Looking at V5 of the PCAP next-generation capture file format specification. It appears that the if_tsoffset is a signed 64-bit integer. However, it seems that it was implemented as an unsigned 64-bit interger.
I suspect that it is signed so that packets before 1970-01-01 00:00:00 UTC can be represented, though I admit that its usefulness would be niche.
Looking at V5 of the PCAP next-generation capture file format specification. It appears that the
if_tsoffsetis a signed 64-bit integer. However, it seems that it was implemented as an unsigned 64-bit interger. I suspect that it is signed so that packets before 1970-01-01 00:00:00 UTC can be represented, though I admit that its usefulness would be niche.