UNIVERSTY COLLEGE OF ENGINEERING

NAGERCOIL
(ANNA UNIVERSITY CONSTITUENT COLLEGE)
KONAM, NAGERCOIL - 629 004

RECORD NOTE BOOK

NETWORK SECURITY LABORATORY – CCS354

Register No :

Name :

Year/Semester :

Department :
 UNIVERSTY COLLEGE OF ENGINEERING
NAGERCOIL
(ANNA UNIVERSITY CONSTITUENT COLLEGE)
KONAM, NAGERCOIL - 629 004

Register No:

Certified that, this is the bonafide record of work done by Mr./Ms.

…………………………………………………………. Of VI Semester in Information
Technology of this college, in the CCS354 – Network Security Laboratory
2024 in partial fulfilment of the requirements of the B.Tech Degree course
of the Anna University Chennai.

Staff-in-charge Head of the Department

This record is submitted for the University Practical Examination held

on……………………………..

Internal Examiner External Examiner

 Index

Ex Date Name Of The Experiment Page Staff

No No Signature

1. Implement Symmetric key algorithm

2. Implement Asymmetric key algorithms and key

exchange algorithms

3. Implement digital signature schemes

4 a. Installation of Wireshark

4 b. Observation of data transferred in client-server

communication using UDP/TCP and identify UDP/TCP
datagram

5. Check message integrity and confidentiality using SSL

6. Experiment Eavesdropping, Dictionary Attacks and

MITM Attacks

7. Experiment with Sniff Traffic using ARP Poisoning

8. Demonstrate intrusion detection system using Snort

tool

9. Explore network monitoring tools

10. Study to configure Firewall and VPN

Ex.No:1
Date: Implement symmetric key algorithms

Aim:

To implement the symmetric key algorithm using Java programming.

Algorithm:

Step1: Key Generation:

Generate a secure random key of appropriate length for AES. AES supports key lengths of 128, 192, or
256 bits.
Step2: Encryption Process:
Step2.2: Initial Round:
Add the initial round key (generated in the key generation step).
Step2.3: Rounds:
Perform a number of rounds (10, 12, or 14 depending on the key size) of substitution,
permutation, and mixing operations.
Step2.4: Final Round:
Perform a final round that excludes the mixing operation.
Step3: Decryption Process:
Step3.1: Initial Round:
Add the final round key.
Step3.2:Rounds:
Perform the inverse operations of the encryption rounds in reverse order.
Step3.3:Final Round:
Add the initial round key.
Step3.4: Key Expansion:
Expand the key into a key schedule to generate round keys for each round of encryption and
decryption.
Step3.5: Substitution:
Substituting bytes from the input block with bytes in a substitution table (S-box).
Step3.6: Permutation:
Rearranging the bytes in the block.
Step3.7: Mixing:
Mixing the bytes within each column of the block.
Step3.8: Round Keys:
Generate round keys from the initial key using a key schedule algorithm.
Step 3.9: Finalization:
After the final round of encryption, the resulting ciphertext is the encrypted message. After the
final round of decryption, the resulting plaintext is the decrypted message.
Program:
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
public class Main {
public static void main(String[] args) throws Exception {
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
String originalMessage = "Hello, world!";
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encryptedMessage = cipher.doFinal(originalMessage.getBytes(StandardCharsets.UTF_8));
String encodedMessage = Base64.getEncoder().encodeToString(encryptedMessage);
System.out.println("Original Message: " + originalMessage);
System.out.println("Encrypted Message: " + encodedMessage);
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] decryptedMessage = cipher.doFinal(Base64.getDecoder().decode(encodedMessage));
System.out.println("Decrypted Message: " + new String(decryptedMessage, StandardCharsets.UTF_8));
}
}
Output:
Result:
Thus the symmetric key algorithm was implemented successfully using Java programming.
Ex.No:2
Date: Implement Asymmetric Key Algorithms And Key Exchange
Algorithm

Aim:
To implement asymmetric key algorithm and key exchange algorithm using Java.

Algorithm:
RSA Algorithm:
Step 1:Key Generation:
Step 1.1: Choose two large prime numbers, p and q.
Step 1.2: Calculate n = p * q.
Step 1.3: Compute Euler's totient function, φ(n) = (p-1) * (q-1).
Step 1.4: Choose a public exponent e such that 1 < e < φ(n) and e is coprime with φ(n).
Step 1.5: Calculate the private exponent d such that d ≡ e^(-1) mod φ(n).
Step 2: Public Key: {e, n}.
Step 3: Private Key: {d, n}.
Step 4:Encryption:
Given a plaintext message M, compute the ciphertext C using C ≡ M^e mod n.
Step 5:Decryption:
Given a ciphertext C, compute the original message M using M ≡ C^d mod n.

