permission?
Log in to your router’s admin panel and check the connected devices list. If you see devices you don’t recognise, by name or by MAC address, they may be unauthorised. Slower-than-usual internet speeds, router activity lights blinking when you’re not using anything, and unusually high data usage are also warning signs.
What is the easiest way to see who is connected to my WiFi?
The Fing app (free, iOS and Android) is the easiest option; it scans your network in seconds and shows every connected device with its manufacturer name, making identification fast. Alternatively, log into your router’s admin panel and find the DHCP client list or attached devices section.
Can someone use my WiFi without appearing on the device list?
Yes; a device using a static IP address (manually configured rather than assigned by your router’s DHCP server) may not appear in the DHCP client list. Use ARP-based scanners like Wireless Network Watcher, Nmap, or Fing to detect all devices regardless of IP assignment method.
What should I do immediately if I find an unauthorised device?
First, change your WiFi password right away; this disconnects all devices, including the unauthorised one. Then block the device’s MAC address in your router’s settings. Reboot the router. Change the router admin password if you haven’t already. Check the router firmware and update if needed. Re-enable WPA3 or WPA2-AES encryption if it wasn’t already set.
Does changing my WiFi password disconnect the unauthorised device?
Yes, immediately. All devices are disconnected when the password changes and must reconnect with the new credentials. The unauthorised user won’t have the new password and cannot reconnect, unless they find another way in (e.g., a WPS vulnerability), which is why disabling WPS as part of your response is important.
How do I identify an unknown device by its MAC address?
Copy the first 6 characters of the MAC address (the OUI portion) and look it up at macvendors.com or maclookup.app. This tells you the manufacturer, “Apple Inc.”, “Samsung Electronics”, “Amazon Technologies”, etc., which usually tells you the device type. Cross-reference with your own devices’ MAC addresses to confirm whether it’s yours.
What is WPS and why should I disable it?
WPS (WiFi Protected Setup) is a feature that lets devices connect to your network by pressing a button on the router or entering an 8-digit PIN. The PIN-based WPS method has a documented vulnerability that allows brute-force attacks that can crack a network in hours. Disable WPS in your router’s Wireless Settings; it provides convenience at the cost of meaningful security.
Can I monitor my network for new devices automatically?
Yes. Most modern router apps (TP-Link Tether, ASUS Router app, Eero, Google Home) can send push notifications when a new device joins. The free tier of the Fing app also monitors your network and alerts you to new connections. Fingbox provides always-on hardware monitoring with real-time alerts.
How often should I check for unauthorised devices on my network?
Check your connected device list monthly at minimum; it takes about two minutes. If you notice any of the warning signs (slow speeds, unexplained data usage, router lights active when idle), check immediately. Set up new-device notifications in your router app so you’re alerted proactively rather than reactively.
Is MAC address filtering a reliable way to prevent unauthorised access?
It adds a layer of protection but isn’t reliable on its own. MAC addresses can be spoofed; an attacker who observes an approved device’s MAC on your network can change their device’s MAC to match it. Combine MAC filtering with a strong password and WPA3/WPA2-AES encryption for meaningful security.
My neighbour had my WiFi password; how do I revoke access without affecting my other devices?
Change your WiFi password. Every device on the network, yours and your neighbour’s, will be disconnected and must reconnect with the new password. Reconnect your own devices with the new credentials. Set up a guest network for any future visitors so you can manage their access separately without affecting your main network.
Can someone access my files if they’re connected to my WiFi?
On a standard home network without network segmentation, yes, another device on the same network can potentially access shared folders, network drives, and printers. This is why network segmentation (putting untrusted devices on a guest network) matters for security, not just bandwidth management.
What’s the difference between a device’s IP address and MAC address for this purpose?
An IP address is temporary; it can change and be reassigned. A MAC address is a hardware identifier that is fixed to the device’s network adapter. For identifying and blocking specific devices, always use the MAC address; blocking by IP is ineffective because the IP can change after a router restart.
Will setting up a guest network prevent unauthorised users from accessing my devices?
Yes. A properly configured guest network with local network access disabled keeps guest devices isolated from your main network devices. Even if someone gets onto your guest network, they can’t reach your computers, NAS drives, or other personal devices.
Found this guide useful? Share it with someone who’s been wondering about their network. Follow us on Facebook and Twitter, and subscribe to our free newsletter for more home networking and security guides.
We also ask that you bookmark this page for future reference, as we are constantly updating our articles with new information.
Disclosure: Some links in this article are affiliate links. If you purchase through them, we may earn a small commission at no additional cost to you.







