/ GUIDE — WIFI SECURITY

How to tell if someone is on your WiFi (Windows)

Three ways to see every device on your network in minutes — and how to tell a harmless freeloader apart from an attacker.

The fastest way to see who’s on your WiFi on Windows is to open your router’s admin page (run ipconfig, then visit your Default Gateway address) and read its list of connected devices — anything you don’t recognize is a guest you didn’t invite. But that’s only half the question. A freeloader stealing bandwidth is the harmless version of an unknown device. The dangerous version is a device that’s on your network to attack you — and a plain device list can’t tell the two apart.

An unknown device on your network is, at worst, a foothold — and you can’t defend against an attacker you can’t see.
/ THE QUICK ANSWER

3 ways to check who’s on your WiFi

  1. Check your router’s device list

    Press Win + R, type cmd, and run ipconfig. The Default Gateway (usually 192.168.0.1 or 192.168.1.1) is your router’s address. Open it in a browser, sign in, and find the page labeled Attached Devices, Connected Devices, or DHCP Clients. Every phone, laptop, TV, and smart plug you own should be accounted for. Anything left over is a guest you didn’t invite.

  2. Cross-check from Windows itself

    In Command Prompt, run arp -a to list the devices your PC has recently talked to on the local network, then ping your subnet or use a free network scanner to surface the rest. This catches devices a basic router page can miss — but it’s a manual snapshot, not a live watch, and it won’t tell you whether a device is dangerous.

  3. Let software watch continuously

    A device list is a single moment in time; an attacker isn’t. WifiThreatWatch runs a continuous sweep that surfaces every device on your network and flags any MAC address it has never seen before the moment it joins — and, unlike a router page, it also tells you whether that device is actually attacking you. Real-time detection is free.

DEVICESTATUS
My laptop
192.168.0.14
· · ·
iPhone
192.168.0.22
· · ·
Living-room TV
192.168.0.31
· · ·
Smart plug
192.168.0.40
· · ·
Unknown device
192.168.0.57
· · ·
ATTACHED DEVICESevery device accounted for — except one you didn't invite
/ WARNING SIGNS

Signs someone may be on your network

Before you check the list, a few everyday tells: your connection is suddenly slower than your plan should allow; your router’s activity lights keep blinking when every device you own is asleep; you spot device names in the router page you can’t place; or you get security prompts and password-reset emails you didn’t trigger. None of these prove an intrusion on their own — but together they’re worth two minutes with the steps above.

Connection slower than your plan
Router lights blink while idle
Device names you can’t place
Password-reset emails you didn’t trigger
EVERYDAY TELLSnone prove it alone — together, worth two minutes
/ WHY IT MATTERS

Freeloader vs. attacker

Most unknown devices are mundane — a neighbor who guessed a weak password, an old phone you forgot about. But the same “unknown device” entry can also be the start of a real attack, and that’s the part a device list will never tell you:

  • A rogue device that joined to scan your network and find a way in.
  • An evil twin — a fake access point cloning your network name to lure your devices onto attacker hardware.
  • ARP spoofing that quietly puts an attacker in the middle of your traffic, reading what you send.
UNKNOWN DEVICE · AC:37:…:E1
FREELOADER
Stealing bandwidth. Annoying, not dangerous.
ATTACKER
On your network to read your traffic.
SAME ENTRY, TWO IDENTITIESa device list shows the row — not which one it is

This is the difference between an annoyance and a breach — and it’s why simply seeing devices isn’t enough. You need to know which ones are dangerous.

/ LOCK IT DOWN

What to do if someone’s on your WiFi

Whether it’s a freeloader or worse, the fixes are the same and take a few minutes:

  • Change your WiFi password to a long, unique passphrase, and re-connect your own devices.
  • Switch encryption to WPA3 (or WPA2 if WPA3 isn’t available).
  • Update your router’s firmware, and turn off WPS, which is easy to brute-force.
  • Put guests and smart-home gadgets on a separate guest network.
New passphrase
WPA3 encryption
Firmware + WPS off
Guest network
SECURING…
LOCK IT DOWNa few minutes turns an open door into a closed one

These are the consumer fundamentals echoed by the U.S. FTC and CISA, which both list piggybacking and wardriving among the core risks to home wireless networks.

/ THE TOOL

How WifiThreatWatch makes this automatic

Checking a router page once tells you who’s on right now. WifiThreatWatch watches continuously: it surfaces every device, alerts you the instant a never-before-seen device joins, and — unlike any device list — detects whether that device is actually running an attack (ARP spoofing, evil twin, and more). If it confirms one, the paid response can break the attacker’s targeting and route you through an encrypted tunnel.

FREE FOREVERReal-time device + attack detection is free, for Windows.

New to these attacks? Start with the threats library or the WiFi security FAQ, or see how the active defense works.

See every device — and every attacker.
Download WifiThreatWatch.