How to Test Your Home Network Security: Port Scanning, Default Passwords, and WiFi Audit Tools for Homeowners

Home networks are a persistent target for automated scanning bots. These programs sweep the internet around the clock looking for routers with default admin credentials, exposed management ports, and outdated firmware — and they find what they’re looking for more often than most homeowners expect. Research from Comparitech found that roughly one in sixteen home routers tested were vulnerable to default-password attacks, and a separate survey found that 86% of users have never changed their router’s factory admin password. Auditing your own network takes under an hour with free tools and reveals exactly what an attacker would see before you do. Run a speed test first to confirm your connection is live, then work through the steps below.

Step 1: Change Your Router’s Admin Password (If You Haven’t)

Before scanning anything, fix the single most exploited vulnerability on home networks: the default admin login. Open your router’s admin panel by typing its gateway IP into a browser — typically 192.168.1.1 or 192.168.0.1. If you’re unsure of the address, open a command prompt and run ipconfig (Windows) or netstat -nr (macOS/Linux) and look for the “Default Gateway” entry.

Once in the admin panel, navigate to Administration or System Settings and change both the admin username (if editable) and the password to something unique — at least 16 random characters. Save it in a password manager. Bots that gain admin access can silently redirect all your DNS queries through attacker-controlled servers, intercepting banking logins and email credentials without your browser showing any warning.

While in the admin panel, also disable WPS (Wi-Fi Protected Setup). The WPS PIN method has a publicly documented vulnerability that allows an attacker within WiFi range to brute-force the PIN in 4–10 hours using freely available tools like Reaver. Disable it entirely under your Wireless settings — the WPS button on the router body becomes non-functional, which is fine for home use.

Step 2: Inventory Every Device on Your Network with Fing

Download the Fing app (free, iOS and Android, with over 35 million downloads) and run a network scan while connected to your WiFi. Fing uses ARP discovery to enumerate every device currently connected, showing each device’s IP address, MAC address, manufacturer, and hostname. Scroll through the list and identify each entry.

Unknown devices fall into three categories: something you forgot about (a smart TV, an old tablet), a neighbor accidentally connected to your network, or an unauthorized device. Anything you can’t account for warrants investigation. Check the MAC address prefix against a lookup tool like maclookup.app to identify the manufacturer — this often clarifies what the device is (e.g., “Espressif Systems” typically means a smart home sensor). If you still can’t identify a device, change your WiFi password immediately and reconnect your own devices one by one.

Fing also runs a WiFi security check that scans for known router vulnerabilities, outdated firmware signatures, and exposed management interfaces. The free tier covers the basics; Fing Premium adds continuous monitoring with alerts when new devices join your network.

Step 3: Port Scan Your Router with Nmap

A port scanner reveals which network services your router is advertising — either intentionally or because a feature you didn’t know about is enabled. Nmap is the industry-standard open-source port scanner, free for Windows, macOS, and Linux. Beginners should install Zenmap, the graphical front-end for Nmap that requires no command-line experience.

Scan your router’s local IP address with the “Intense scan” profile in Zenmap, or run the following command in a terminal:

nmap -A -T4 192.168.1.1

Replace 192.168.1.1 with your router’s actual gateway IP. The scan takes 1–3 minutes and returns a list of open ports with service names. What you expect to see and what raises concerns:

• Port 80 / 443 (HTTP/HTTPS): Normal — this is your router admin interface. If port 80 or 443 is accessible from the WAN (internet side, not just locally), that’s a problem. Check your router’s Remote Management settings and disable WAN access to the admin panel.
• Port 23 (Telnet): Should be closed. Telnet transmits data in plain text and is a common attack vector. Disable it in your router’s administration settings.
• Port 22 (SSH): Acceptable if you intentionally enabled SSH access, concerning if you didn’t. Disable if unused.
• Port 5000 (UPnP): Universal Plug and Play has a history of security issues. If you don’t use UPnP for gaming or media streaming, disable it in your router settings to close this attack surface.

To check whether any ports are exposed to the internet (not just locally), use a web-based scanner like ShieldsUP! at GRC.com, which scans your WAN IP from outside your network and reports externally visible open ports.

Step 4: Verify Your WiFi Encryption Settings

Return to your router’s admin panel and check Wireless Security settings. You should be running WPA3 or at minimum WPA2/WPA3 Transition Mode. WPA2-only is still acceptable if your router doesn’t support WPA3, but it’s vulnerable to offline dictionary attacks against your WiFi password. A full breakdown of the differences is in our WPA2 vs WPA3 security guide.

Also verify that Protected Management Frames (PMF) is enabled. On WPA3 it’s mandatory; on WPA2 it’s optional but eliminates de-authentication attacks. Look for it under Advanced Wireless settings — it may be labeled “802.11w” or “Management Frame Protection.”

If you have IoT devices (smart bulbs, cameras, thermostats), consider placing them on an isolated guest network. This limits what a compromised IoT device can reach on your main network — your laptop and NAS stay invisible to it.

Step 5: Check Firmware and Patch Status

Router firmware vulnerabilities are real and regularly patched. Between 2023 and 2025, serious CVEs were disclosed in TP-Link Archer, Netgear Nighthawk, and ASUS RT-series routers — all of which required firmware updates to fix. Routers with auto-update disabled stayed vulnerable for months after patches shipped.

In your router’s admin panel, navigate to Firmware Update or Advanced → Administration and check for updates. Enable automatic updates if available. If your router is more than five years old and the manufacturer has stopped releasing firmware updates, it’s a meaningful security risk regardless of your current settings — known vulnerabilities accumulate with no patch path.

How Often Should You Audit?

Run a full audit every three to six months, and immediately after any of these events: adding a new router or mesh node, changing ISPs, buying a new batch of IoT devices, or suspecting unauthorized access. The Fing app can automate the device inventory part with continuous monitoring, alerting you when new devices join between manual audits.

A complete audit — admin password check, Fing device scan, Nmap port scan, encryption verification, and firmware update — takes about 45 minutes the first time and under 20 minutes on repeat runs once you know where to look on your router’s admin panel.