# Find a "hidden device" on WIFI



## jdj (Feb 24, 2022)

Hello, I'm looking for hidden and unknown devices on my wifi. 
After running network scans I'm seeing:
"7 interfaces - 1 hidden"
and from another program, " 7 devices - 1 hidden". Several are listed as "unknown".

All of my searches say to log into my router to resolve unwanted devices on my wifi.  So I type the ip address into the search bar  and see
there is a message that the site is not secure/unsafe. My firewall is probably blocking them ?  I have not allowed exception - yet -  through the firewall since I don't know if they actually are unsafe.  Is there a safe website that I can log into and see router logs/wifi use/devices  - besides my internet provider?

I am reserving going to my service provider account and changing router password and or name. It's a family issue so some people would be fine - other ones not. I would like to restrict those that are using_ irresponsibly_. 

 I need to find evidence of any hidden and  or "unkknown" devices on my wifi. Specifically cameras and to see if there is remote access by someone. 
The network scanners I have used are Wireshark (still figuring that one out) Trend House Call (shows devices but no way to find what is "hidden". Also used Advanced IP Scanner. shows a list of unfamiliar ip addresses but no way to see what devices they are (cell,tablet, desktop etc.). I need to know what I'm looking for. 
I have removed two cameras so far and suppose the hidden device will be another. I have a very tech savy teenage relative that is capable of being computer invasive as well. I'd like to resolve this with proof of what I think is happening so I will appreciate advice if someone has an idea. Thank you.


----------



## Solaris17 (Feb 24, 2022)

The error you are getting from your browser is likely just the SSL certificate warning caused by the SSL certificate on the router being self signed. It is ok to bypass this. However, since this in itself seemed to be a stumbling block you may find that hunting for and doing something about devices on your network may pose a serious challenge. That is of course not counting your routers /actual/ abilities to be able to handle it.


----------



## rethcirE (Feb 24, 2022)

In the past to find Raspberry Pi's and other WiFi devices I have used 'Angry IP Scanner'. Free and open-source. - https://angryip.org/


----------



## jdj (Feb 24, 2022)

Thank you 
Solaris17 and​rethcirE.​


----------



## Bill_Bright (Feb 24, 2022)

jdj said:


> All of my searches say to log into my router to resolve unwanted devices on my wifi. So I type the ip address into the search bar and see
> there is a message that the site is not secure/unsafe.


Please clarify this. Are you saying when you type the IP address of your router into your browser's address bar, you cannot gain access? If that is so, that's a problem. 

Most routers maintain logs showing attached devices (by their IP and MAC address) with a timestamp they connected. I have my Netgear router send a log report once a week. But you should be able to access the most current directly in the router's admin menu. I like reviewing them to make sure nosy neighbors aren't trying to access my network but also because the log also shows when an outside organization tries to access my network. For example, my last log shows this:



> [DoS attack: Smurf] attack packets in last 20 sec from ip [3.67.83.255], Sunday, Feb 21,2022 06:10:59



A Smurf attack is a DDoS attack on my network!  

A quick look with WhoIs shows it was Amazon. Why? I don't know. But most are innocent and (more or less) false positives - that is, Amazon most likely is just looking around to see what's out there. They are not really attacking me or trying to "deny my service".  Had there been 1000s in my log, I would be concerned. But there were only 3 spread across 3 days. 

Anyway, I am getting sidetracked. 

If you can access your router's admin menu, I recommend you clear the logs. Then check for updates and install any, then (if the update does not require it) reboot the router (when no family members are using it). Then over the next few days, see which devices connect and verify they are only authorized devices. 

Note that every device is supposed to have a unique MAC address, and typically that address is printed on a label attached to the device. In the case of cell phones that support wifi too, you may have to physically open the device (if possible), or look in its "About phone" menu option for the MAC address. On my Samsung Z Flip3, that information is found under Settings > About phone > Status Information > Phone Wi-Fi MAC address. I can also see the IP address assigned to my phone by my router. 

From there, I can look in my router's menu under "Attached devices" and see my phone. Note it may just say something non-descript like "Android". If there are more than one Android devices (phones, tablets, Alexa, etc.) in your house, you may have to a little extra detective work. My router lets me edit that information so mine now says Z Flip 3 for my phone. 

Don't forget to check your smart TVs, DVD/Blue-ray players, smart thermostats, smart lightbulbs, security cameras, smart watches and any other "smart" appliance in the house.


----------



## droid-I (Feb 24, 2022)

Not aware of what of router and browser you use.
In case you do have access to your WiFi router, you wil see a MAC address listed of attached devices, also to the hidden devices.
Run a check of the MAC addresses seen as "hidden", it will give you a vendor name of the equipment that is connected to your WiFi.
That will help a bit to rule out/in what equipment(and maybe who) is  hooking into the WiFi, if it is a personal/home WiFi network.

e.g








						MAC Address Lookup
					

Find the manufacturer of a device by its MAC address.




					macvendors.com
				




and there a few more.

And, once you know the MAC's you want to block, in the router you can set up a MAC filter to prevent some equipment to not hook into your WiFi.


----------



## jdj (Feb 25, 2022)

Bill_Bright said:


> Please clarify this. Are you saying when you type the IP address of your router into your browser's address bar, you cannot gain access? If that is so, that's a problem.
> 
> Most routers maintain logs showing attached devices (by their IP and MAC address) with a timestamp they connected. I have my Netgear router send a log report once a week. But you should be able to access the most current directly in the router's admin menu. I like reviewing them to make sure nosy neighbors aren't trying to access my network but also because the log also shows when an outside organization tries to access my network. For example, my last log shows this:
> 
> ...


Great advice and thank you! Having the how to saves a lot of time searching.



droid-I said:


> Not aware of what of router and browser you use.
> In case you do have access to your WiFi router, you wil see a MAC address listed of attached devices, also to the hidden devices.
> Run a check of the MAC addresses seen as "hidden", it will give you a vendor name of the equipment that is connected to your WiFi.
> That will help a bit to rule out/in what equipment(and maybe who) is  hooking into the WiFi, if it is a personal/home WiFi network.
> ...


Thank you! I have an Arris router. I use Chrome as a browser. I have made a list of all of IP addresses and MAC addresses that showed up on a scan, and can associate most of them with known devices. Then there are some unknowns listed plus the hidden device. I've written down the router and modem info in case I need that. Weird that there are three tvs powered up and the only one that shows on a scan is the one I use.  I did call my service provider and they spent considerable time answering questons but no resolution for the hidden device. I'm hoping to see device description on a scan or in a search to define exactly what it is.  Thanks again for your advice!



Bill_Bright said:


> Please clarify this. Are you saying when you type the IP address of your router into your browser's address bar, you cannot gain access? If that is so, that's a problem.
> 
> Most routers maintain logs showing attached devices (by their IP and MAC address) with a timestamp they connected. I have my Netgear router send a log report once a week. But you should be able to access the most current directly in the router's admin menu. I like reviewing them to make sure nosy neighbors aren't trying to access my network but also because the log also shows when an outside organization tries to access my network. For example, my last log shows this:
> 
> ...


Bill_Bright - When I type the IP address of my router into the browser's address bar, I cannot gain access.  "unsafe or not secure"  message that always shows when I try. If I click anyway, computer security denies access and says it's not secure. Also, I'm sure there are  "smart" appliances in the house that I am unaware of. Thank you for your advice. I can go forward with the suggestions you gave.


----------

