Monitor all your network traffic from everything

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

or where's Yasim hey what's up guys Jerry here AKA Barner cleese and i'm coming at you with another episode of hashtag tech tip now this is the second tech tip video that I've done you guys really love the original one I did on Windows 10 privacy issues and how to protect yourself against them and I figured that we would continue along those lines with the second installment by showing you a tool that I use to actually monitor my box and what's going on and actually keep an eye on what's going on over my network now the tool in question I'm going to show you is actually called glass wire so we're gonna go ahead and log into VM asaurus rex right here this is actually where I do all of my tech tip stuff because if I completely bone the box or install something crappy or malware I can just restore it back to a previous state and nothing lost okay so I'm gonna go ahead and open up the best web browser in the world right here it's Microsoft edge that was a joke in case you didn't get that Microsoft edge is the crappiest browser I've ever used in my entire life actually I take that back Internet Explorer 11 was the worst browser ever used my entire life so at least they're headed into a little bit better direction alright so I'm gonna go ahead and head on over to glasswire dot cam here it is right here and the actually advertised glasswire is a firewall software but it's actually a lot more than that and I'll give you a little background here I actually got the software about a month ago the company contacted me and asked if I wanted to do a review of it I get so many requests to review software and I usually install it and I'm just like and I basically messaged him back and say no way I was pleasantly surprised with this one I actually installed it and I've been using it ever since and now I've installed it on my laptop my main computer and my VMs and I'll get into why and you can also see they actually I mean they've got some cool accolades right I mean PC world gave them four and a half stars PC Advisor Lifehacker Network world I mean they're a very well-known software so let's go ahead and download the free version right here let's go over their page and see who we're dealing 2530 for whoo look at that fast internet go actually my Internet's pathetically slow guys alright so glasswire setup is downloaded so we're going to go ahead and just run the software of course it is going to ask you to run it elevated but it is a verified publisher so you not to worry there is no malware or spyware in this and if you guys find malware and spyware in it then you guys can hand my asked to me because I certainly have not found it alright this is version 1.1 so we're going to go ahead and just click Next yeah greedy or you'll all be honest I didn't read it who reads those likes if you read that you'll and it says anything in there that's concerning please let me know because I'm not going to read it alright by default the tool sets itself up to run on startup I wouldn't mess with that because you're going to want this tool running as long as possible because it actually accumulates a lot of data and I'll show you guys that here in just a little I'm going to ahead and pin it to my taskbar too so let's go ahead and install that I'm just going to default location glasswire not to be confused with LimeWire I know in my three hour livestream ended with Puget systems building my HTPC I called it LimeWire and I'm sure that confused a lot of you and you went and searched for it and probably found like some old peer-to-peer torrent based tool used for nefarious things and such I apologize for that it is glasswire okay so let's go ahead and click finish now glasswire is going to run it actually feels like a very lightweight application I haven't noticed any significant degradation in performance on my PC running this which with most firewall applications I absolutely do notice so let's go ahead and minimize the web browser behind so this is blasts wire right here and it actually has a very very smooth moving UI you can see here and when you opened up at first glance you're like what the hell am I looking at it's actually really cool I do this you're looking at alive like histogram of everything that's happening on the network on this PC like for instance if I come over here and click I can pause it now I'm going to come over here and click on this and says first Network activity detected from the host process for Windows services otherwise known as BBN a now this is cool because it tells you anytime any application or binary or service on the system initiate communication for the first time you get one of these little guys in the histogram what's nice about that is if you accidentally install malware or spyware the second that it tries to phone home you get one of these this this initial connection thing after that it kind of fades into the graph and you can drill down on the information I'll show you how to do that here in a little while but for the most part you get one of these little guys right here so we can see since we installed glass wire we had an attempted connected from the are tempted network connection from the host process for Windows services and we had another one down here there was glass wire control service look it even it even calls itself I already talked to the founder of glasswire and he assured me that the only connectivity between glass wire and the server is the check for a newer version don't worry they are not stealing your data I mean they're not Microsoft after all all right so I'm going to click anywhere on this graph with the right mouse button and it resumes and now you can see you just have this cool little histogram going here all here what are these spikes right here you can scroll this little bar around and you see down here at the bottom of the screen let me see if my little I got a little animation to draw your attention down there of course it doesn't record it in VMware