Diffie-Hellman Algorithm:
Step 1:Key Generation:
Step 1.1: Choose a large prime number p.
Step 1.2: Choose a primitive root modulo p, denoted as g.
Step 1.3: Each party selects a private key a or b.
Step 1.4: Compute the public key A or B by calculating A ≡ g^a mod p or B ≡ g^b mod p.
Step 2: Key Exchange:
Step 2.1: Parties exchange their public keys (A and B).
Step 2.2: Compute the shared secret key using s = A^b mod p or s = B^a mod p.
Program:

import java.math.BigInteger;
import java.security.SecureRandom;
public class AsymmetricKey {
public static void main(String[] args) {
RSA rsa = new RSA(1024);
String plaintext = "Hello, world!";
BigInteger encrypted = rsa.encrypt(new BigInteger(plaintext.getBytes()));
BigInteger decrypted = rsa.decrypt(encrypted);
System.out.println("RSA Encrypted: " + encrypted);
System.out.println("RSA Decrypted: " + new String(decrypted.toByteArray()));
DiffieHellman alice = new DiffieHellman();
DiffieHellman bob = new DiffieHellman();
BigInteger alicePublicKey = alice.getPublicKey();
BigInteger bobPublicKey = bob.getPublicKey();
BigInteger sharedSecretAlice = alice.generateSharedSecret(bobPublicKey);
BigInteger sharedSecretBob = bob.generateSharedSecret(alicePublicKey);
System.out.println("Alice's shared secret: " + sharedSecretAlice);
System.out.println("Bob's shared secret: " + sharedSecretBob);
}
}
class RSA {
private BigInteger n;
private BigInteger e;
private BigInteger d;
private int bitLength;
public RSA(int bitLength) {
this.bitLength = bitLength;
SecureRandom rnd = new SecureRandom();
BigInteger p = BigInteger.probablePrime(bitLength / 2, rnd);
BigInteger q = BigInteger.probablePrime(bitLength / 2, rnd);
n = p.multiply(q);
BigInteger phi = p.subtract(BigInteger.ONE).multiply(q.subtract(BigInteger.ONE));
e = BigInteger.probablePrime(bitLength / 2, rnd);
 while (phi.gcd(e).compareTo(BigInteger.ONE) > 0 && e.compareTo(phi) < 0) {
e.add(BigInteger.ONE);
}
d = e.modInverse(phi);
}
public BigInteger encrypt(BigInteger plaintext) {
return plaintext.modPow(e, n);
}
public BigInteger decrypt(BigInteger ciphertext) {
return ciphertext.modPow(d, n);
}
}
class DiffieHellman {
private static final BigInteger P = new BigInteger("23");
private static final BigInteger G = new BigInteger("5");
private BigInteger privateKey;
private BigInteger publicKey;
public DiffieHellman() {
SecureRandom rnd = new SecureRandom();
privateKey = new BigInteger(32, rnd);
publicKey = G.modPow(privateKey, P);
}
public BigInteger getPublicKey() {
return publicKey;
}
public BigInteger generateSharedSecret(BigInteger otherPublicKey) {
return otherPublicKey.modPow(privateKey, P);
}
}
Output:
Result:

Thus the asymmetric key algorithm and key exchange algorithm war implemented successfully using
Java programming.
Ex.No:3
Date: Implement Digital Signature Schemes

Aim:
To implement digital signature schemes using Java programming.

Algorithm:
Step 1: Key Pair Generation:
Step 1.1: Initialize a KeyPairGenerator instance with the RSA algorithm.
Step 1.2: Set the desired key size (2048 bits in this case).
Step 1.3: Generate a key pair (PublicKey and PrivateKey).
Step 2: Signing:
Step 2.1: Initialize a Signature instance with the desired algorithm (SHA256withRSA).
Step 2.2: Initialize the signature object for signing with the private key obtained from the key pair.
Step 2.3: Prepare the data to be signed (in this case, the byte array representation of the message).
Step 2.4 Update the signature with the data.
Step 2.5: Generate the digital signature by calling the sign() method.
Step 3: Verification:
Step 3.1: Initialize another Signature instance for verification with the same algorithm.
Step 3.2: Initialize the signature object for verification with the public key obtained from the key pair.
Step 3.3: Update the verification signature with the same data.
Step 3.4: Perform the verification by calling the verify() method with the digital signature.
Step 3.5: The method returns a boolean indicating whether the signature is valid or not.
Program:

