Your internet is slow. Videos are buffering. Downloads that should take seconds are crawling along at a fraction of the speed you are paying for. You have restarted your router, moved closer to it, and maybe even called your ISP. But nothing helps. Before you blame your internet provider, consider a far more common culprit: someone else is using your WiFi.

It might be a neighbor who guessed your password, a guest device that never disconnected, a forgotten smart plug still phoning home, or in the worst case, someone who cracked your network security and is actively snooping on your traffic. Regardless of the cause, the first step is always the same: find out exactly who and what is connected to your WiFi network.

In this guide, we will walk through three methods to see every device connected to your WiFi on Mac, from the most basic (your router's admin panel) to the most thorough (a dedicated network scanner for Mac). By the end, you will know exactly who is on your network, how to identify every device, and how to kick off anyone who does not belong.

Signs Someone Might Be Stealing Your WiFi

Before diving into the detection methods, it helps to know the warning signs. If two or more of these apply to you, there is a reasonable chance someone unauthorized is on your network.

1. Slower Speeds Than You Are Paying For

This is the most obvious symptom. If your ISP plan promises 200 Mbps but you are consistently getting 40-60 Mbps, and you have ruled out ISP issues and router placement, extra devices consuming bandwidth could be the reason. Every device streaming video, downloading files, or running background updates eats into your total available bandwidth. A single unauthorized device streaming 4K video can consume 25+ Mbps continuously.

2. Unknown Devices in Your Router Admin Panel

If you have ever logged into your router's settings and noticed device names you do not recognize, that is a red flag. Names like "android-abc123def" or "unknown" or a bare MAC address with no hostname could indicate an intruder. However, do not panic immediately. Many legitimate devices like smart plugs, thermostats, and IoT sensors show up with cryptic names.

3. Your Data Cap Is Exceeded Unexpectedly

Some ISPs still enforce data caps, especially in rural areas or on certain plans. If you consistently exceed your data allowance despite normal usage, unauthorized devices downloading large files or streaming content could be pushing you over the limit.

4. WiFi Drops or Interference

An overloaded WiFi network can cause frequent disconnections and instability. Most consumer routers handle 15-30 devices well, but when that number creeps higher with unauthorized devices, performance degrades. You might notice devices dropping offline, slow reconnections, or intermittent connectivity issues.

5. Security Risks You Cannot See

This is the part most people do not think about. An unauthorized device on your network does not just steal bandwidth. It can potentially access shared folders, see network printers, intercept unencrypted traffic, and in a targeted attack, serve as a foothold for deeper intrusion. If your Mac has file sharing enabled, an attacker on the same WiFi network can see those shared folders. This is why detection is not just about speed, it is about security.

Method 1 — Check Your Router's Admin Panel

The simplest way to see connected devices is through your router's built-in admin interface. Every router has one, though the quality and detail vary enormously between manufacturers.

Step 1: Find Your Router's IP Address

On your Mac, open System Settings (or System Preferences on older macOS versions). Navigate to Network, click on your active WiFi connection, and then click Details. Look for the Router field. This is your router's local IP address, and it is what you will type into your browser. Common values include:

You can also find this quickly in Terminal with:

netstat -rn | grep default

The IP address next to "default" on the en0 line is your router.

Step 2: Log In to the Admin Panel

Open Safari or any browser and type your router's IP address into the address bar. You will be prompted for a username and password. If you have never changed these, try the defaults printed on your router's label or check the manufacturer's documentation. Common default combinations are admin/admin, admin/password, or admin with a blank password.

Step 3: Find the Connected Devices List

Every router organizes this differently, but look for sections labeled Connected Devices, Client List, DHCP Client List, Attached Devices, or Network Map. You should see a list showing each connected device's IP address, MAC address, and sometimes a hostname.

Limitations of the Router Method

While checking your router is a solid starting point, it has significant drawbacks:

Method 2 — Use Terminal Commands on Mac

For users comfortable with the command line, macOS includes built-in tools that can reveal devices on your network. This method is more technical but gives you faster results without leaving your Mac. If you want a deeper dive into scanning your local network from Terminal, we have a dedicated guide for that.

The ARP Table: Your Network's Guest Book

ARP stands for Address Resolution Protocol. Every time a device communicates on your local network, your Mac records a mapping between that device's IP address and its hardware MAC address. This mapping is stored in the ARP table, and you can view it at any time.

