How to find things GlassWire Can't?

So everyday around 2:00pm local time, my internet goes from 250 mbps, to about 0.5 mbps, I’ve talked with ISP, and they said something on my network is utilizing all of the bandwidth for about an hour, at that time, almost everyday. So I narrowed it down, and installed GlassWire on the suspected PC.

Right before 2:00pm-ish, I started running speed tests, which you can see, spikes the download/upload. Around 2:00pm, you’ll see only the red (upload) spikes, as my upload speed is unaffected. My download speeds however are non-existent, but nothing on the PC was downloading according to GlassWire, clearly, the download section is miniscule, despite massive amounts of bandwidth being utilized. I powered the PC off, as the only solution to test the theory, sure enough, the second it powered down, the internet download speed was freed up, and all other devices on the network could resume normal speed tests. Powering the computer back on, did not affect anything.

I did notice Microsoft Office Click-to-run, appears to have ‘started’ right as the download speed started to plummet, but it should have been spiking the other direction if it was the culprit?

Very confused, and not sure what could be sucking up the download bandwidth in the background without GlassWire able to detect it?

Thanks for using GlassWire. Let’s see if we can figure out what’s going on.

First, please click the spot on your graph for 2:00 when the disruption happened. GlassWire will show you what apps were using the network at that exact time. Currently you show too large of a time period for GlassWire to help much.

Ken,

Here’s a snap shot from when internet tanked. The last successful (full speed test) I ran was right before 1:40 (firefox). Somewhere after 1:40 - 1:56 internet for all devices was 0.5 - 2 mbps. However, strong upload speeds, as shown by the speed tests I ran at 1:49 - 1:52. I turned the PC off at 1:56, which caused my internet speeds to return to normal for other devices. At about 2:08, I turned the PC back on, so there was nothing to track during those 10 minutes obviously. I immediately ran a new speed test, which shows normal results.

Leads me to believe something was running on the PC, using all my internet download bandwidth, but I just don’t see it on there.

Could it be the “NoMachine” software? I am not familiar with that app. If you disable it with our firewall or uninstall it temporarily does the issue go away for you?

I see Microsoft Click-to-run quite often and I haven’t seen it cause issues for people.

If you disable WD App Manager does that solve it? Just another idea… I’m not familiar with that software either.

No machine is a like remote desktop app, I use it nearly everyday, and this only occurs at a specific time each day, but I will disable it before 2pm

WD manager, is western digital Nas manager, I can disable it temporarily, but that’s been running for years, and this only started about 2 weeks ago.

Could it be related to this?

I don’t believe GW will reveal the source of your issue. Give this a try:

[PLAIN] NetworkTrafficView - Monitor the traffic on your network adapter

The zip will extra a stand-alone exe, a chm and a readme.txt. On closing the app, a cfg file will be written; this can be deleted to return the app to default settings. Run the exe as admin.

As a point of interest for all, one can click on the graph to expose additional data. Clicking on a flag will open a panel where Info, Hosts and Alerts can be explored.

I am not familiar with the other network monitor you are promoting, but millions of people have used GlassWire to find network-related issues on their PCs. I’m not sure why you’d post that we can’t help with this and that another network monitor should be used.

Also, please be careful with that web page. It’s filled with ads and fake “download” banners. It took me a little while to figure out how to download the actual app you were referring to because the multiple confusing “download” banners were sending me to download something else… Hopefully the ads aren’t promoting malware.

I then tried to run the app and it just showed a white screen. Fortunately I ran the app in a sandbox so I’m not sure what’s wrong, but please use caution when downloading ad-supported apps from websites filled with ads and trackers.

I’ll update later today, if the issue occurs again. As it sometimes skips a day, and only happens in the afternoon. Luckily this computer is behind a hardware firewall, so I have a bit more information to look at, such as isolating which device is using all the bandwidth. So, I know it’s no the WD ‘My Cloud’ device, which was manufactured after 2015, so … I don’t think it’s lumped in with that security threat, it’s also, behind the firewall, and not open to the outside… it’s used a file backup only for local storage.

I will try disabling them all, I am also going to isolate the device on the firewall into it’s own group, just to make sure I’m looking at the right device. GlassWire should be finding it, I’m really digging how easy GW is and the amount of information. I checked against Win 10’s built in ‘Data Usage’ and pretty much tracks the same, and unfortunately there is no anomalies in there either.

I’m hoping at this point that it was a coincidence and turning this PC off was just a lucky timing thing, and I’m looking at the wrong PC.

Buddy suggested running a netstat during the time period, and trying a wireshark deep dive (but that’s getting beyond me :wink: )

I hope you figure out the issue!

I think just seeing if there is a spike in app network activity should be enough to find the issue. It’s also possible the issue could somehow be at the router/firewall level.

NetworkTrafficView will do that deep diving and won’t be beyond you. If those monster numbers don’t show up under the Total Data Size, I’m with Ken in that the issue just might be in your router. Routers have built in logging and ways to output the data to a file. Good luck!

@ Ken_Glasswire
As evidenced by themrmystery’s original post and as I understood it, I don’t think GW would offer any indications.

Perhaps I should have tempered “I don’t believe GW will reveal the source of your issue” as “It’s unlikely GW will…”

And “give this a try” does not imply “should be used.”

As well, for six years I’ve been an emphatic advocate of GW here as well as in the Wilders Security forum where’s GW is more-often castigated than extolled.

Since 2001, Nir Sofer has developed FREE stand-alone utilities and tools for professionals and geeks. By popular acclaim and editorial content, man is a genius. I have 125 apps on a to-go USB stick, with a couple dozen most used on each of my systems. CurrPorts runs 100% of the time on my laptop and desktop PCs.

I disabled my Firefox ad blocker and found nothing adverse. Ditto for a default profile MS Edge. There is nothing fake or malicious or confusing present; never was, never will be.

I’m sorry NirSoft’s old school frame-and-ascii site and 90’s era ad rendering confounded you.

Goodbye.

Thank you for the information @dallas7. When I visit that site they had banners that had big “download” links, and it was quite confusing how to download the app itself.

Above is a screenshot I took from this morning that shows “start” instead of “download”.

I became concerned that anyone who clicked that link from our forum might download from the banners, and it’s unclear what exactly is being downloaded from those ad banners.

We appreciate you using GlassWire and I apologize if my post sounded rude.

We at GlassWire have no ads on our website or in our software, but you may want the owner of that website to know there might be an ability to disable those “start” or “download” ads if they don’t want them. Ad serving settings - AdSense Help That way their visitors won’t be tricked into downloading strange things that could potentially harm their PCs.

Ken,

Got derailed a bit in here, but update, it’s not the computer I thought. I had to isolate each device into a new group, and eventually narrowed it down. Most devices in the Win 10, Data Usage, area have… like 400 MB - 1.7 GB, in the “System” data usage area. My new suspected device had nearly 11 GB of data usage in the ‘system’ category. I have installed GlassWire on that device, and will update accordingly.

1 Like