import java.security.*;
import java.util.Base64;
public class DigitalSignatureExample {
public static void main(String[] args) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(keyPair.getPrivate());
byte[] data = "Hello, this is a message to be signed!".getBytes();
signature.update(data);
byte[] digitalSignature = signature.sign();
System.out.println("Digital Signature: " + Base64.getEncoder().encodeToString(digitalSignature));
Signature signatureVerifier = Signature.getInstance("SHA256withRSA");
signatureVerifier.initVerify(keyPair.getPublic());
signatureVerifier.update(data);
boolean isSignatureValid = signatureVerifier.verify(digitalSignature);
System.out.println("Is Signature Valid? " + isSignatureValid);
}
}
Output:
Result:
Thus the digital signature schemes was implemented successfully using Java programming.
Ex.No:4 a
Installation Of Wireshark
Date:

Aim:
To install and capture network traffic using Wireshark.

Wireshark:
Wireshark is a network protocol analyzer that captures and inspects data on a network. It allows users
to analyze the traffic and troubleshoot network issues. Wireshark supports various protocols and provides a
graphical interface for detailed packet analysis. It's an open-source tool widely used for network
troubleshooting and security analysis.

Purpose:

1. Network Troubleshooting:
Wireshark helps network administrators and IT professionals diagnose and troubleshoot network
issues. By capturing and examining network packets, they can identify problems like latency, packet loss,
misconfigurations, or security issues.

2.Security Analysis:
Wireshark can be used to monitor and detect suspicious or malicious network activity. It can help
security professionals identify potential security breaches, malware infections, or unauthorized access
attempts by inspecting packet contents.

3.Protocol Analysis:
Wireshark supports a wide range of network protocols and can dissect and display the details of these
protocols. It's an invaluable tool for understanding how different network protocols work and for debugging
issues related to protocol interactions.

4.Performance Optimization:
By analyzing network traffic patterns and packet flow, Wireshark can be used to optimize network
performance. It can help in identifying bottlenecks, unnecessary traffic, and other issues that can be
addressed to improve network efficiency.
5.Network Monitoring and Management:
Wireshark can be used for ongoing network monitoring. It provides insights into network usage,
which can be useful for capacity planning, bandwidth management, and ensuring network resources are
allocated appropriately.

6.Education and Training:

Wireshark is often used as a teaching tool in networking and cybersecurity courses. Students can
learn about network protocols, packet analysis, and network security by using Wireshark to capture and
analyze network traffic.

7.Compliance and Forensics:

Organizations may use Wireshark to maintain records of network activity for compliance purposes. It
can also be valuable in forensic investigations to reconstruct network events and determine the cause of
incidents or breaches.

Software & Hardware Requirements:

 64-bit AMD64/x86-64 or 32-bit x86 CPU architecture.

 At least 500 MB available RAM. It requires more RAM to process Larger capture files.
 At least 500 MB of available disk space. The capture files require extra disk space.
 It requires a minimum resolution of 1280 × 1024 or higher.

Steps to Install Wireshark:

Step 1: Visit the official Wireshark website using any web browser.

Fig 4.1: Wireshark official website

Step 2: Click on Download, a new webpage will open with different installers of Wireshark.

Fig 4.2: Wireshark versions

Step 3: Downloading of the executable file will start shortly. It is a small 73.69 MB file that will take some
time.

Fig 4.3: Wireshark file Info

Step 4: Now check for the executable file in downloads in your system and run it.

Fig 4.4: Run Wireshark

Step 5: Setup screen will appear, click on Next.

Fig 4.5: Wireshark setup wizard

Step 6: The next screen will be of License Agreement, click on Noted.

Fig 4.6: Accept the licence agreement

Step 7: This screen is for choosing components, all components are already marked so don’t change
anything just click on the Next button.

Fig 4.7:Choose components

Step 8: This screen is of choosing shortcuts like start menu or desktop icon along with file extensions which
can be intercepted by Wireshark, tick all boxes and click on Next button.

Fig 4.8: Create shotcuts

Step 9: The next screen will be of installing location so choose the drive which will have sufficient memory
space for installation. It needed only a memory space of 223.4 MB.

Fig 4.7:Choose installation location

Step 10: Next screen has an option to install Npcap which is used with Wireshark to capture packets pcap
means packet capture so the install option is already checked don’t change anything and click the next.

Fig 4.8:Install Npcap

Step 11: Next screen is about USB network capturing so it is one’s choice to use it or not, click on Install.

