I am wondering why my log shows 2 Hitron routers? I only have one and it doesn’t show it on my router dashboard. They have 2 very different mac addresses.
Sorry for the issue.
You said “they have 2 very different mac addresses” but then you say you only have one router. Please explain further so I can understand and help you.
correct, I only possess one router. There are two routers named on my glasswire dashboard. I am still not sure how to read the stats.
Does your router have a guest network, or something like that? Maybe the guest network somehow uses another Mac due to how it works? Just guessing…
Or could your cable/dsl modem be setup as a router also and it’s that?
It’s not normal for our app to show two of the same item with different mac addresses so that’s quite strange.
We’re preparing a MAJOR update of our Things feature that will probably be out before the month is over. It improves the scanning technology and has a new UI, and it should have more details on this for you.
This is a common scenario for people connecting to the router using WiFi. It is very common for routers to have two MAC addresses, one for each band. So one MAC address is for 2.4GHz WiFi and the other one is for 5GHz WiFi.
I appreciate the insight. I purposely have the 5g and guest networks off. It appears the toggle switch for allowing others to connect is being turned on as well. I think my router is being accessed but just not sure how. It doesn’t seem to be accessed remotely. I should mention this is my 4th router install in 3 months. They have all been compromised. Settings and passwords have been changed, networks have been renamed, and I cannot access any type of traffic log on any of these devices. I recently (within last 3 weeks) went back to the original modem/router combo. It is a hightron. I also purchased glass wire. On my router dashboard, the device names don’t match the mac address. My kyocera smartphone and pc usually are labeled as unknown or roku. And, sometimes my cell phone says it’s LAN connected.
Please be on the lookout for our major “Things” update coming soon. Or join our beta test list to get it sooner.
That’s correct. One MAC address is the BSSID, the Wi-Fi radio. The other address is the router’s MAC.
The BSSID won’t show up in Things or in logs on a PC unless the PC has Wi-Fi, of course.
Looking forward to that!
I will try the troubleshooting suggested. I only have the 2.4g active. It definitely shows 2 of the same router and 2 different MAC addresses. If the BSSID does not show up as a second router, could this be an evil twin scenario?
I doubt it could be an Evil Twin scenario… please be on the lookout for our update coming soon!
Holy Heck, that doesn’t sound good. Reset to factory defaults and change your passwords. Sounds like you might have something malicious on your network. Consider enabling your guest network and adding all IoT (doorbell, TV, Fridge, Phones, etc.) to the guest network. That way, if any of them are compromised, they don’t have access to your primary network. I’ve setup multiple networks in my home. One for my IoT devices, another for my Kids (with enhanced filtering, restrictions and other policies) and a network for my wife and I that’s unfiltered.
I just thought of something. Are you using a WiFi range extender?
I will try that. I am not using an extender that I am aware of. I just had to troubleshoot my phone with Verizon again. The tech logged into my computer also because when I plugged my phone into computer it said there was no files. T was labeled as an unknown android device instead of Kyocera phone. The tech was having issues and apparently I was connected to a different network. When I reset the network, it brought all my files back.
I seem to have an extensive amount of traffic through my network. I am not confident on how to discern whether or not the logs are normal. It keeps saying the network has changed. I have tons of it ncoming traffic that doesn’t make sense to me why it’s there. Even when I do not use the network there are numerous apps that are. Is there any way to get a tech from glass wire to log into my computer with me to troubleshoot? I have not been able to find an IT person to come to the house and all that geek squad want to do is clean it up. Thank you for the advice and knowledge.
The other thing is that my network analyzer says my phone is a host. Also says that ports 443 and 80 are open but when checked by my internet provider they don’t see that
It sounds like you need to get a handle on what devices you have connected on your network. Start at the router and work backwards. Disconnect everything (power off) then reboot your router and see if any devices are attempting to connect (DHCP offering IP address)
I think I figured out one of the issues. My cell phone is acting as a gateway also. It appears I have 2 routers (per Glasswire) and my kyocera is labeled a host on my wifi scanner.
I have reset everything. I believe I have freed myself from the other network. I am attempting to set up VPN’s now in an attempt to secure the network. I have upwards of 700 hosts on my Glasswire log. Is this normal? It seems like too much traffic for the amount of time I spend on the computer. Is there a way for me to share my screen to the forum? Is there a way to get more information on a cloned router or the evil twin scenario? I am at a loss as to how or why someone is doing this. I have to be able to secure my devices and network. I have just received my 5th cell phone since October 2020! My son is on his 3rd! I have a computer on order, but it seems if I connect anything to the wifi it is giving enough information to be hijacked or cloned. (Not sure exactly what to call it) I believe it is something I will ultimately have to file criminal charges for, but how exactly do you prove something like this is happening?
Another thing to mention is I keep getting kicked off my network. Every couple of minutes I get Wifi disconnected “the network name” then within a minute I see Connected to “network name”. I also get prompted excessively for passwords and alerts saying “session time out or expired”, “Please log in”…all the little things but the one so far that takes the cake is my brand new microsoft account that I set up on my clean, LAN connected PC, was secured with a USB security key the next time I tried to log in. I have no access to that account. I dont understand how someone does that.
That’s what I do.
This is an FYI and not addressing Holy-Hanna’s baffling issues. Sorry.
I also created this Inbound rule:.
Protocol type: Any
Advanced: Profiles, all three
General: Block the connection
Programs and Services: All programs, All compartments
Everything else under all tabs, leave as is unless you know/want otherwise.
An outbound rule is unnecessary and would likely load up the Event Viewer reporting information and issues events for ARP, SNMP, etc. And probably GW’s Things could fail to report completely.
(Boring details: 192.168.0.100 to 110 is the Wi-Fi guest network’s DHCP lease range. I don’t want .101 blocked and .16 is the Blu-ray player on Ethernet. While not all the DHCP addresses are leased, the router’s Access Control is enabled and any new device would need to be manually allowed. All my Ethernet IPs are static, no DHCP.)
Yes and no.
Holy-Hannah, I hate to break this to you, but GW is doing its job and doing it well. And this forum is an unlikely venue for resolving your network setup.
I suggest tenforums dot com where a much broader perspective can be established.