So, I’m using Kali Linux on a Windows 11 host with the WSL Linux subsystem. I’m interested in using Glasswire to monitor all my traffic, including the traffic coming from/to the Linux subsystem. However, this traffic is not detected by Glasswire.
More strange is the behaviour of Task Manager. The traffic between the host and Linux subsystem is registered on my Ethernet interface and WSL Virtual Ethernet interface. However, the traffic between the host and Internet originating from the Linux subsystem doesn’t seem to be registered in Task Manager.
Here I’m downloading a file using the Linux shell. I can see the network traffic between the host and Linux. But I can’t see the Internet traffic coming to the host in the first place. As you see, the throughput between the host and Linux subsystem matches on the 2 interfaces.
If I go to processes and sort by network usage, I don’t see any Windows process using the network, although network usage is listed at 20%.
I’m assuming that there is some underlying Windows WSL magic going on that makes this traffic undetected. If I can’t see it in Task Manager, I don’t imagine I would see it in Glasswire. However, it would be interesting to see what insights the dev team has to bring to this.
Windows Version: Windows 11 Pro 21H2
OS Build: 22000.348
Glasswire version: 2.3.374
If you restart your PC does the traffic appear, or does it make no difference? I ask because if GlassWire is newly installed we warn users that you should restart to detect all traffic on your PC. Perhaps in this case GlassWire is newly installed?
If GlassWire isn’t newly installed then perhaps the API we use that’s provided by Windows to detect all traffic is purposely made by Microsoft to ignore the Linux Subsystem?
I will ask someone on our team who uses the Linux subsystem to see if they can recreate this or not.
Any update on this one? I’d like to be able to see my wsl traffic in glasswire. My setup also uses a windows 11 as a level 1 hypervisor to run the WSL2 subsystem. The traffic is visible in the task manager network interface, but not glasswire.
On the computer i’m at right now i don’t have any VMs other than windows sandbox. It’ll be a week or so before I’ll be able to get to my main rig. But anyway windows sandbox traffic is reported in glasswire.
Likewise I’m curious if the android subsystem is reported: again on this computer i’m not sure but I could get you that info in about a week if you want it.
Any update? If if its a “yeah, we won’t fix it” rather you don’t want to or can’t is up to you, or a “we want to but its super low priority, being that only 2 people have asked about it on the forums for the last 8 months”. I just would like to know so I can properly set my expectations.