go figure but you can see as I move the bar it gives you information on what's going on like right down here ds9 one of my systems and that is the IP address on my local network of that system transferred 201 bytes from this VM who in the hell knows what for but at least it caught it if we come over to this one right here we can see another IP address on my network transacted data in the form of 100 bytes if we come over to this one the host process for Windows otherwise known you can get this like nice information down here svchost.exe transferred down some information and transferred up some information now where did that information go I can click on hosts and now I can see the information just basically went to my router and basically just talked to my router so no big deal there and you can also look under alerts and see that you know this is one of the things that got caught for a first time Network activity so let's go ahead and let the little graph roll here you can see there's still all kinds of new information here it's constantly keeping tabs and everything you can see the system is constantly playing around on the network like what happened here this one looks interesting this is this is a new color down here purple so if we click this it looks like it transacted some data to SLS update Microsoft comm NS ATC net I'm going to guess that's probably some kind of Windows Update traffic but you know just you can kind of scroll through here but it gives you this live real-time view of everything that's going on and it constantly adjusts itself and if you want you can actually change the time to any scope that you want so you can see it over a very long period of time you can even do it like month week 24 hours 3 hours 5 minutes so you can set it to anything you want and it track all this stuff that's going on it also tracks when an app updates itself at any point that an app updates itself it'll actually give you a little notification down here that that app did that and if you get the if you register it you actually get some cool things that tell you in the webcam turns on and off like for instance when I turn to this cam on to record in OBS which is the software I'm using to make this video it actually popped up and said OBS exe has accessed your webcam and then when I stop the stream it says it it stopped so it's cool that you get those alerts now if we come up here and we look at the top of the bar here you have firewall usage Network and alerts we're going to go ahead and work our way over but I want to start with the alerts this is one place where you can get information on all of the first-time network connectivity stuff so like for instance if I open up Internet Explorer here and let's go to like Google Oh see down here down here in the corner says first Network activity first network connection initiated from Microsoft edge content process so you can open that up and now you can see it recorded it in here you notice that so that's the first time that I opened a web page in edge since installing glass wire and it actually tracked it if we come back over to the graph you can see there is a cool little button down here that says up first network connectivity and I can even see where it connected to so you can see first network connection initiated to a - 0:01 - a - MS edge net for some reason the browser is connecting to MS edge net ID I don't know why that would take further research but you can see it's all color coded in here what is going on the Microsoft edge browser made a couple different connections here's some other stuff it connected to the oh no sorry that's the ms2 edge net so if we come over here it also connected to se a 0 9 s 17 INF 17 blah blah blah and it connected to that and it connected to Google com so just by me initiating a connection to Google com Microsoft edge contacted multiple Microsoft services and I don't understand why it would do that I mean granted it might be for like some search caching stuff and in processing your search results but but I don't understand that if I want to connect to Google it should just connect to Google why the hell's the browser connecting to everything else here I'm just curious let's go ahead and connect to Bing so let's go to Bing com alright let's open it back up so continue alright so now we got some traffic here it looks like Microsoft edge connected to three servers again sorry where's the hosts so one of these is Bing is it two two four zero zero two five two but it also connect the login live.com and it connected to this MS edge net again so the Microsoft edge process keeps connecting to this AMS edge net every single time I go to a new URL but these are the kind of cool things that you discover using a program like this now normally you'd have to install something called a packet sniffer and that's essentially what this is but it's it breaks all information down so it's very very easy for you to digest whereas a packet sniffer you have to dig through thousands and thousands and thousands of network traffic packets and figure out what the hell stuff is this figures it out for you so now if we go up to the top here you can also sort the graph by apps so here are all the apps that so far have transacted network connectivity at Microsoft edge and each one is a different chart separate it out so you can go through and see all the different connections they made like this two to four zero zero to five to I don't know what that is connects they're an awful lot though you also have some internal networking connections uh and then down here if it says one more you can actually click on it and it'll break out and give you all of the different information and also see the host process for Windows services made multiple connections to it actually looks like it connected to some ip6 stuff still looks like probably local resources let's see is it making any remote connections that looks like a remote connection but I'm not positive on that guys like right there one five seven fifty six one oh six one eight nine the host