/ ANNOUNCEMENT — FEB 26, 2026

We’re shipping rogue device detection.

Every serious attack starts the same way: with a device on your network that shouldn’t be there. Now you see it the moment it joins.

Our third detector is the one that watches the network itself: rogue device detection. It surfaces every device on your subnet, names it by manufacturer, and flags any MAC address it has never seen before the instant it appears — on Windows, free.

You can’t defend against a device you can’t see. Most people have no idea what’s on their network.
KNOWN BASELINE
Gateway · Netgear
a0:04:60:1c:…
KNOWN
iPhone · Apple
f0:18:98:7b:…
KNOWN
Smart TV · Samsung
8c:79:f5:22:…
KNOWN
unknown · unrecognized OUI
9c:8e:cd:41:…
NEW
DEVICE ROSTERa MAC the baseline has never seen is surfaced as new
/ WHY IT MATTERS

The foothold most attacks start from

A rogue device is any device on your network you didn’t put there — a neighbor who guessed your password, a compromised IoT gadget, or an attacker who’s gained a foothold on your LAN. Once something hostile is on the network, it can map every other device, hunt for weak spots, and position itself to run ARP spoofing or pivot deeper.

Gateway
Laptop
Phone
TV
ROGUE
ONE FOOTHOLD, WHOLE MAPa hostile device quietly maps the network and reads what flows past
/ WHAT SHIPPED

A concurrent sweep of your whole subnet

Your router’s admin page shows an incomplete, stale list, and a device that stays quiet can sit unnoticed for a long time. So instead of reading a cache, the detector ping-sweeps your entire subnet concurrently — dozens of pings at once, a full sweep in seconds — to force every device to reveal itself, even ones your PC has never talked to. It keeps a map of every IP-to-MAC pairing and a set of known devices, and flags any MAC it hasn’t seen before.

.1
.2
.3
.4
.5
.6
.7
.8
.9
.10
.11
.12
.13
.14
.15
.16
.17
.18
.19
.20
.21
.22
.23
.24
pinging 254 hosts concurrently…
SUBNET SWEEPevery host pinged at once — one MAC answers that shouldn't

On the very first run it quietly seeds the baseline, so it doesn’t flood you by labeling every existing device as new.

/ INFORMATIONAL BY DESIGN

You decide what belongs — until it attacks

A new device isn’t automatically an alarm — a friend’s phone is usually harmless. So a rogue device is surfaced with its IP, manufacturer, and first-seen time, and you make the call. But if that device starts behaving like an attacker — poisoning ARP, impersonating the gateway — the detection escalates to critical, and Active Defense is one tap away.

a4:83:e7:2c:1f:90Espressif Inc. · 192.168.0.57 · first seen 14:22
INFO
new MAC on the subnet — you decide whether it belongs
ESCALATIONa new device is informational — until it acts like an attacker, and the same detection turns critical
/ THE PRICE

Detection is free

Rogue device detection ships in the free version and always will. Seeing what’s on your network — and being told the moment something new appears — is exactly the kind of visibility that shouldn’t be paywalled.

FREE FOREVERReal-time rogue-device detection is free, for Windows.

Read more: how we detect rogue devices · what are rogue devices? · is someone on my WiFi?

Find every device on your network.
Starting with the ones you didn’t invite.