Network access recording

This is not a Mac-specific question, it’s just me searching for enlightenment.

My router (ISP supplied) has a section that lists all of the devices that have been connected to it (via whatever method I select) showing IP addresses, MAC addresses, data up and data down.

What it doesn’t show is the date, time and duration of connection.

Is there an app I can use that will allow me to track that info?

My wife has got a bit paranoid about unknowns scanning our network and accessing it.
(Too much TV watching!)


Your router is only showing you what devices are connecting to the router over your local network. It may not be logging the activity of systems residing on the Internet trying to establish a connection to systems on your local network.

Someone scanning your local network from the Internet would have to break through the NAT firewall on your router with an inbound connection. It’s more likely that something installs malware on a system inside a NAT network (through clicking on a bad link, installing software from sketchy sites, or through a flaw in the OS or browser itself allowing it). That malware works on the “inside” to scan other systems from within.

Firewall applications that you run on your Mac such as Little Snitch can tell you if something is trying to establish communications (both inbound and outbound) on an individual Mac.

However, the experts use “sniffing” the local network with an application like Wireshark or logging capabilities present in the networking device hardware to give them a complete record of a network network. They also have tools to reduce the volumes of data produced by these tools, and have an idea of what they’re looking for. This probably isn’t something that you should be doing unless you have a good working knowledge of networking innards to analyze the results. It also can take up a lot of space for the network traffic logs.


If you haven’t already done so, do a bit of web searching and see if you can download the full manual for your router. There may be settings you are not yet aware of.

As you noticed, the status screens just show the current state of the router - who is connected and some stats. If you want historic data, it will need to maintain a log file. See if there is an option you can configure to enable logging. Once done, you should be able to view and/or download the log.

It may not show you convenient things like how long clients were connected. You may need to do that by hand (or via a script) to look for all the log entries corresponding to connect and disconnect events, correlate them with each other, and do the math to compute durations.

But as @Technogeezer wrote, this is going to show devices that connect/disconnect from your LAN (Wi-Fi and maybe Ethernet). It will almost certainly not be logging every TCP connection going through the router, because there will be literally millions of them. It would be “drinking from the firehose” and would be a useless flood of information unless you have some special-purpose analysis tools to run against those logs.

That having been said, you may be able to enable a security log of some kind that records unsolicited connection attempts from the Internet. These attempts are not necessarily hacking attempts, but it’s information you might find interesting. Or it may be just another firehose to drink from.

I used to have my router keep logs like this, but I stopped after realizing that it’s a ton of information that I have neither the time nor the desire to fully analyze.


Rather then a stranger somehow getting connected to your local network, the real paranoia comes from a device that you have knowingly connected sending information to the outside world. Such as security camera, doorbell, or robot vacuum. Reviewing your client logs won’t reveal that. (You may not want to mention this to your wife.)


Thanks all.