process connected to there I don't I don't know what it is but it transacted a couple of bytes of data probably something pretty insignificant and then also if you come over here you can see all apps it tells you how much information is uploaded and downloaded from each app so as you continue to use the computer you can see which applications are using most of the network and you can also catch applications on your computer like if you install something that's a part of a botnet work that's uploading massive amounts of data you can use this to catch it you can also click on traffic right here and it breaks down everything by the type of traffic it was and what that means is what and protocol was used to transact that over the network ooh look at this we have a little notification down here it says first network connection initiated from the spooler subsystem app so if we open up the spooler subsystem app right here if we go to apps spooler subsystem application oh it's my printer so my printer transacted some information with with my computer not a big deal but still it's cool that it catches all this stuff and one thing you'll notice when you first start it up it'll be pretty verbose but it quiets down pretty quickly so it doesn't become annoying and it just sits in the background and only alerts you to things that are that are critical for you to know but if we go back to the graphs and we go to traffic you can see hypertext protocol is the majority of my traffic so far during this session couple kilobytes downloaded couple kilobytes uploaded not a lot of stuff but you can also see which is HTTP secured which one is just HTTP so just standard unsecured you also get NetBIOS and dns how much how much of your bandwidth is being used to resolve domain names and things like that and dhcpv6 server I don't know what that is but more stuff will show up under here as more protocols are used so like for instance go ahead an open up the Microsoft Store so see it said it just detected we got another notification in here said the store just connected for the first time so now if I just open up the store here let's go to games let's just go search around a couple things like Star Wars go ahead and let this load alright so now that's loaded let's go ahead and minimize that down we're going to come back here we're going to look at apps go ahead and find host process edge alerts where's the store so store initiated a connection and even tells you the exe to so like if you want to do something about its win store mobile DXE was the application that was running you can also if you think something might be a virus you can even you can even scan it from here like if you go to where as apps store so this is the store application come down here and click virus scan it'll actually scan that specific exe to see if there's any virus and the way that it's doing is not only by definition it's also searching for malicious things the program might be doing like key logging and remote connections without the users knowing about it but it's a pretty decent virus scanner see we're starting to build a little bit of rapport with the application here so if we go back to the graph go to all we should see now that we unfreeze it we should see the store activity so that's the Microsoft edge browser host process system you can read them as you're scanning the bar across the bottom let's see more host process while I think that thing is very very active on the network you can also scan the bar back and forth through time so you can you can scale it to however much data you want to see or scanned across and look for spikes and things that are going on like right there first Network activity from stores so here it was I just was missing it because it was further back in the histogram but we can see that it connected this deploy aka MA IT technologies comm I believe sorry I'm on a 4k screen this stuff is really really tiny and then you can see all the data that transacted in a couple of spikes each time I clicked on something in the store presumably these are the transactions that took place so let's go ahead and move this back and let it just run we can see I haven't been doing anything but Microsoft edge is continuing to make connections in the background who knows what for so Microsoft edge I mean it keeps phoning home to this AMS edge net site I'm not really sure why but if you guys know why it's just continuously connecting to that I'd be curious to know why okay so now you can visualize everything that each application is doing now let's say you want to do something about it so let's go to the firewall that's the second tab up here and you can see there's a couple of options in the drop down box there's click the block asked to connect now if you do the ask now these say by next to them because it's not registered if you register you get that functionality but you can block all if you click block all when it's registered sorry it's opening up because it's it's not enabled once you activate glasswire and buy a version of it you will get that functionality but if you do click the ask to connect any time you open an application that tries to connect to the network it will actually ask you if you want to allow that application to connect to the Internet and that includes all new applications you can do block all which completely blocks everything from making connections from that point on but I like click the block let's say we don't want the store to connect to anything anymore we just click right next to it there's a little fire sees a little fire next to it so now I firewall the store so let's go ahead and open up the store let's go back home let's click on like Facebook Oh check your connection so I have now blocked the store application from connecting to anything is that kind of cool like all I had to do is just click on it I have to go into firewall and create a rule and figure out what the ports are and everything it's just there I've now blocked the store app from making any connections which is fine by me because I don't