Wireshark Internal Format
The internal format of the packet captured by Wireshark typically consists of the date and time of day (in nanoseconds). However, we can change the format in which the Wireshark displays the time stamp by changing the format in the “Time Display Format” menu item in the “View” menu.
The timestamp data between the capture file format and the internal format can be changed while reading and writing a capture file.
Time Stamps in Wireshark
A timestamp is a sequence of characters that determines when a certain event occurred, usually the date and time of day and even accurately to a small fraction of a second. When we capture packets in Wireshark, each and every packet is time-stamped and saved to the capture file, so that it can be used for further analysis. The packets get their timestamp from the libpcap (Npcap) library. The host kernel provides the system’s time to the libpcap library.