Open Terminal (press Cmd + Space, type "Terminal", press Enter) and run:

arp -a

You will see output similar to this:

? (192.168.1.1) at a4:91:b1:cc:dd:ee on en0 ifscope [ethernet]
? (192.168.1.12) at 3c:22:fb:aa:bb:cc on en0 ifscope [ethernet]
? (192.168.1.15) at dc:a6:32:11:22:33 on en0 ifscope [ethernet]
? (192.168.1.23) at (incomplete) on en0 ifscope [ethernet]
? (192.168.1.34) at f0:18:98:44:55:66 on en0 ifscope [ethernet]

Each line represents a device your Mac has communicated with recently. The IP address is in parentheses, followed by the MAC address (the at xx:xx:xx:xx:xx:xx part). Entries marked (incomplete) mean the device did not respond to the ARP request — it may be offline or blocking ARP replies.

Find Your Network Interface

To understand which interface is your WiFi connection, run:

networksetup -listallhardwareports

Look for the entry labeled Wi-Fi. The "Device" field (usually en0) is your WiFi interface. Any ARP entries on that interface are devices on your WiFi network.

The Ping Sweep: Force-Discover All Devices

The ARP table only shows devices your Mac has recently communicated with. To find all devices, you can send a ping to every IP address on your subnet. This forces each active device to respond and populate the ARP table. Here is a one-liner that pings all 254 addresses on a typical home network:

for i in $(seq 1 254); do ping -c 1 -W 1 192.168.1.$i &>/dev/null & done; wait; arp -a

Replace 192.168.1 with your actual subnet if it differs. This command sends one ping to each IP address in parallel (the & runs each ping in the background), waits for all pings to complete, and then displays the full ARP table. You should now see significantly more devices than before.

Limitations of the Terminal Method

Method 3 — Use Paranoid (Visual Network Scanner for Mac)

The first two methods work, but they are limited. The router panel gives you a clunky partial list. Terminal gives you raw data you have to interpret yourself. For a complete, accurate picture of every device on your WiFi, you need a dedicated network scanner built for Mac.

Paranoid is a native macOS network scanner designed to find every device on your network and tell you exactly what each one is. No admin privileges required. No command-line knowledge needed. One click, full visibility.

How It Works

Download Paranoid from the official website, launch it, select your WiFi interface from the dropdown, and click Scan. Within seconds, you will see a complete list of every device on your network with:

Why Paranoid Finds MORE Devices Than Other Methods

This is the critical differentiator. A basic ping sweep or router check misses devices all the time. Paranoid uses a multi-protocol discovery engine that combines several techniques to ensure 100% detection:

ARP Prepopulation

Before running any TCP scans, Paranoid sends ARP requests to every IP address on the subnet. This is crucial because many devices — smartphones in sleep mode, IoT sensors, smart plugs, and smart TVs — do not have open TCP ports. A ping sweep may miss them, but ARP operates at a lower network layer and catches everything that has an active network connection. The ARP table is populated first, then used as an immutable snapshot during the scan, ensuring no device is missed due to timing.

Bonjour/mDNS Discovery

Apple devices and many smart home products advertise themselves via Bonjour (Apple's implementation of mDNS/DNS-SD). Paranoid listens for these announcements and captures devices that might not respond to direct probes. This is especially effective for finding AirPlay speakers, Apple TVs, HomePod devices, and AirPrint printers.

NetBIOS and SMB Probing

Windows PCs, NAS devices, and file servers on your network often respond to NetBIOS and SMB queries. Paranoid sends targeted probes to discover these devices and extract their network names, workgroup information, and shared services.

SSDP (UPnP) Discovery

Many devices like smart TVs, media players, gaming consoles, and IoT hubs use SSDP (Simple Service Discovery Protocol) to announce their presence. Paranoid sends SSDP M-SEARCH requests and captures responses, finding devices that may be invisible to other scanning methods.

Vendor Identification: Know What Every Device Is

Seeing a MAC address like DC:A6:32:AA:BB:CC tells you nothing. Paranoid resolves this to "Raspberry Pi Trading Ltd" instantly using a three-tier vendor lookup system: a local IEEE OUI database, an online API for edge cases, and an embedded fallback for offline use. Combined with the Fingerbank API integration, Paranoid can often identify the exact device model, not just the manufacturer. That unknown dc:a6:32 device becomes "Raspberry Pi 4 Model B" within seconds.

🔐
See every device on your WiFi in seconds

Paranoid detects devices that Terminal and your router miss. ARP-based discovery finds even silent IoT devices.

Download Free Trial

How to Identify Unknown Devices on Your Network

So you have run a scan and found 23 devices on your network when you expected maybe 10. Before you panic, let us walk through a systematic process for identifying each unknown device.