use anything that's in the store because I don't like modern applications I like standard desktop applications so I don't use the store at all but if you have a tablet you might use it so you probably want a block so if I come over here it's a glass wire and I simply right-click or not right-click just left-click and unblock it now I can go back to the store click on something and it opens right up so it's instantaneous you just click you don't click ok not the click apply you don't have to wait you could just block stuff let's say I want to block the Microsoft edge browser let's let's uh there's a Microsoft edge content process this is the one that keeps connecting to the freaking AMS edge net let's just block that let's see if the browser still works let's go to Google again oh look at that it will not let me go to Google if I block that process so let's unblock that and let's just block Microsoft edge now just blocking the browser funny I can connect to Google that's kind of interesting this might just be my tinfoil hat but why is Microsoft edge spawning a second process in doing all the traffic through it I mean there might be a legitimate reason to do this but it makes it kind of hard to firewall through conventional means because if you firewall the execution the executable for the browser you don't actually stop it because it's transacting through this other Microsoft edge content process which connected what is G static com probably something they do with Google there so there's all the connections that it made to some SEO site and then any edge bing.com geez - so that's doing all of the transaction but not all of them if you click on Microsoft leave this this is the only little bit of data that Microsoft edge transacted the Microsoft edge content process is doing all the heavy lifting that's interesting now the reason why they might be doing that is because each tab maybe the Microsoft edge content process it's not unheard of for these browsers to actually break out each tab in an individual but it does make things slightly harder to firewall but if you wanted to come in here let's say that I want I want to kill the store I don't want it to be able to communicate anymore I want the host process for Windows service to stop talking to crap on my network now keep in mind these can stop things from working you do have to kind of have a fundamental knowledge of what you're blocking like you block Skype obviously Skype isn't going to work and things that depend on Skype aren't going to work so just make sure that you test each time you you tick or untick one of these boxes but the nice thing about it is if you notice something going on like for instance this new Windows Update so if I open up Windows Update this is a big one for a lot of people so let's check for updates can you see the host process for Microsoft services transacting some data right now so Windows Update is actually going through this service and there's the IP that it's connected to 2374 48:42 so it's checking for the updates so I'm going to go back to my graph we can see the host process hitting the update server right here Fe to update Microsoft comm and some other IP address that I'm unaware of so it's getting some information let's see is it still searching still checking for updates still check in okay now it's installing some updates I just told it to check for updates and now it's preparing to install an update and look at this first Network activity onedrive so while it so the second it started installing updates they activated onedrive and onedrive talked back to home did you see anything in the update process that was like yes I want onedrive to talk on the system I'm not saying that it's a bad thing or a good thing or anything it's just nice that you have a program here to tell you when these things are happening so you can get a better idea of what's going on with it would normally be this undetectable thing in the background so it just depends on you know how pointy your tinfoil hat is but I personally absolutely love this application here's another new one look right here at this spike detected the Microsoft Windows malicious software removal tool just just communicated its first data now that I would expect to be updating definitions constantly and I'd be willing to bet the Windows Update probably just updated that so now you know how to chew watch and monitor these processes and they do become cumulative as as more processes communicate it records all of this data now let's say that you're going to do something malicious like use Bing you don't want somebody to know that you're using Bing if they go through these logs later on you can go up to glass wire and activate incognito mode right here incognito on and now you can see this gray bar over here so now I'm going to go ahead but I'm going to go ahead and you know against all better judgment I'm gonna go to Bing I'm just gonna actually like Bing as a browser a lot of people beat me up for but I prefer being so now I went to bang you can see here's all the data that transacted with Bing through the browser and the multiple different types of connections oh I don't want anybody to know about that so what I'm going to do is I can hope to glasswire I'm going to say disable or turn incognito off and watch what happens here it deleted all of that data from the data stream so in the event that you want to do something malicious that you do not want tracked or you want to do something like search for I don't know dwarf-tossing or animals getting frisky or whatever crazy thing you don't want people to know you're searching for make sure you enable incognito and turn it off and it will erase all history of that segment and then if you guys ever want to go in and actually erase everything you can click on settings and come in here just clear the entire history and it will actually ask you if you wanted if you're sure you want to do it because obviously there's some value in having this cumulative data built up over time because as you get more and more data