Include the file with the captured data in your lab report. Save the details of the captured traffic, using the Print detail option in the Print window. Describe the differences between the files saved by tcpdump (in Part 7) and by ethereal (in this part).

What will be an ideal response?

```
Frame 1 (42 on wire, 42 captured)
Arrival Time: Aug 5, 2003 19:59:44.220000
Time delta from previous packet: 0.000000 seconds
Time relative to first packet: 0.000000 seconds
Frame Number: 1
Packet Length: 42 bytes
Capture Length: 42 bytes
Ethernet II
Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Source: 00:00:c0:ba:4f:00 (00:00:c0:ba:4f:00)
Type: ARP (0x0806)
Address Resolution Protocol (request)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
Sender hardware address: 00:00:c0:ba:4f:00
Sender protocol address: 10.0.1.11
Target hardware address: 00:00:00:00:00:00
Target protocol address: 10.0.1.13
Frame 2 (60 on wire, 60 captured)
Arrival Time: Aug 5, 2003 19:59:44.220000
Time delta from previous packet: 0.000000 seconds
Time relative to first packet: 0.000000 seconds
Frame Number: 2
Packet Length: 60 bytes
Capture Length: 60 bytes
Ethernet II
Destination: 00:00:c0:ba:4f:00 (00:00:c0:ba:4f:00)
Source: 00:00:c0:83:4f:00 (00:00:c0:83:4f:00)
Type: ARP (0x0806)
Trailer: 00000000000000000000000000000000...
Address Resolution Protocol (reply)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: reply (0x0002)
Sender hardware address: 00:00:c0:83:4f:00
Sender protocol address: 10.0.1.13
Target hardware address: 00:00:c0:ba:4f:00
Target protocol address: 10.0.1.11
Frame 3 (98 on wire, 98 captured)
Arrival Time: Aug 5, 2003 19:59:44.220000
Time delta from previous packet: 0.000000 seconds
Time relative to first packet: 0.000000 seconds
Frame Number: 3
Packet Length: 98 bytes
Capture Length: 98 bytes
Ethernet II
Destination: 00:00:c0:83:4f:00 (00:00:c0:83:4f:00)
Source: 00:00:c0:ba:4f:00 (00:00:c0:ba:4f:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.1.11 (10.0.1.11), Dst Addr: 10.0.1.13 (10.0.1.
13)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0x0000
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (0x01)
Header checksum: 0x2492 (correct)
Source: 10.0.1.11 (10.0.1.11)
Destination: 10.0.1.13 (10.0.1.13)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x60a2 (correct)
Identifier: 0x6c05
Sequence number:
0000 a0 bc 02 27 9a 71 03 00 08 09 0a 0b 0c 0d 0e 0f ...'.q..........
0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................
0020 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./
0030 30 31 32 33 34 35 36 37 01234567
```
1. Tcpdump only shows the decoding of the packet type, source address and destination address while
ethereal decodes every fields in the header. Thus it is much more detailed.
2. Tcpdump only shows the information of the highest layer protocol for example in the output of
ping, tcpdump only shows the information of ICMP layer but doesn’t say anything about the outer IP
header except for the address. While in the output of ethereal all of Ethernet frame header, ARP,
ICMP header and contents are decoded, separated and shown.
3. Tcpdump shows the absolute time of packets capturing whereas ethereal also shows time intervals
between the captures.
Finally, ethereal is windows application which the user can use much easier than the text-based
tcpdump, and the analyzer of the captured packets prints them with human readable format which
makes ethereal much easier to use and analyze the network packet flows.