Step 1: Check the MAC Vendor

The first three bytes (six hexadecimal characters) of every MAC address identify the manufacturer. This is called the OUI (Organizationally Unique Identifier). For example:

MAC Prefix Vendor Likely Device
AA:BB:CC (Apple ranges) Apple, Inc. iPhone, iPad, Mac, Apple TV, HomePod
DC:A6:32 Raspberry Pi Raspberry Pi SBC, Pi-based projects
B0:BE:76 TP-Link Smart plug, camera, router
44:07:0B Google Chromecast, Nest, Pixel phone
F0:18:98 Amazon Echo, Fire TV, Ring doorbell
28:6C:07 Xiaomi Mi smart home device, phone, camera

Paranoid does this lookup automatically for every device. If you are using Terminal, you can manually search MAC prefixes on sites like macvendors.com, but that gets tedious with more than a few devices.

Step 2: Cross-Reference with Known Devices

Make a mental (or physical) inventory of devices you own that connect to WiFi. Most people underestimate how many devices they have. A typical household might include:

It is not unusual for a modern household to have 20-30 WiFi devices. Count carefully before assuming something is an intruder.

Step 3: Look at Open Ports for Clues

If a device's vendor is unknown, its open ports can reveal what it is. This is where a port scanner becomes invaluable:

Step 4: Use the Hostname

Many devices broadcast a hostname on the network. In Paranoid, this is automatically resolved via reverse DNS, NetBIOS, and Bonjour lookups. Names like "Johns-iPhone", "DESKTOP-A1B2C3", "Samsung-TV-Living-Room", or "HP-LaserJet-Pro" make identification trivial. Devices without hostnames are the ones that deserve closer inspection.

Step 5: Fingerbank Device Identification

Paranoid integrates with the Fingerbank API, which combines multiple network signals (MAC vendor, DHCP fingerprint, hostname patterns, open ports) to identify the exact device model. Rather than just seeing "Samsung Electronics", you might see "Samsung Galaxy S24 Ultra" or "Samsung Smart TV QN85B". This level of detail makes it much faster to match unknown devices to items you actually own.

How to Block WiFi Intruders

You have identified a device on your network that definitely does not belong to you. Here is how to remove it and prevent it from returning, ordered from most important to optional.

1. Change Your WiFi Password Immediately

This is the single most effective action. When you change your WiFi password, every device is disconnected and must re-authenticate with the new password. The intruder is immediately locked out (unless they can crack the new password). Log into your router's admin panel, navigate to the wireless security settings, and set a new, strong password. Use at least 16 characters mixing uppercase, lowercase, numbers, and symbols. Then reconnect all your legitimate devices with the new password.

2. Enable WPA3 (or WPA2-AES Minimum)

Check your router's wireless security mode. You should be using:

3. Use MAC Address Filtering on Your Router

Most routers support MAC address filtering, which creates an allow-list of hardware addresses permitted to connect. Navigate to your router's wireless settings and look for "MAC Filtering", "Access Control", or "Wireless MAC Filter". Add the MAC addresses of all your legitimate devices (which you identified in the previous section) and enable the filter in allow-list mode.

Note that MAC filtering is not bulletproof. A determined attacker can spoof their MAC address to match one of your approved devices. However, it raises the bar significantly and stops casual WiFi theft.

4. Disable WPS (WiFi Protected Setup)

WPS is that button on your router that lets you connect devices without typing a password. It is convenient but deeply insecure. The WPS PIN method is vulnerable to brute-force attacks that can crack the PIN within hours. Disable WPS entirely in your router settings. The minor convenience is not worth the security risk.

5. Set Up a Guest Network

If you regularly have visitors who need WiFi access, create a separate guest network. This isolates guest devices from your main network, preventing them from seeing your computers, NAS, printers, and shared files. Set a different (simpler) password for the guest network and change it periodically. Most modern routers support guest networks natively.

6. Consider Hiding Your SSID

You can configure your router to not broadcast its network name (SSID). This means your network will not appear in the WiFi list on nearby devices. To connect, someone would need to know the exact network name and type it manually.

However, be aware that hiding your SSID provides limited actual security. Hidden networks are still easily discoverable with free tools like Wireshark or any WiFi analyzer. In fact, hidden SSIDs can make your setup slightly less secure because your devices broadcast probe requests looking for the hidden network, which can leak the network name. Use SSID hiding as an extra layer if you want, but do not rely on it as a primary defense.