it becomes easier for you to click on the individual applications and drill down and see like what they've been communicating to over a period of time and the use in what's useful about that is I'll explain why this is hugely useful let's say you go into Microsoft edge and you find this a 130 for I am a kam AI net and or you find some URL that your computer is communicating to that you don't know what it is you don't care you don't want your computer to communicate with it anymore you can actually open up an elevated command window and you can actually go into the windows system32 drivers et Cie folder and edit a file called hosts and then what you can do in hosts right here is you can already see a bunch of stuff here is already firewall to 0 0 0 from Spybot anti beacon this this all was put in there by the program I ran in the last tech tip video but let's say we want to add something else we can do a 0 0 0 0 we could put like dang com and if we put that in there now that you know whatever IP or hostname you discovered through here you put that in there and now if I try to go to Bing comm oh that's right I think we established this in the last tech tip video that Microsoft edge does not honor the hosts file chrome does though actually I think it does honor for anything but bangs so let's try blocking Google comm so okay now I blocked Google comm so let's go ahead and kill this down start it up again let's go to Google Google comm nope just jumps right over the damn thing now I just saw a notification while I was doing that a moment ago so I want to click on my alerts you can see oh wow look at this system file changed it actually has a notification saying that it detected something changed the host file that's the first time I've seen this happen that is actually really cool because a lot of malicious programs will modify your hosts file in an attempt to redirect traffic to a malicious site that's actually really really cool it also detected this download upload agent host detected a background task host and it also detected some communication directly from Windows Explorer so you can see I mean there's a lot of interesting stuff and here that you can go through on all the apps and everything so now let's let's go ahead and skip over this you get the gist of how the program works now if we go to usage which is the next tab here it breaks everything down you can actually see which are the most connected hosts on your computer like you can see 4.6 megabytes of data transacted with this a kam AI edge net which I'm guessing is the Microsoft edge browser something or other so the highest uh traffic per host came from that so not not going to the sites not downloading the Imaging's it was going to that and then you can come over here and see that the store actually downloaded 4.6 megabytes of data who knows maybe it didn't internal update to itself and it even glasswire calls itself out and how much data that it's transacted what hosts it transacted with so you can even come over here and click you know there's nine different hosts that the edge browser in this are sorry store there's nine different hosts that the store communicated with right here I mean it's really cool it breaks down the data and you can see that I downloaded twelve my seven megabytes so far and 1.4 megabytes of uploaded and it even shows external versus local traffic so it can even determine whether the traffic is leaving the Gateway out on the internet or whether it's traffic just between your local computers and it can make that differentiation again you can break it out by day week and month and it gives you the dates and everything I think this kicks ass you can also do it by application so you can see the application that consumed the most four point six megabytes was the store application Microsoft edge only consumed thirty point two but I think the Microsoft edge content process which is what the tabs were actually am by downloaded three point three megabytes and again you can see every single host that transacted and what the traffic type was it's actually this is very cool even when you're playing games like if you're playing games like Call of Duty and stuff like that when you fire it up it'll tell you what servers it's connecting to how much data is transacting you can get a really really awesome breadth and depth of information from this and then you can click on traffic over here and again it breaks it all down by different types of protocols they were used for sending the data now the last tab is the network tab right here which you actually have to buy glass wire to use um but it'll monitor it'll list all of the network devices that glass water or glass wire can monitor which are all your local network cards your Wi-Fi card stuff like that again that's only available in the registered version alright I'm going to show you guys one of my favorite features and that is you can monitor all of the machines in your house if you have a registered version with the demo version you can only monitor one other machine so I'm going to click settings and if you come down here to client you can click remote server I'm going to go and add a server and I'm going to add my laptop which is named William jr. I'm going to connect to William jr. put in the password I went ahead and enabled him as a server so if I click OK he should pop up here in just a second oh I forgot to enable the connection hold on settings remote click William jr. enable connection click OK and now William jr. right here is connected so now you can see I have my local data and I have William jr. so I can click down here glasswire client connected and it detected itself so my laptop is running sitting over here next to my main computer now I can monitor all of the traffic from my laptop and all of the off of my local machine if you have a bunch of machines in your house you can install glass wire on all of them if you get it if you get the license for it you can install on all the computers and monitor all of the throughput of all of the computers in your