How to Audit Your Home Network: Finding What’s Actually There

Last updated: June 2026

Most people have no accurate picture of what’s on their home network. They know about the computers and phones, maybe the smart TV, possibly the printer. What they don’t know about: the cameras with default passwords, the old tablet that stopped getting updates two years ago, the smart plugs running firmware from 2019, and the IoT devices that are connecting to the internet without the owner having any visibility into what they’re sending.

A home network audit takes less than two hours and produces both a complete asset inventory and a list of actionable security improvements.

What You Need

  • A computer connected to the home network (wired or wireless)
  • Nmap (free, cross-platform)
  • A web browser
  • Optionally: Wireshark for traffic analysis

Step 1: Discover Every Device on the Network

Start with an Nmap host discovery scan. This sends packets that cause devices to respond, revealing their IP addresses and basic information.

nmap -sn 192.168.1.0/24

Replace 192.168.1.0/24 with your actual subnet. If you don’t know it, run ip route (Linux/Mac) or ipconfig (Windows) and find the default gateway — your subnet is probably gateway_ip/24.

This scan will return a list of all active hosts on the network. Count them. Most people are surprised by the number. Note every IP address that appears.

Step 2: Identify Every Device

For each discovered IP, you need to know what it is. Several approaches:

Check your router’s DHCP lease table. Log into your router (typically 192.168.1.1 or 192.168.0.1) and find the DHCP client list. This will show hostnames and MAC addresses for each device. Match these to your Nmap results.

Run a service scan on devices you can’t identify:

nmap -sV -p 1-1000 192.168.1.X

This identifies open ports and service versions. An open port 80 or 443 suggests a web interface. Port 22 suggests SSH. Port 554 suggests RTSP (cameras). Port 9100 suggests a printer.

For any device with a web interface, open it in a browser (http://192.168.1.X). Most IoT devices present a login or status page that identifies them.

MAC address vendor lookup. The first six characters of a MAC address identify the manufacturer. A quick lookup at macvendors.com or nmap --script=broadcast-dhcp-discover will return the vendor. This identifies camera manufacturers, IoT brands, and sometimes specific device models.

Step 3: Assess Each Device

For each device in your inventory:

Is it still supported? Check if the device is receiving security updates. IoT devices with no more firmware updates are permanent vulnerabilities on the network.

Is it using default credentials? Check defaultpasswords.in or the device’s manual for factory defaults. Try them. Any device that accepts default credentials should be changed immediately or isolated.

Does it need to be on the main network? Most IoT devices — cameras, smart home devices, appliances — don’t need access to your computers. They need internet access, and that’s it. These belong on a guest or IoT VLAN.

Is its firmware up to date? Log into the device and check. Outdated firmware = unpatched CVEs.

Step 4: Traffic Analysis

For devices you’re uncertain about, a brief Wireshark capture while the device is running reveals what it’s communicating with.

# Capture traffic from a specific device
sudo wireshark &
# Filter: ip.addr == 192.168.1.X

Watch for: connections to unexpected geographies, regular beaconing to external IPs, unencrypted traffic carrying personal data. Most smart home devices phone home to manufacturer infrastructure; this is expected. Unexpected external connections — particularly to unusual IP ranges — warrant investigation.

What to Do With What You Find

Devices with default credentials: Change them immediately. If you can’t change them, isolate them on a separate network or remove them.

Devices that are end-of-life: Replace them if they’re accessible from the internet or have known CVEs. If they’re low-risk IoT on a segmented network, document and accept the risk.

Devices that don’t need to be on the main network: Move them to a guest network or a dedicated IoT VLAN if your router supports VLANs.

Unknown devices: Investigate until you know what they are. An unidentified device on your network is an open question that deserves an answer.

The output of this audit should be a complete inventory of every device, its current security posture, and a short list of things to address. Run it annually, or any time you make significant changes to the network.

Scroll to Top