I have contacted Exede customer service, but don't receive any helpful information. Exede only tells us to reset the wi-fi router and change our password. I have done that and nothing has improved. I have been searching on this forum and saw the recommendations of Glasswire. I have it installed, now how do I interpret the information it is telling me?
In contacting Exede they have told me that I have a different brand of wi-fi router then I actually have. They have also told me there is an iPhone that has been using our data plan since 2014. We don't have an iphone, never have, never will. We have always kept our wi-fi router password protected and we don't give it out to anyone.
We are extremely frustrated that Exede is not more willing to help us figure out the problem and get this under control. I know it is not their job to monitor my data usage, but it would be helpful if they could maybe offer some suggestions of things to check (besides re-set your router and change the password).
10 years as a customer and we can't get help. Obviously there is a problem if we are used to having gb restrictions and now we can't stay in our package. Wonder if it is time to reach out to our State Attorney General. He would love to chew up a company like this.
When it comes to devices being identified on your router it's all based on the browser. Have you been able to use eSVT? https://community.exede.com/exede/topics/give-our-new-usage-tool-a-test-drive it's a more informative meter and it's what our tech support uses to see usage type and everything. It gives a better breakdown of data.
"I have been searching on this forum and saw the recommendations of Glasswire. I have it installed, now how do I interpret the information it is telling me?"
Networking and the various "measurement points" can get very confusing so lets see if we can break things down a little.
Not so long ago routers, switched and wireless access points and extenders were limited to small and large businesses. Those businesses had their own internal "IT Departments" to manage those Networks. Residential users typically had a single commuter connected directly to their ISP's modem. That meant that there was only a single "usage connection path" between the subscribers one and only device and their internet connection. It looked rather like this:
There were no "intersections" to the path. Everything had to be used either on the users single computer (with is 65,536 connection ports) or it could be "going up in smoke" (in the context of a satellite connection) on the ISP's side due to things like failing hardware that uses data through failed transmissions that require RETRANSMISSION of data.
In the above you can measure usage at both ends of the "path" ... the single computer and the modem. Your ISP is going to measure at the Modem. You can measure THAT computer with software like Glasswire. The two should match pretty closely. In fact you may find that Glasswire reports MORE data usage than your ISP due to "compression" on the part of the ISP. They "dehydrate" a file, whenever possible, send you the compressed file, something like a ZIP file in a way, The requested file is compressed at the Gateway, downloaded to your Modems along with "command & control" data and the modem decompresses the file and "unzips" it for you. A measuring tool like Glasswire would report the full size, the modem and your ISP's usage meter would report the compressed file size. Not all activity can be compressed however.
Then along came residential Routers and that changed the networking picture in ways that many users do not fully understand.
Adding a Router now makes our Network look like this:
The number of "connection paths" has skyrocketed. We now have the potential of four WIRED devices plus we have added the potential off ... varies buy Router .. perhaps 256 wireless devices.
It also adds one more element of potential use ... the Routers internal cloud services and wireless connections over perhaps as many as three different wireless frequencies that may or may not be properly secured.
Glasswire does a terrific job of monitoring and reporting of both the Programs and the Processes that use the 65,536 ports on a single computer but it is NOT the central point in a Network that has a Router at its heart. For that you need to monitor the "path" between the Router itself on your end of the network and compare usage to what the Modem is reporting at the ISP's end of the Network.
Many routers have "traffic analyzer" functions that will report usage per day, per device. If you have an issue with what your ISP is claiming you need to have a counterpoint to that, that will cover your entire Network.
You use the Routers ability to report data per device to ID "high consumption" users on your Network. You then use software like Glasswire to zero in on just what programs and background processes are using in detail.
Setting up Glasswire:
Understanding the output:
If your Network is simple in that it only has a single directly connected computer you can read and correlate the usage data directly.
If you have a Router then you must identify how much data is being used per defined period, per device. That requires a better router. It is a very good investment if you wish a counterpoint to your ISP's usage claims.
The shots below are from my Asus RT-AC3100. There are other less expensive models that give the same info. Do your research:
Usage per day, per device:
List of Asus models that will give the info as depicted above:
Keep in mind that Glasswire will only monitor the data on the computer it's installed on, so if you have other devices, it's not going to count their data usage.
The biggest thing is to change the options to "Incoming & Outgoing" and "External", like shown in Gwalk900's snapshot above. You don't want the computer's internal traffic mixed in with your data results. Then, when you want to make the comparison between Glasswire and Exede, change the dates to coincide with your data allowance reset, and check what Glasswire has for a total usage in those dates in comparison to whatever Exede says. If starting after your refill date, take a snapshot of what Exede says you have used thus far, then you can check from that point on in comparison with the same dates on Glasswire. So if it's the 15th, take a snapshot of what Exede says you have used thus far, then in few days, say the 18th, set the dates in Glasswire on the 15th through the 18th (check the hours, too) and check what Exede says you have used since you took the snaphot on the 15th. If the amounts don't match closely, something could be up.
