How to tell if someone is on your WiFi (Windows)
Three ways to see every device on your network in minutes — and how to tell a harmless freeloader apart from an attacker.
The fastest way to see who’s on your WiFi on Windows is to open your router’s admin page (run ipconfig, then visit your Default Gateway address) and read its list of connected devices — anything you don’t recognize is a guest you didn’t invite. But that’s only half the question. A freeloader stealing bandwidth is the harmless version of an unknown device. The dangerous version is a device that’s on your network to attack you — and a plain device list can’t tell the two apart.
An unknown device on your network is, at worst, a foothold — and you can’t defend against an attacker you can’t see.
3 ways to check who’s on your WiFi
Check your router’s device list
Press Win + R, type
cmd, and runipconfig. The Default Gateway (usually192.168.0.1or192.168.1.1) is your router’s address. Open it in a browser, sign in, and find the page labeled Attached Devices, Connected Devices, or DHCP Clients. Every phone, laptop, TV, and smart plug you own should be accounted for. Anything left over is a guest you didn’t invite.Cross-check from Windows itself
In Command Prompt, run
arp -ato list the devices your PC has recently talked to on the local network, thenpingyour subnet or use a free network scanner to surface the rest. This catches devices a basic router page can miss — but it’s a manual snapshot, not a live watch, and it won’t tell you whether a device is dangerous.Let software watch continuously
A device list is a single moment in time; an attacker isn’t. WifiThreatWatch runs a continuous sweep that surfaces every device on your network and flags any MAC address it has never seen before the moment it joins — and, unlike a router page, it also tells you whether that device is actually attacking you. Real-time detection is free.
Signs someone may be on your network
Before you check the list, a few everyday tells: your connection is suddenly slower than your plan should allow; your router’s activity lights keep blinking when every device you own is asleep; you spot device names in the router page you can’t place; or you get security prompts and password-reset emails you didn’t trigger. None of these prove an intrusion on their own — but together they’re worth two minutes with the steps above.
Freeloader vs. attacker
Most unknown devices are mundane — a neighbor who guessed a weak password, an old phone you forgot about. But the same “unknown device” entry can also be the start of a real attack, and that’s the part a device list will never tell you:
- A rogue device that joined to scan your network and find a way in.
- An evil twin — a fake access point cloning your network name to lure your devices onto attacker hardware.
- ARP spoofing that quietly puts an attacker in the middle of your traffic, reading what you send.
This is the difference between an annoyance and a breach — and it’s why simply seeing devices isn’t enough. You need to know which ones are dangerous.
What to do if someone’s on your WiFi
Whether it’s a freeloader or worse, the fixes are the same and take a few minutes:
- Change your WiFi password to a long, unique passphrase, and re-connect your own devices.
- Switch encryption to WPA3 (or WPA2 if WPA3 isn’t available).
- Update your router’s firmware, and turn off WPS, which is easy to brute-force.
- Put guests and smart-home gadgets on a separate guest network.
These are the consumer fundamentals echoed by the U.S. FTC and CISA, which both list piggybacking and wardriving among the core risks to home wireless networks.
How WifiThreatWatch makes this automatic
Checking a router page once tells you who’s on right now. WifiThreatWatch watches continuously: it surfaces every device, alerts you the instant a never-before-seen device joins, and — unlike any device list — detects whether that device is actually running an attack (ARP spoofing, evil twin, and more). If it confirms one, the paid response can break the attacker’s targeting and route you through an encrypted tunnel.
New to these attacks? Start with the threats library or the WiFi security FAQ, or see how the active defense works.