house which is really really cool also if you don't speak English there's lots of different languages that you can enable in here you can also change the skins so if you want to make it look different and change the color schema you absolutely can Wow William jr. is getting all kinds of frisky what's it doing William jr. Nvidia streaming agent made a connection okay so Nvidia streaming on there is doing something glass wire did a community okay so glass wire connected to another computer in my house and it also made a connection to quest dotnet which is funny because I don't I don't even use quest I don't even have any quest Internet but for some reason Steam made a connection to to something on quest on that also one of the biggest reasons I decided to make this video is not only is a good software but I experienced only one crash using it over an entire months period of time on William my main PC and that one crash I was able to take a dump file send it to them a glass wire and within 10 minutes I got a mail back saying thank you for the dump file we're investigating and we'll get this fixed immediately and the person that mailed me back was actually the founder the person that owns the company so that is a person that is on the ball and paying very close attention to emails and problems that are going on with his software and you can tell that they take a great deal of pride in the software and it's actually quite amazing it's got a lot of other features I haven't shown you guys like you're able to screenshot the graph at any point and share it on Twitter or you can save it to your disk if you want to show it to other people there's a lot more going on here but it's a beautiful piece of software it works fantastic if you want to visualize your network what your computer's connecting to and know what's going on with all of your applications this is the software to do it and it's also really cool that anytime you install something if it installs some malware some spyware in the background or it tries to mess with how your computer is connecting to things this will catch it you will be able to come in here and see exactly what's going on now during this demo this is a live demo it's not scripted it started from a VM that I've only used uh in my last video and haven't done any connectivity so everything that we're seeing throughout this video and everything was completely organic and some of the notifications that I received were actually somewhat surprising so I hope you guys really really enjoyed this video I hope you'll give glasswire a try there is a link in the video description I've also got a ton of feedback already just from the few times I've tweeted out on Twitter with people that are saying that yes they've used it they love it there's some people that said that they've even been using it since alpha which is longer than me and actually really enjoy also would like to know to you guys that this isn't a replacement for something like PF sense or a centralized router in your house that's running a firewall software this software is designed to firewall each local machine that its installed on and monitor that local machine and whatever other local machines you have the software installed on it's not designed to monitor all of the traffic coming in and out of your local network because it's not at the router level obviously it's running at the at the computer level but if you do have a windows-based router setup where you create a computer and running some kind of routing software I don't see why you couldn't run glasswire to monitor all of the traffic coming in between two network cards but I personally haven't tried that so I can't speak to it so if you guys have any other questions please leave them down below in the comment or come over and tweet me at barnacle ease over on Twitter if you guys are enjoying this tech tip episode please give this video some love and hit that like button if you didn't like it hit that dislike button it's the only way I'm ever going to learn and if you guys know of other programs please list them down in the comments and let me know why you use them what things are better what things are worse let's let's share all this knowledge with the public but lately with the Windows 10 privacy issues and everything in combating that I'm really big on security and privacy and so far after using glass wire for a month I have to give it a huge thumbs up and say that it's a piece of software that I very very heavily trust and I use it constantly I'm always looking at this thing every single day especially when I install a new piece of software that I'm not a hundred percent on you know like somebody recommends something and I install it I watch this thing like a hawk to see what's going on because the second I see that thing connecting out to random thousands of servers and everything like that I'm going to get it off my box I'm going to firewall it get it off my box and clean it up and glasswire helps me do that alright guys I'm going to go ahead and wrap up this video I hope you guys enjoyed it till next time hey guys I hope you enjoyed this video please take a moment subscribe to my channel it helps me a lot also come over to Twitter I'm at barnacle ease I'm a real social guy also if you have a couple of minutes check out some of these many other videos I made them myself

Info

Channel: Barnacules Nerdgasm

Views: 329,503

Rating: undefined out of 5

Keywords: Windows 10, Windows, GlassWire, best antivirus, internet safety, suspicious, packet tracer, 2016, techtip, malicious, free, alerts, http, vmware, internet, tip, windows 7, firewall, antivirus, protocol, tutorial, free trial, remote monitoring, network monitoring, security, windows 8.1, lesson, network activity, x64, privacy, networking, diy, detect threats, how to, antivirus missed, block threats, best firewall, packet sniffer, protection, windows firewall, best windows firewall, network protection

Id: EQ5qzg4xZiQ

Channel Id: undefined

Length: 31min 34sec (1894 seconds)

Published: Sun Jan 03 2016