For instance, if I click on the Usage tab, my laptop has been on less then one hour and it is showing the usage as 485.2MB. Is that high usage or normal usage? Then under the middle section that is called "Hosts" there are two little green flags at the top, then a bunch of American flags beside the activities listed under host. There are a bunch listed, then towards the bottom it also says "plus 934 more". I assume that means more "hosts". That seems like a problem to me, but I don't know how to interpret it.
If I click on one of the lines under the "host" area that has the little green flag looking thing then the IP address is Region: Other and then lists and IP address starting with 54.
Oh and how do I find the MAC addresses on our devices to only allow them to access our wi-fi? We have a couple HP laptops, Samsung Galaxy tablets and Samsung Galaxy phones. No Apple/Ipad devices like Exede keeps telling us is using the data.
THANKS so much!!!
Here are some screenshots that I had made up for another user that may help you in using Glasswire:
Just kind of go by the numbers
And in this last one, if you click on a program or process is the left column window, the details of that programs or process's connection activity is shown in the right hand window.
As GabeU stated above, a web page for instance is not a single "entity" but is instead built up of many segments each having their own host address.
The idea behind Glasswire is to identify the top data users and take a closer look at the activity. From there we can dig deeper to find root-cause users ....... embedded video, pre-fetch video, high volume of Ads ....
We also have to look at the aggregate usage of background processes. Not only do they use data but those types of processes are favorite targets of virus and malware writers.
One Hughes user recently had a high data usage episode, followed through on posting Glasswire screenshots. The Big User was quickly seen as a process called Windows Explorer (not to be confused with Internet Explorer). Windows Explorer is Windows "file manager" process and show NOT be connecting to the internet and should NOT be using any data.
In the end it was determined she had picked up a malware bug. She installed the free version of Malwarebytes and ran a scan. It found issues, cleaned them up and usage dropped back to normal levels.
In the end it is a process of discovery and elimination.
You need to find out the main "heavy hitters" of your data and then review things like browser settings (telemetry/crash reports) and web pages visited, Many have constantly updated content and if a tab is left open the page continues to burn data even though you are in another window or another tab.
We have been completely shutting off our laptops and also shutting down the modem and wi-fi when we are not actively using it.
THANKS for all of your help!!! I have received more help from you then I have from Exede. I think Exede could learn a lot from you guys and should support their customers by helping them recognize potential leaks in their data usage.
Oh and I have spent some time today collecting the MAC addresses of our devices. I have now changed the Linksys Router settings to only allow the devices that I have listed for MAC addresses.
What other suggestions do you have? We are considering purchasing one of the routers that was suggested above to track usage by device. I think that would be awesome, since we have a pre-teen in the house. He is very respectful and doesn't over use the internet, but it would be nice to be able to track it. The Wi-fi is password protected and the guest settings are turned off.
As of 2pm Central on 2/6/17, I set up the MAC addresses on our WI-FI router to only allow the devices I built in to it. When I look at the extra Exede website that allows us to view our usage by day it is still showing an Iphone and another device using Linux. We don't have an Apple products that access the internet. It is showing the iPhone and the other device as using our internet as late as 2/6/17.
If these two devices don't disappear when Exede's information updates, what is my recourse. Or what can I do additionally to stop them from using our data. I have changed our wi-fi password, turned off the "guest" access and have only included the MAC addresses of the devices we want to use our wi-fi. Is there something additional I need to be doing?
THANKS again for all your help!!!
So, at this point there really isn't a lot more I can do except turn on the modem and Wi-Fi and hope for the best. I have done everything that I can figure out how to do. I don't understand the other security stuff you were talking about. How do I check this stuff?
Is WPS disabled?
Is Remote Access disabled?
Are any internal "cloud and Sync" functions disabled?
Are all of the "cloud" based router services that may access outside databases disabled?
Again, I appreciate you breaking it down for a non-technical person to understand.
"So, basically you are saying that Exede telling me there is an iPhone and another device using our network is not accurate?"
Lets look at it this way ....
Suppose for a moment you had a Mac computer. If you hooked the Mac directly to the modem Exede could indeed say with 100% certainty that you had a Mac because they could see the computers MAC address which in part would identify that computer as a Macintosh.
Next we are going to connect the Mac to a Router and connect the Router to your Modem.
Exede could then only read the MAC address of the Router .. they could tell you what brand of router it was but .... they could not DIRECTLY see what brand of devices or even how many devices you had connected to the router. Key word here is DIRECTLY.
They can however INFER what you have connected by the type of traffic being generated.
That inference can be misleading. If you were to visit a webpage that had a lot of Apple ads and those ads used a lot of data, they would see a lot of Apple traffic .......
