Can I use Glasswire to watch whole home network traffic via a mirrored port on my first "root" switch?

Recently my home’s Internet usage jumped from a relatively constant ~600G/month to ~1.5T/month, equivalent of 8hrs of 4K streaming every day, from September bill to October bill. Xfinity’s claim agrees with my router’s usage counter, so the problem is not on the street; something in the house is using all that.

Sadly, Netgear Orbi RBR50v2 does NOT count by device usage. And, since Orbi is stiing behind the Xfinity cable modem, the cable modem is in the bridged mode, which disables any of the xFi functionality for such snooping, either via the xFi app or by their tech support. I could try to install Glasswire on all computers, but that will still leave out things like Smart TVs, tablets, phones, watches, connected A/V equipment, etc., right?

So, I was hoping to do the following. Please someone tell me if this would work or not.

Current setup: Xfinity xFi cable modem in bridge mode feeds into Netgear Orbi RBR50v2 router’s WAN input. The router’s LAN output goes out to a Netgear GS108Tv3 managed switch’s Port #1. Few outputs of that switch, with plenty ports left unused, feed a few devices close by, including a Windows10 PC with just one LAN card, as well as a Netgear 24-port unmanaged switch, which then spreads the wired network around the house through the walls & switches to different rooms and devices. Additionally, there are four Netgear Orbi RBS50v2 satellites for mesh networking; currently they are in wireless uplink mode, but can easily be plugged in to be wired uplink.

I was hoping that I could turn on port mirroring on that Netgear GS108Tv3 managed switch’s Port #1 to mirror all in & out traffic onto Port #2, then connect that port into the LAN input of the PC, which would effectively take that PC out of the home network, which I would remedy by using a USB/LAN dongle I already have and telling Windows to use that to connect to the home network. I am hoping that wired uplinks in all satellites would force wireless device traffic onto the wire, and mirroring all traffic (minus the Wifi traffic hitting the router directly, which I might avoid by turning off Wifi on the router and forcing devices to connect to the satellites) coming in & out of the router via the mirroring of Port #1, I would be able to have Glasswire on that PC watching the LAN card.

Is that even something Glasswire can do? Or, would I need to use something like Wireshark, which scares me given the hardcore UI. Is the hardware config described above even good for Wireshark? Or, PRTG? Am I even in the ballpark of a good approach of figuring out what is using up all those Gigs in the house?

Thanks for any advice!

Tuna

The problem with full network monitoring is that once you determine the device using all the data (which is usually a PC anyway) there isn’t anything you can do to solve the issue unless you run something like GlassWire to see what apps are responsible for the all the data. Then GlassWire can block the app, or you can just uninstall it.

Our software doesn’t monitor the entire network, but you can use GlassWire to see all the devices on your network and get alerted when a new device joins.

You can also use our remote monitoring feature GlassWire user guide and manual to monitor multiple PCs from one GlassWire client. You can see an example of how that looks below.

img-feature-remote-servers@2x1704×1282 113 KB

But this requires you to assign IPs to the devices on your network right? In the screenshot you have device names but they are really like descriptions?

@farm

Usually your router will assign IP addresses automatically I think unless I am not understanding what you are saying.

You can name the devices whatever you want when setting this up. That way you know what each PC is that you’re monitoring.

@Servo_GlassWire

Sorry for the delay in follow-up. Life happens…

1. On the one machine I am using GlassWire on right now, I have scanned my network, added all my devices (what is the difference between DNS & IP scan?), and copy/pasted my device names for them from my router’s web UI into GlassWire. However, I wondered: Does GW associate the names with IP address? If so, when the DHCP assigns a new IP to my devices after their IP lease ends, the list I just created in GW will be obsolete. I wonder if GW does or will have a way to detect/enter the MAC addresses of the devices, and associate the labels with the MAC addresses. I could even imagine a feature where I get to enter my home router’s credentials into GW, and GW talks to the router to get that info instead of me manually doing it.

2. Recently I bought the 10-PC licence using the 50% sale GW had, entered the registration key into the one copy I am currently running, UNLOCK’d all the settings that I wanted to unlock, and then updated that one copy of GW to the latest minor version update. To my surprise, all the options under Settings that I had just unlocked were locked again! I had to go into them one by one, and re-UNLOCK them. Was that an oversight? Or expected behavior? If latter, that is not good, especially if someone like me is about to install & maintain GW on 8 more PCs…

3. I am seeing in other posts that there is no AutoUpdate in GW, although promised for the last 3 years, at least. That is unfortunate, requiring the user upgrade all PCs on their network one by one manually. And, possibly deal with the UNLOCK’d features becoming LOCKED again.

