Yesterday I installed "Cockpit" on my Ubuntu-Server 23.04 (which is running on a Raspberry 4) so I can manage it from my Windows 10 PC. So far the Management interface is quite clear and understandable.
In the Network-tab of Cockpit there is the following overview:
Just for some clarification:
I disabled Wifi, so all traffic is going through eth0, which I understand is the ethernet port of my RP.
tun0 is the vpn-interface to which I bound all traffic on my RP.
So my questions are:
Since all network-traffic is supposed to go through the vpn-interface (tun0), how is it possible that the eth0 "Sending"- and "Receiving"-traffic is always a little bit higher than the tun0 traffic in the respective category? Shouldn't it be the same? Is my system sending/receiving traffic outside of the vpn tunnel? The RP is sending 7.35 Mbps over tun0 and 8.27 Mbps over eth0. Where do the additional 0.92 Mbps come from?
What exactly is "lo" supposed to do? I mean I know that it is the localhost/loopback but what exactly is it doing i.e. why is there traffic or what is it sending/receiving?
The main reason why I'm asking this is, it would be really really bad if my system is leaking my real IP or any kind of traffic. I mean I set up lockdown-mode, kill switch, auto-connect and god knows what in my vpn-settings, so I'm kinda concerned where this additional traffic in eth0 is coming from.
Thanks for the help.