A Time Zone is a region on earth that is bound by longitudinal lines or in simpler words a geographical region having the same standard time. These lines sometimes called meridians that run vertically from the north to the South Pole each 15° apart. These meridians divide the earth into 24 different time zones having a local time that corresponds to the sunset in that zone.
Different TimeZones:
Due to the rotation of the earth, different parts of the earth receive different amounts of sunlight causing morning, evening, and night. Now, if we had one time zone, then 12 pm would be noon in some places, but it would be night or evening in other places which would be inconvenient. Therefore, the scientists made different time zones according to the earth’s rotation with respect to the sun. Since the earth rotates 360° in 24 hours this means in one hour the earth moves by 15°. Thus, we divide the planet into 24 sections or time zones. Each section or region was about 15 degrees wide and had a specific standard time. This helped us know the proper time of the day in that part of the world.
Daylight Saving Time (DST):
Daylight Saving Time (DST) is the practice of turning the clock ahead as warmer weather approaches so that darkness falls at a later time and moves back as it becomes colder again. Toward the end of March countries in the Northern Hemisphere set their clocks ahead by one hour to push sunsets later in the evenings and sunrises later in the morning. Then, in late October, they are wound back by an hour, subtracting an hour of daylight from the evening and making the early mornings brighter. While in the Southern Hemisphere, the reverse occurs, with daylight saving time taking place during the summers. DST is practiced to better use daylight by extending the amount of time we can spend outside during daylight hours.
Wireshark and Time Zones:
If we frequently travel across different time zones then it becomes quite confusing if we get a capture file from a different time zone. But we do not need to worry about the timezone as we are only interested in the time differences between the packet time stamps. The packets in the capture file format like libpcap, Windows Sniffer, *Peek, Sun snoop formats, and newer versions of the Microsoft Network Monitor and Network Instruments/Viavi Observer have arrival time as UTC values. Also, UNIX and Windows NT-based systems use time internally as UTC values.
The packets in the capture file format like OOS-based Sniffer and older versions of the Microsoft Network Monitor and Network Instruments/Viavi Observer have arrival time set as local time values. While capturing the packets in Wireshark, Npcap converts the local time to UTC before delivering it to Wireshark. The conversion will not take place correctly if the time zone of the system is not set properly.
The capture file saves the arrival time of the packet as UTC values which means that the packet arrival will be displayed in local time, and it might not be the same as the arrival time in which the packet was captured. The capture file saves the arrival time of the packet as local time values, the conversion to UTC values will be done using your time zone’s offset from UTC and DST rules.
Time Zone Examples for UTC Arrival Times:
Component |
Los Angeles |
New York |
London |
India |
Tokyo |
---|---|---|---|---|---|
Capture File (UTC) |
10:00 |
10:00 |
10:00 |
10:00 |
10:00 |
Local Offset to UTC |
-8 |
-5 |
0 |
+5:30 |
+9 |
Displayed Time (Local Time) |
02:00 |
05:00 |
10:00 |
15:30 |
19:00 |
Therefore, there is no need to bother about the date and time of the time stamp unless you must make sure that the date and time are as expected. If we get a capture file from a different time zone or DST, in that case, we need to find out the difference between the local time zone and that time zone or DST and manually adjust the time stamp accordingly.