i've noticed something which seems odd. i have a rule setup which tracks tcp-udp (selected from list). i also have one which tracks any, again from the list. i would expect that tcp-udp is a subset of any and therefore the totals for tcp-udp <= any. again that's an assumption. if that is correct the totals are wrong. yesterday had tcp-udp 126/42/168 while any was 71/12/84.
When a packet arrives, the rules are matched in descending order of the rules list, from the top to the bottom. The first matching rule applies and no remaining rules are checked.
As a result, granted the TCP/UDP rule is listed first, it would capture TCPv4 and UDPv4, while the Any rule would capture anything other than that. If you swap the rules and place Any first followed by TCP/UDP, then the latter will not capture anything because Any matches anything, including TCP/UDP.
thanks for the explanation.
one fup. are there any protocols which would be tracked by any which wouldn't be captured by one of the other protocol choices?
i'm trying to see where our verizon data budget is being spent (i.e. on which apps).