Read this:
https://www.wireguard.com/#simple-network-interface
TLDR;
WireGuard takes whatever you ask it and encrypts it into a UDP packet then sends it to its peer at the end of the tunnel.
The peer decrypts the packet and sends it on its way.
What’s inside your packets?
In the case of a request for a web site (CNN dot COM) this would be a TCP http(s) packet and the whole thing is encrypted and encapsulated into a UDP packet then sent to the peer at the end of the tunnel. The peer sends the un-encapsulated TCP http(s) packet to the guard. The return trip is the opposite. The guard would see the IP of the peer at the end of the tunnel.
If the request is, let’s say, a regular UDP DNS request or an ICMP ping then I would guess that it is sent on its way directly to the internet in the same manner as if Tor would not be its destination. The return trip is the opposite.
Is un-encapsulated even a word?? If not I claim a copyright or left. 