1 | initial version |
It means that if you have:
Wireshark will provide a UI option that lets you request hardware time stamping of packet arrival times.
Note that the Linux time stamps in question appear to be in units of seconds and fractions of a second that have elapsed since 1970-01-01 00:00:00 TAI, not seconds and fractions of a second that have elapsed since 1970-01-01 00:00:00 UTC, and not "seconds (and fractions of a second) since the Epoch" (which is not to be confused with seconds that have elapsed since 1970-01-01 00:00:00 UTC, because "seconds since the Epoch" is really "seconds since the Epoch, not counting leap seconds").
That's not noted in any fashion in the capture file, so those values get supplied to the OS's standard time conversion routines, meaning they'll be off from UTC by a few seconds, and may be different from times in packets that don't have hardware time stamps, such as packets sent by the machine running Wireshark, as those use the OS clock which is either seconds and fractions of a second that have elapsed since 1970-01-01 00:00:00 UTC or "seconds (and fractions of a second) since the Epoch".