4. Furthermore, I am wondering this: Once I install GW on those 8 PCs, will I have to go through each PC’s GW settings, category by category, checkbox by checkbox, during the first GW boot on each PC, and set everything exactly the same on each PC, enter all the ~35-40 device labels on my network, 8 times(!), so that they all look the same (settings, labels for “Things”, and whatever else is being stored on my behalf as “settings”)? Or, is there a file or two, or an export/import-XML functionality where I can get the settings from my main machine I am using GW on right now, and copy to or import by the other 8 PCs? If there is no way to do that, OMG! Having the 10-PC license would then mean a lot of manual bookkeeping and labor…

Looking forward to your, hopefully relieving, response…

Tuna

@Tuna_Ertemalp

Thanks for using GlassWire.

The lock feature just locks down others from changing your security settings. It uses your Windows admin password so a person cannot get on your PC and change all your settings without your permission. If this is not needed for you then you can turn this feature off instantly in GlassWire’s settings. Just go to our top left menu and choose “settings”.

lock762×592 20.1 KB

We associate the names of devices with the Mac address, not the IP. You may notice some Apple devices may keep changing. You can turn this off with each Apple device if this is an issue for you. https://support.apple.com/en-us/HT211227

I noticed the latest Pixel phones do this too, but it can be disabled in settings with Pixel phones also.

If you want each GlassWire client to be exactly the same for many different PCs and you want to use our label system, then yes you’d have to add labels on each PC you plan to use. Or you could just use our remote monitoring feature and connect to your other PCs on the network, but mainly monitor them from one main PC.

Our remote monitoring system looks like the image below. You can then click on the other PC names like “Richard” in the example and see GlassWire’s details there for that other remote machine instead of having to visit each PC separately in person.

img-feature-remote-servers852×641 39.1 KB

@Ken_GlassWire

Thank you for the response. Good news on the MAC usage for labels. Yes, iOS14 introduced the randomized MAC address, but I turned that off on my iOS devices.

I have installed GW on all my 9 hosts, 1+8, and am remote monitoring 8 of them from the 1, but here are a few of the issues:

1. Your image shows a “Home PC” at the top of the list on the left, but mine shows “local”. In other words, I was not able to change the name of the local machine for GW, although all other PCs I am able to name properly while allowing remote access. Since I am not watching my local PC “remotely” from my local PC, I don’t know how to replace that “local” with something like “Office PC”.

2. As I was entering the Server List, I entered a few, and then wanted a different order. To my surprise, I couldn’t find any way to do that, like drag/drop in the listbox, or clicking an up/down button, or imposing a sort order. Am I missing something? What would you have to do if you wanted to have your list to be Notebook/Richard instead of Richard/Notebook? Delete Richard and add it again?? At the very least, if custom ordering is hard due to however GW stores the ServerList, you should allow alphanumeric sort on the above left pane, so that we can change the names with leading digits/letters, so then it would be a matter of just renaming them “01 Richard” and “02 Notebook” vs. “01 Notebook” and “02 Richard”.

3. Remote Monitoring only solves the problem of watching the bandwidth and network activity and alerts remotely. That is awesome. But, if I wanted to have VirusTotal activated on all of them, or set a 5G/day bandwidth limit alert, and turn on all of the alerts under Settings/Security, then I have to do all of that on each PC, 9x times for a 10-PC license, right? I hope you all see the usability problem with that… The best would be to have a way to update settings of the remote PC from the local PC, preferably via a “autocopy settings from Master to Slave on each connection”, and (for those people & PCs who needs to have granular control or exceptions) a way to bring up the remote Settings dialog in the Master with an additional button that enables copying of Master settings onto it which would allow people to populate the remote PC’s settings in bulk and then change a few as needed.

4. Is there a way to see the data I am watching remotely in the aggregate? It would be great to click on a “Combined” host on the left, or better yet, multi-select hosts in that left pane, and see the combined data of them: The GRAPH & USAGE & ALERTS. That would be awesome in detecting how certain things combine or deviate across machines on the network.

Thanks for any further guidance, or future feature implementation.

Tuna

Hello @Tuna_Ertemalp

1. Yes, that’s true you can’t rename your local PC, sorry about that. I think we made that change after our original 2.0 version release.

2. Thanks for your feedback on the server order.

3. Thanks for your feedback on remote settings.

4. We do not aggregate data, thanks for your feedback on that idea.