Accounting for /proc/net/dev reported traffic

I noticed that according to /proc/net/dev I am constantly receiving around 6Kb/s on my wireless usb interface. But I can't account for anything even close to that with the individual connections that I get with iptraf, iftop, and nethogs. Investigations with netstat, lsof, and tcpdump didn't help either. So, what else could contribute to /proc/net/dev values? I can speculate that, while only IP based traffic is reported by the applications I mentioned, /proc/net/dev probably accounts for other link-layer/internet-layer stuff too (arp? icmp? wireless management stuff?). Or maybe other transport/application protocols. Can anyone confirm this? How else would you proceed to find out: through what sockets are the 6Kb/s coming through? What processes are receiving the traffic? --- [EDIT] The 2 consistent results across all the tools: 1. the totals of Rx are around a few Kb/s - confirmed with /proc/net/dev, dstat, bmw-ng, cbm, iptraf, ifstat, gnome-system-monitor 2. no connection/packet stream justifies that - confirmed with netstat, tcpdump, iftop, nethogs, iptraf All of this with a Netgear WDNA 4100 wireless usb adapter using a custom driver from some git (the only way I got it to work). I asked the devs about it [here](https://github.com/ashaffer/rt3573sta/issues/9) . This might be malware, but I suspect the driver is simply reporting wrong totals. Nevertheless, I cannot explain what's going on for sure.