Set Up Continuous WiFi Monitoring

Running a one-time scan tells you who is on your network right now. But what about the device that connects at 2 AM, transfers data for an hour, and disconnects before you wake up? Or the neighbor who uses your WiFi only when you are at work? One-time scans are not enough. You need continuous monitoring.

Why Continuous Monitoring Matters

Networks are dynamic. Devices join and leave throughout the day. Smart devices reconnect after firmware updates. Guests come and go. And if someone has your WiFi password, they can connect and disconnect at will. Without monitoring, you will never catch intermittent unauthorized access.

Paranoid's Network Monitor

Paranoid includes a built-in network monitoring system that runs background scans at configurable intervals. When a new device appears on your network, you get an alert. When a device disappears, that is logged too. Here is how to set it up:

  1. Run an initial full scan to discover all devices currently on your network
  2. Open the monitoring panel in the sidebar under "Network Monitor"
  3. Enable continuous monitoring and set your preferred scan interval (every 5, 10, or 30 minutes depending on how aggressively you want to watch)
  4. Save a network profile as your baseline. This snapshot records every device that should be on your network

From this point forward, Paranoid will quietly scan in the background. When it detects a device that is not in your saved profile, you receive an alert with the new device's IP, MAC address, vendor, and device type. You can immediately investigate whether it is legitimate (a new smart device you just set up) or suspicious (an unknown Android phone that appeared at midnight).

Anomaly Detection

Beyond simple new-device alerts, Paranoid includes anomaly detection that looks for unusual patterns. This includes devices that change MAC addresses (a potential sign of MAC spoofing), devices that appear only during specific time windows, and devices that show unexpected service changes (such as a printer suddenly exposing SSH or a new open port appearing). The anomaly detection engine compares current scans against your saved network profile and flags anything that deviates from the established baseline.

Network Profiles: Your Network's Fingerprint

A network profile is a complete snapshot of your network at a specific point in time: every device, every MAC address, every vendor, every open port. By saving a profile when your network is in a known-good state, you create a reference point. Paranoid's diff engine can then compare any future scan against this baseline and tell you exactly what changed: devices added, devices removed, and devices whose properties changed. Think of it as version control for your network. For a step-by-step guide on building a full network security audit, check our dedicated tutorial.

Advanced Tips — WiFi Security Beyond Device Detection

Knowing who is on your WiFi is the foundation. But if you want serious network security, there are additional threats to watch for.

Check for Rogue Access Points (Evil Twin Attacks)

An evil twin attack involves an attacker setting up a WiFi access point with the same name as your network (or a similar name). Unsuspecting devices, and sometimes even your own devices, may connect to the malicious access point instead of your real one. Once connected, all your traffic passes through the attacker's hardware, allowing them to intercept passwords, session tokens, and sensitive data.

How to detect this: If your scan reveals two devices that appear to be routers or access points with very similar names, investigate immediately. Paranoid's device type classification can help identify access points, and if a device is classified as a router but it is not your router, that is a significant red flag.

Paranoid's WiFi Guard: MITM and ARP Spoofing Detection

Paranoid includes a dedicated WiFi Guard module designed to detect man-in-the-middle (MITM) attacks in real time. One of the most common MITM techniques on local networks is ARP spoofing, where an attacker sends forged ARP messages to associate their MAC address with the router's IP address. This causes all your traffic to route through the attacker's device first.

WiFi Guard continuously monitors the ARP table for anomalies: duplicate IP-to-MAC mappings, rapid MAC address changes for the gateway, and other indicators of ARP cache poisoning. When detected, you receive an immediate alert with details about the suspicious activity.

Monitor for Deauthentication Attacks

Deauthentication attacks are a common precursor to more serious WiFi attacks. An attacker sends forged deauthentication frames to disconnect your devices from your WiFi. This can be used to force devices to reconnect (potentially to an evil twin) or simply as a denial-of-service. If your devices are frequently and unexpectedly disconnecting from WiFi, especially in a pattern, this could indicate a deauth attack. While detecting deauth frames requires monitor mode (not available in standard macOS tools), the symptom of repeated disconnections is something to watch for.

Keep Your Router Firmware Updated

Router manufacturers regularly release firmware updates that patch security vulnerabilities. An unpatched router is one of the biggest security risks on any home network. Check your router's admin panel for firmware update options and enable automatic updates if available. Many routers from 2020 and later support automatic firmware updates. If your router is more than five years old and no longer receives updates from the manufacturer, consider replacing it. An end-of-life router with known unpatched vulnerabilities is a liability regardless of how strong your WiFi password is.

