I only have one example for the moment but it’s consistent since it’s happening to all my hosts.
I am linked to some mattermost servers and I know from my pihole and nextdns setups that thoses hosts are making calls to api.segment.io
But I can’t find it anywhere in my glasswire db. On none of my hosts where mattermost is installed. And because I had a problem with some blocks on my setups according to mattermost and so my different filtering system which relied on api.segment.io. I can’t find it anywhere in glasswire. including about the ip address.
So here it is. As you can see the pihole register an attempt yesterday. This pihole interface is on a raspberry pi4 connect to my tablet through usb thanksfully to the OTG of the pi4.
So this is on a different network which is here 10.55.0.0/27 here. It’s not my default gateway of my tablet I just direct traffic to that pi4 for dns and sock5 and http proxy.
And as you can see on the image, where glasswork should have put this entry of cdn.segment.com (alphabetical order of the hosts) there is nothing.
So is there an explantation to that ?
For the other hosts that I talked about (since here is more an exception due to the setup) the dns resolver were on the different vlan but still the dns requests were going through the default gateway.
So I guess the network address here is not relevant but I wanted to be thoroughly.
I don’t know much about your network but is it possible whatever is accessing that domain is using some kind of DNS over https or something similar? Firefox does this by default now. Perhaps your router can see it but GlassWire cannot for some reason.
If you go to GlassWire’s settings is this box checked or not? I have found on my own setup unchecking this box has more accurate results these days. We will have it unchecked by default on the next GlassWire update.
GlassWire still looks up hosts with this unchecked but it uses a more accurate technique to do so.
No it’s not possible because pihole only listen to clear udp request from the internal network and then send it over internet in an encrypted format if requested. (It s a bit more complicated than that) but the point is the dns requests are always in clear format on glasswire hosts. At least for those request. Especially since it was coming from a browser but chat application like mattermost.
And the option you are pointing is indeed checked.
Do you want me to monitor it for a week or so ? Or maybe the release will be there already?
Actually even for Firefox or other browser, my dns requests are always in the clear since I specified to them to always send it through my pihole instances first so outside my proxy etc
So there is no way the dns were encrypted. If it was pihole couldn’t have taken them into account and simply refused them
I don’t know if I will have the time to actually install it in proper condition to test it. I still have a lot of work.
But I think this problem is a major issue and can easily be passed under the radar because people don’t have their own dns resolver to compare data.
So if this is a problem with the core of glasswire itself we should investigate even more.
So if you need more information about it, just tell me what you need and I can provide
GlassWire collects data from a Windows network monitoring API. It’s the same that the Task Manager uses for example.
If there is an issue with the “core” of GlassWire then I feel like it would be an issue with Windows itself, because the real “core” collecting network data is a Windows API.
But I guess anything is possible with software.
It appears you are busy but I would encourage you to use our next public non-beta update and see if the problem continues. Then we can investigate further and solve it with our completely rewritten updated backend that will be part of the next update.
We have also added in the ability for users to turn on more logging with GlassWire itself optionally to help us find bugs/issues in the future.
Our team is 100% working on this new update so that’s why we can’t really go back to a previous version right now, and that’s why I suggest trying the update. It’s possible whatever happened won’t happen again since the backend is completely new.
Promise, if I have the time to restore some Linux host that I haven’t been able to install properly, I will install a windows Vm with gnome boxes under fedora 32 and I will install your beta, I still not sure how I m going to link it up with a specific pihole to separate the data yet but if I find a spare raspberry or some space to make a vm on one of my server I will do it.
And yes maybe it’s a problem with networking api. It’s not the first time we have bugs in windows updates so… as I said it may take some time
Related question - how long does Glasswire hold on to logs? Don’t see an option for that in the settings, but the graph view shows an “unlimited” option. Does Glasswire have a time limit or size limit on log retention? Thanks!
GlassWire Elite has unlimited logs, Pro has 1 year, and Basic 6 months.
There is no size limit.
Logs are on your own hard drive and we can never access the info since it never leaves your device.
“Incognito” mode causes GlassWire to no longer save a record of your network activity on the graph. It works similar to the Incognito mode in most modern web browsers where GlassWire does not keep a record of your network activity while you are in that mode.
You can also make any individual application Incognito, for example any web browser. Go to GlassWire’s firewall tab then click the app icon you want to be Incognito, then choose “More” then “Add to Incognito”.