Hello. Netstat is only counting traffic sent or received on the interface; e.g. the tunnelled bytes themselves, as it should. WireGuard however is counting that, plus all of the encapsulation overhead (header, MAC, etc), plus packets not sending or receiving tunnelled data (for example, keep-alives and periodic re-handshaking), plus periodic response packets when traffic is only flowing one way (common if you run unidirectional protocols over it; for example, UDP video streaming).
These extra packets are documented in the WireGuard whitepaper on the website. Regards, Aaron Jones
OpenPGP_signature
Description: OpenPGP digital signature
