Wireshark and Time Zones
If we frequently travel across different time zones then it becomes quite confusing if we get a capture file from a different time zone. But we do not need to worry about the timezone as we are only interested in the time differences between the packet time stamps. The packets in the capture file format like libpcap, Windows Sniffer, *Peek, Sun snoop formats, and newer versions of the Microsoft Network Monitor and Network Instruments/Viavi Observer have arrival time as UTC values. Also, UNIX and Windows NT-based systems use time internally as UTC values.
The packets in the capture file format like OOS-based Sniffer and older versions of the Microsoft Network Monitor and Network Instruments/Viavi Observer have arrival time set as local time values. While capturing the packets in Wireshark, Npcap converts the local time to UTC before delivering it to Wireshark. The conversion will not take place correctly if the time zone of the system is not set properly.
The capture file saves the arrival time of the packet as UTC values which means that the packet arrival will be displayed in local time, and it might not be the same as the arrival time in which the packet was captured. The capture file saves the arrival time of the packet as local time values, the conversion to UTC values will be done using your time zone’s offset from UTC and DST rules.
Time Zones in Wireshark
A Time Zone is a region on earth that is bound by longitudinal lines or in simpler words a geographical region having the same standard time. These lines sometimes called meridians that run vertically from the north to the South Pole each 15° apart. These meridians divide the earth into 24 different time zones having a local time that corresponds to the sunset in that zone.