Use a VPN on Public Networks

While this guide focuses on securing your home WiFi, it is worth mentioning that you should never trust public WiFi networks at coffee shops, airports, hotels, or coworking spaces. These networks are shared with strangers, and MITM attacks are trivial to execute. Always use a VPN when connected to any network you do not control. A VPN encrypts all your traffic end-to-end, making it unreadable even if someone is intercepting packets on the local network.

Frequently Asked Questions

Can someone use my WiFi without me knowing?

Yes, absolutely. If someone has your WiFi password, whether they guessed it, obtained it from a previous guest, or cracked it using brute-force tools, they can connect to your network without triggering any obvious alert. Most routers do not notify you when a new device connects. The device will simply appear in the DHCP client list (if you check) and start using your bandwidth. This is why active scanning and monitoring is essential. Without deliberately checking, you could have unauthorized devices on your network for months or even years without knowing.

Is it illegal to scan my own network?

No. Scanning your own network, the network you own and administer, is completely legal in every jurisdiction. You have the right (and arguably the responsibility) to know what devices are connected to your network. Network scanning tools like Paranoid, Nmap, and ARP utilities are standard tools used by network administrators, IT professionals, and security-conscious home users worldwide. The legality changes if you scan networks you do not own or have authorization to scan, so always make sure you are scanning your own network or have explicit permission.

Can I see what websites someone is visiting on my WiFi?

Not with a network scanner. A scanner like Paranoid shows you which devices are connected, their MAC addresses, vendors, and open ports. It does not inspect the actual content of network traffic. To see what websites are being visited, you would need packet inspection tools (like Wireshark) or DNS logging on your router, and even then, most web traffic in 2026 is encrypted via HTTPS, which means you can see the domain name (e.g., youtube.com) but not the specific pages or content being accessed. Full traffic inspection is a fundamentally different task from device discovery.

How often should I check who is on my WiFi?

Manually checking every day is impractical for most people. The best approach is to set up continuous monitoring with Paranoid's Network Monitor feature. Run a thorough initial scan, save a network profile as your baseline, and enable background monitoring. This way, you are automatically alerted when anything changes. If you prefer manual checks, aim for at least once a week. At minimum, check after any event that might expose your WiFi password: house guests, a service technician visit, or giving the password to a new neighbor.

What if I find a device I cannot identify?

If you have checked the MAC vendor, the hostname, the open ports, and the Fingerbank identification and still cannot determine what a device is, take a systematic approach. First, check the device's IP address in your router's DHCP lease table, which may show when it first connected. Second, try accessing the device's IP in a web browser (if it has ports 80 or 443 open); many devices have a web interface that reveals what they are. Third, try power-cycling your smart home devices one at a time and re-scanning after each to see which device disappears. If the device truly does not belong, change your WiFi password. The device will be disconnected and cannot reconnect without the new password.

How many devices should be on my WiFi?

There is no single correct number, but most people are surprised by how many WiFi devices they actually have. A single person living alone might have 8-12 devices (phone, laptop, tablet, TV, speaker, smart plugs, etc.). A family of four can easily have 25-40 devices. Count every smartphone, computer, tablet, smart TV, streaming stick, gaming console, smart speaker, smart home sensor, camera, thermostat, and connected appliance. If your total scan count is significantly higher than your manual count, that warrants investigation.

Conclusion: Take Control of Your WiFi

Your WiFi network is the gateway to your digital life. Every device you own connects through it: your banking sessions, your work emails, your smart home controls, your family's devices. Knowing exactly who and what is on that network is not paranoia, it is basic digital hygiene.

Start with the method that matches your comfort level. Check your router's admin panel for a quick snapshot. Use Terminal commands if you want more detail. And when you are ready for complete visibility with automatic vendor identification, device classification, port scanning, and continuous monitoring, download Paranoid and see your network with total clarity.

The devices on your network should only be devices you put there. If something does not belong, you now have every tool you need to find it, identify it, and block it.

Stop wondering who's on your WiFi

Download Paranoid and see every device, intruder, and vulnerability on your network. Set up alerts so you never miss a new connection.

Download Paranoid — Free Trial See All Features

Related Articles

GUIDE

IP Scanner for Mac: The 2026 Ultimate Guide

February 2026 · 14 min read
SECURITY

How to Detect Hidden Cameras on Your WiFi Network

February 2026 · 12 min read
TUTORIAL

Mac Network Security Scanner: How to Audit Your Home Network

February 2026 · 12 min read