Netstat bytes count doesn't match with Wireguard

Aaron Jones me at
Wed Sep 15 07:31:32 UTC 2021


Netstat is only counting traffic sent or received on the interface; e.g.
the tunnelled bytes themselves, as it should. WireGuard however is
counting that, plus all of the encapsulation overhead (header, MAC,
etc), plus packets not sending or receiving tunnelled data (for example,
keep-alives and periodic re-handshaking), plus periodic response packets
when traffic is only flowing one way (common if you run unidirectional
protocols over it; for example, UDP video streaming).

These extra packets are documented in the WireGuard whitepaper on the

Aaron Jones

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the WireGuard mailing list