An correctly installed of version of GlassWire shouldn’t access your router login page.
FYI, if your router is like most consumer routers then the router settings login page is probably the default for the router. So if I type the URL “192.168.1.1” into my web browser then it takes me to the login page for my router.
The person who told you there is a problem should be able to provide you with evidence of such behavior e.g. a printout of the router log entry/entries. I’ve seen many people misinterpret router logs and alerts so it pays to check the evidence of the problem before you start a potentially fruitless search on your desktop:
- Date and time e.g. if your computer was turned off at that time then it can’t have done it.
- IP address, device name, MAC address - these should match your computer, but even if they do, it is possible for IP addresses to be reassigned by DHCP. Also, other devices can spoof (impersonate) your desktop - although this is probably unlikely.
Anyway, assuming the router logs identify your desktop as attempting acces then you can use GlassWire to investigate further.
The following info should help you to investigate even if you don’t have other info about the router. It gets more technical towards the end but there is a lot of help and tutorials available on the Web.
1. Use GlassWire to determine which network device is your router
I used GlassWire’s Things view to display the IP addresses of devices that are visible on my network. The device 192.168.1.1 is my router and I’ve labelled it as the “Vodafone Hub”:
Then I can see the DNS name of that same device by selecting to display DNS names in the Things view.
Note that, as in this case, the name may be incorrect because of a GlassWire bug (@Ken_GlassWire, this is not my router name but the name of a website I use). But that is the host name that GlassWire will be using in its other views - you can see that in the screenshot above.
2. Use GlassWire’s usage tab to see if anything is accessing that host name or IP address.
I usually view the list by Traffic type because that makes it easier to see legitimate connections to the router, as in this screenshot showing my desktop is assigned an IP address on the network by the router.
.
The longest list of hosts is usually in the “Hypertext Transfer Protocol (HTTP)” traffic type so I leave that for last.
3. Check Windows network connection settings
Here’s a Windows 10 screenshot where I can see the router IP address and the desktop IP address:
Here’s a further Windows 10 example where I go to DNS settings:
4. You can double check what you find by using Windows command-line features
4.1 The IPCONFIG comand to display info about your network such as
My computer address:
IPv4 Address. . . . . . . . . . . : 192.168.1.210(Preferred)
IPv6 Address. . . . . . . . . . . : 2407:7000:9ba8:5f00:c4b7:2d0:26d7:1605(Preferred)
My router address:
Default Gateway . . . . . . . . . : fe80::a691:b1ff:fede:47bc%9
192.168.1.1
DNS servers which could, but don’t, include my router:
DNS Servers . . . . . . . . . . . : 2407:7000:9ba8:5f00:a691:b1ff:fede:47bc
23.216.52.39
23.216.53.39
2407:7000:9ba8:5f00:a691:b1ff:fede:47bc
Here’s a full example:
PS C:\WINDOWS\system32> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : MA08
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hub
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : hub
Description . . . . . . . . . . . : Killer E2200 Gigabit Ethernet Controller
Physical Address. . . . . . . . . : EC-F4-BB-6E-81-1F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2407:7000:9ba8:5f00:c4b7:2d0:26d7:1605(Preferred)
Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:837:856b:fe39:fb0e(Preferred)
Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:3920:2e32:fd5b:b7ba(Deprecated)
Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:5058:2cb3:2359:e86a(Deprecated)
Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:912e:5d51:a84d:af45(Deprecated)
Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:915a:7de4:866a:9e12(Deprecated)
Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:9ddf:858c:c2e6:fd98(Deprecated)
Temporary IPv6 Address. . . . . . : 2407:7000:9ba8:5f00:e18a:5dbb:1dc2:4982(Deprecated)
Link-local IPv6 Address . . . . . : fe80::c4b7:2d0:26d7:1605%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.210(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, 17 August 2020 7:23:24 AM
Lease Expires . . . . . . . . . . : Friday, 28 August 2020 9:39:50 AM
Default Gateway . . . . . . . . . : fe80::a691:b1ff:fede:47bc%9
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 166524091
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-E8-DC-4E-EC-F4-BB-6E-81-1F
DNS Servers . . . . . . . . . . . : 2407:7000:9ba8:5f00:a691:b1ff:fede:47bc
23.216.52.39
23.216.53.39
2407:7000:9ba8:5f00:a691:b1ff:fede:47bc
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
hub
hub
4.2 The NSLOOKUP command to convert a DNS name to a list of IP addresses
Using NSLOOKUP, I confirmed the GlassWire bug that incorrectly assigns the devicename live.geekzone.co.nz to my computer (192.168.1.210), @Ken_GlassWire .
PS C:\WINDOWS\system32> nslookup live.geekzone.co.nz
Server: UnKnown
Address: 2407:7000:9ba8:5f00:a691:b1ff:fede:47bc
Non-authoritative answer:
Name: live.geekzone.co.nz
Addresses: 2606:4700:20::ac43:474e
2606:4700:20::681a:8fb
2606:4700:20::681a:9fb
104.26.8.251
172.67.71.78
104.26.9.251