For a TCPIP connection, NetMaster shows the following messages:

08.36.15 IPCM2311 Connection opened: local addr=nn.nn.nn.33..48413 remote addr=nn.nnn.nnn.246..443 jobname=xxx
08.36.15 IPCM2312 Connection closed: local addr=nn.nn.nn.33..48413 remote addr=nn.nnn.nnn.246..443 jobname=xxx bytes in=5 bytes out=300 user=N/A

However, a SmartTrace show different values

Tcp Sessions Report
------------------------------------------------------------------------
32 packets summarized

 Local Ip Address:                               nn.nn.nn.33
 Remote Ip Address:                           nn.nnn.nnn.246


Host:                                 Local,          Remote
 Client or Server:                   SERVER,          CLIENT
 Port:                                48413,             443
 Application:                              ,           https
 Link speed (parm):                      10,              10 Megabits/s

Connection:
 First timestamp:                 2021/12/15 08:36:15.430450
 Last timestamp:                  2021/12/15 08:36:15.545485
 Duration:                                   00:00:00.115035
 Average Round-Trip-Time:                              0.005 sec
 Final Round-Trip-Time:                                0.042 sec
 Final state:                          CLOSED (ACTIVE CLOSE)
 Out-of-order timestamps:                                  0

Data Quantity & Throughput:         Inbound,        Outbound
 Application data bytes:               4998,             653
 Sequence number delta:                5000,             655
 Total bytes Sent:                     4998,             654
 Bytes retransmitted:                     0,               0
 Throughput:                         42.442,           5.545 Kilobytes/s
 Bandwidth utilization:               3.47%,           0.45%
 Delay ACK Threshold:                   200,             200 ms
 Minimum Ack Time:                 0.000004,        0.000019
 Average Ack Time:                 0.003466,        0.000081
 Maximum Ack Time:                 0.009125,        0.000200

Data Segment Stats:                 Inbound,        Outbound
 Number of data segments:                 7,               7
 Maximum segment size:                 8952,            1460
 Largest segment size:                 1448,             322
 Average segment size:                  714,              93
 Smallest segment size:                  51,               6
 Segments/window:                       2.3,             1.0
 Average bytes/window:                 1666,              93
 Most bytes/window:                    4413,             322

Protocol Report

  Total   Input        Data  Output        Data     First yyyy/mm/dd hh.mm.ss      Last yyyy/mm/dd hh.mm.ss Protocol
     32      15        4998      17         654         1 2021/12/15 08:36:15        32 2021/12/15 08:36:15 6(TCP)
     32      15        4998      17         654  Total

     1 Protocol(s) found

Protocol Summary Report
                Input                  Output                 Total
Protocol  Packets         Bytes  Packets         Bytes  Packets         Bytes
Tcp            15          4998       17           654       32          5652
Udp             0             0        0             0        0             0
Icmp            0             0        0             0        0             0
SNA             0             0        0             0        0             0
Other           0             0        0             0        0             0

Data Byte Totals
  Ip header:                  640
  Protocol Header:           1024
  Data :                     5652
  Total:                     7316

Why is the IPCM2312 message reporting very different input/output numbers to what was actually transmitted?

Release : 12.2

Component : NetMaster Network Management for TCP/IP

Port 443 is HTTPS. The packet trace is reporting all the data flowing, including certificates, which are typically 100s to 1000s of bytes. SMF is reporting the application payload only.

IPCM2312 is getting the data from SMF, so this explains the difference.