I am using Wireshark to capture and analyse the data from the radiotap header and the frame metadata. I would like to know if the epoch time
from the frame
metadata is the arrival time on the router or arrival time on my device.
I know epoch time
is the time in microseconds since Epoch ( 1st January 1970 ). So i am using it as the time my device has captured the packet.
I am making a project that uses the difference between the MAC timestamp
( Stamp given in the router ) and the time my device captured the packet and i am using those two fields to get said difference.
The doubt came from the fact that this difference is always in the interval of 0.25 to 2.75 Microseconds, independent of where my computer was capturing the packets. So i wanted to make sure that:
The MAC Timestamp
is a timestamp that the Access Point ( My router ) puts into the packet before sending it out and the Epoch Time
is a timestamp my computer puts on the frame metadata when said packet was captured.
Is that correct? If not, how can i determine the time my packet was captured?
Edit: Fixing field name for Epoch time.