"One of the customer service gals encouraged me to file a police report because "someone is stealing from you"."
This statement is really going out on a limb.
There are four areas of concern to a Router:
The first is the "Control Room" for lack of a better term.
This is where all of the "buttons and switches" that control access to your network and internet connections are located.
That "Control Room" has an address. Mine is 192.168.1.1
This is known as the LAN IP
Access to the Control Room HAS to be limited if there is to be any security to your network at all. That security is in the form of a username and password that needs to be entered before the Control Room can be entered.
Here is mine:
Question #1: Do you know how to find the entrance to your Routers "Control Room"?
Question #2: Have you changed the username and password from the manufacturers default values?
Once logged in you will see the Routers Main Page:
It is from the column on the left that we select the functions we wish to address.
Question #3: Can you access the Routers "Control Room"?
The second area of concern is related to internal Router "services" that may be enabled.
Some of these can fall into a "protective" category:
While not dangerous they can use considerable data without your knowledge and possibly slow your connection as outside databases are accessed.
Question #4: Do you know what internal services are enabled?
In addition to the above and of greater concern are the Remote Access and Sync functions:
If Remote Access it setup it can allow backdoor access to your network and to your internet connection.
These types of services should only be enabled with the upmost care.
The third of the four areas of concern is that of physical access to the Router and its wire LAN ports. Anything that is connected to one of the wired ports will have complete access to your internet connection. This will also include wired LAN servers and printers. Permissions afforded to a printer can have a big impact on data use if they are allowed to update drivers and other related printer software.
Question #5; Do you KNOW what is connected by wire and what and what that devices "permissions" are?
Now we come to the final area of concern: Wireless.
And this is the hardest to get handle on.
Out of the box the wireless radio channels are "open". That is to say that any wireless device that comes within range of the Router is free to connect and free to use data.
The only way to tell what is connected at any given moment is to open the Routers interface, login and look for something like a network map or a heading like "Connected Devices":
The above will show me what devices are connected NOW but not what WAS connected at other times.
For that you need a Router that has a Traffic Analyzer function:
That will specify by date, device name, MAC address the devices that connected and the amount of data each used.
You can also track what websites or online functions were visited by these devices.
The important thing to understand is that we are to this point running an "Open Network". anything that comes within range can and will connect.
This would include a neighbor with a iPhone in their pocket. It doesn't even have to come out of the pocket or in visible use for it to connect and use data.
Radio waves are funny. At times you can have issues keeping a signal across the room but at the same time can be picked up 1/2 mile away. You can't depend on distance to keep your connection safe from unauthorized users and unauthorized devices.
For that we have to rely upon Wireless Encryption.
Wireless encryption has to be enabled to prevent unauthorized users from gaining access to the network. Encryption comes in different levels. These are the most common in increasing order of strength:
WPA-PSK [TKIP] + WPA2-PSK [AES]
WEP is now so weak and so easily cracked that it really is no protection at all.
It is recommended for a home user to enable WPA2-PSK[AES]
All residential Routers are going to broadcast on the 2.4 GHZ frequency band so encryption needs to be enabled for that wireless frequency.
Other Routers may have one or more 5GHZ frequency bands available. It is possible to enable encryption on one frequency thereby excluding unauthorized devices but to have missed one of the others thereby having an Open Network in that area. If a visitor stops by with that iPhone in the pocket it will latch onto that open network.
Wireless encryption is setup from the Routers "control room" wireless list:
The passkeys generated here are entered into devices that you wish to have authorized wireless access so be careful of the devices you authorize.
WPS options are also found as a wireless function:
WPS was originally intended to make it easier for novice users to add wireless devices to their Networks. It made it so easy it was soon exploited and is now considered to be a potential vulnerability and should be disabled.
We also have "Guest Accounts" that allow you to give access to ... guests.
It usually pays to disable ALL guest account access. Remember there are usually at least two. It is possible to disable one and leave another enabled. If not encrypted ... there is another Open Network wireless channel for unauthorized devices to connect to.
Some Routers have USB ports that allow the connection of other devices such as network drives or a Hot Spot connection for splitting usage among two different ISP's so beware of the chance of these devices using your network connection.
Question #6: Do you KNOW that an effective encryption level has be enabled on ALL available frequencies?
Question #7: Do you know that common vulnerabilities such as Remote Access, WPS and Guest Access have been disabled?
Now, we seem to have the opposite problem and we have only 10 days left in our billing period and we have only used about 28% of our data.
THANK you for your help. I sure wish Exede would show a little more concern for their customers and try and give them some of the info you offered above and help their customers. I am sure they would have a lot more happy customers. Although I understand it is not Exede's responsibility to help people monitor their data usage, it just seems like a basic thing to do to have happy customers.
I truly appreciate your help.