First time poster… Be gentle.
I have the latest version of GlassWire running on my Windows Server 2012r2 along with SNMP on the only NIC. My question is should the traffic totals match? I’ve been running GW for about 2 weeks now and SNMP consistently shows 5-7% more traffic than GW. I would expect them to be closer in total however, I am a novice with just a few clues so just looking to understand more. Thanks
GlassWire uses a Windows API to count all traffic, and that count should be very accurate. However we use another API to pick out different traffic types, and it’s not always 100% accurate.
It does make sense if I was trying to reconcile by traffic type, but I’m looking at the total. If SNMP is running and my monitoring software (PRTG) says 40gig of traffic (all traffic) passed through the NIC yet GW says 35gig (all traffic) what happened to 5gig? Obviously those are round numbers but I’m consistently 5-7% less (all traffic) on GW.
Thanks for explaining. It could be a couple things.
When GlassWire is installed it warns that you may need to reboot to detect all traffic. For example if you’re already involved in download when GlassWire is installed, it may not see that download until after the reboot. We could force the reboot, but we thought it was too intrusive so we just show a warning instead.
GlassWire breaks down traffic as local and external. Perhaps it could be that? Click the small control icon under the “Usage” tab to see.
Also, I’m sure you know that GlassWire can only see the traffic from when it was installed, not before.
Thanks for the reply;
Going forward after the reboot if the data is still wrong please let me know and I can discuss it more in detail with our team.
Could this be a difference in the displayed units? I just thought I found a download where GlassWire showed less traffic than the file on my drive. But Windows shows kilobytes:
56,500 X 1024 = 57856000
And GlassWire shows megabytes:
55.4 X 1024 X 1024 = 58091110.4
If your SNMP report is displayed in bytes:
5809/5540 = 1.048
That is close to your 5%…
Valid and appreciated but I do the conversion to gigabytes and it’s still off. I rebooted my servers yesterday and am waiting for a complete 24hrs for comparison. More to come… Thanks
A full 24hrs after reboot the numbers are still off, I’ve also installed on additional machines just to rule out anything machine specific. This is looking at total traffic (no filters, external and local) and comparing SNMP as reported by PRTG vs. what GW reports. The servers are 2012r2 and with W/S is Win10 Pro.
SNMP GW Var (+/-) Var. %
Server 1 (gb) 16.97 16.20 -0.77 -4.5%
Server 2 (gb) 58.84 56.20 -2.64 -4.5%
W/S 1 (mb) 0.339 0.287 -0.05 -15.3%
I replied to your email.
We identify if the IP is local or not by the IP address class. There are several IP address classes (class is just a range of IP addresses) reserved for local networks.
class A: 10.0.0.0 - 10.255.255.255
class B: 172.16.0.0 - 172.31.255.255
class C: 192.168.0.0 - 192.168.255.255
The IP in your screenshot does not belong to any of these classes. That’s why it’s counted as public address and the traffic is external.
More info is available here: https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces
Looks like the column headings got messed up when I posted my last post. Those are not IP addresses, they are traffic totals. (Server 1 SNMP traffic total is 16.97g, GlassWire total traffic 16.20g for a difference of -.77 or -4.5%. Sorry for the confusion. Also my ip’s are in the class c range.
Please check your email. I’m talking about the email screenshot you sent us. Sorry for any confusion.
Sorry, but I didn’t send a screenshot…
Sorry, I got you mixed up with someone else who emailed our helpdesk a screenshot.
Others of us have noticed the lower GlassWire stats without being able to find out exactly why:
Good to know that I’m not the only one…
https://blog.glasswire.com/2016/06/15/glasswire-network-monitoring-accuracy/
Here is a blog post about one way to test our accuracy. We use a common Windows API to access data and it’s very accurate.
Usually counting problems are due to misunderstanding our external and local traffic settings.
You’re definitely not alone in asking about the accuracy of GlassWire. But we may have quite different positions on the importance of this issue.
I don’t need a lot of significant digits.
I’m happy for network monitoring stats to be accurate within a tolerance of +/- 5%. They’re generally rounded anyway, e.g. if it is 986,458 bits then it is often rounded to 1.0 Mbit. There’s little value to me in the extra detail.
The only time I ever needed 100% accuracy is when comparing network monitors. The rest of the time it is not that important to me.
I’m aware that if I want the stats it to be accurate then I should be measuring network traffic in the right place.
Application traffic is best measured on the local system.
Internet access is best measured at the Internet gateway/router.
So when we want to do both in the same place then we shouldn’t be surprised when compromises occur. The same applies to Windows built-in tools, NMap, WinPCap, Networx (old and new versions, with and without driver), PRTG, etc. I’ve never got them to agree completely and when they do agree they do not seem to agree all the time.