Fig 4.9: USB capture

Step 12: After this installation process will start

Fig 4.10: Installing Wireshark

Step 13: This installation will prompt for Npcap installation as already checked so the license agreement of
Npcap will appear to click on the I Agree button.

Fig 4.11:Accept the aggrement

Step 14: Next screen is about different installing options of npcap, don’t do anything click on Install.

Fig 4.12: Imstallation Options

Step 15: After this installation process we will start Wireshark.

Fig 4.13:Installing wireshark

Step 16: After this installation process will complete click on the Next button.

Fig 4.14: Installation complete

Step 18: Click on Finish after the installation process of Wireshark is complete.

Fig 4.15: Wireshark installed successfully

Wireshark is successfully installed on the system and an icon is created on the desktop.
Output:

View and Capture Network Traffic Using Wireshark

Fig 4.16: Home page of Wireshark

Fig 4.17: View and capture network traffic

Result:
Thus the wireshark was installed and network traffic was viewed successfully.
Ex No: 4 b
Observation of data transferred in client-server
Date:
communicaton using UDP/TCP and identify
the UDP/TCP datagram

Aim:
To observe the data transferred in client-server communication using UDP/TCP and identify the
UDP/TCP datagram.

Algorithm:

UDP SERVER:
Step 1: Create a DatagramSocket
Step 2: Create Byte Arrays for Sending and Receiving Data
Step 3: Listen for Incoming Datagram Packets in a Loop
Step 4: Receive Datagram Packet
Step 5: Extract Data from Datagram Packet
Step 6: Extract Client's IP Address and Port Number
Step 7: Print Received Datagram Information
Step 8: Trim the Received Data
Step 9: Repeat the Loop

UDP Client:
Step 1: Initialize BufferedReader and DatagramSocket
Step 2: Convert Input String to Byte Array
Step 3: Create DatagramPacket
Step 4: Send DatagramPacket
Step 5: Close DatagramSocket
Program:
UDPServer.java
import java.io.*;
import java.net.*;
class UDPServer {
public static void main(String args[]) throws Exception {
DatagramSocket serverSocket = new DatagramSocket(9876);
byte[] receiveData = new byte[1024];
byte[] sendData = new byte[1024];
while (true) {
DatagramPacket receivePacket = new DatagramPacket(receiveData,
receiveData.length);
serverSocket.receive(receivePacket);
String sentence = new String(receivePacket.getData());
InetAddress IPAddress = receivePacket.getAddress();
int port = receivePacket.getPort();
System.out.println("UDP Datagram Received from " + IPAddress + ":" + port);
System.out.println("Data: " + sentence.trim());
System.out.println("Protocol: UDP\n");
}
}
}

UDPClient.java
import java.io.*;
import java.net.*;
class UDPClient {
public static void main(String args[]) throws Exception {
BufferedReader inFromUser = new BufferedReader(new
InputStreamReader(System.in));
DatagramSocket clientSocket = new DatagramSocket();
InetAddress IPAddress = InetAddress.getByName("localhost");
byte[] sendData = new byte[1024];
byte[] receiveData = new byte[1024];
 System.out.println("Type a message:");
String sentence = inFromUser.readLine();
sendData = sentence.getBytes();
DatagramPacket sendPacket = new DatagramPacket(sendData, sendData.length,
IPAddress, 9876);
clientSocket.send(sendPacket);
clientSocket.close();
}
}
Output:
Result:
Thus the Java program to observe data transferred in client-server Communication using UDP and to
identify UDP datagram was written and executed successfully.
Ex No:5
Date: Check Message Integrity and Confidentiality using SSL

Aim:
To check message integrity and confidentiality using SSL.

Algorithm:

Step 1: Creating Keystore:

Use the keytool command to generate a KeyStore file named samlKeystore.jks. This command
generates a key pair (public and private keys) with RSA algorithm, sets the validity for 365 days, and assigns
an alias myserverkey. The Distinguished Name (DN) for the certificate is provided as
"CN=localhost,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown".
Step 2: Client Code:
Step 2.1: The client code loads the truststore (samlKeystore.jks) using the password "password".
Step 2.2: It sets up the trust manager factory and SSL context.
Step 2.3: It creates an SSL socket factory and establishes a connection with the server.
Step 2.4: It sends a message to the server and reads the response.
Step 3: Server Code:
Step 3.1: The server code loads the keystore (samlKeystore.jks) using the password "password".
Step 3.2: It sets up the key manager factory and SSL context.
Step 3.3: It creates an SSL server socket and waits for client connections.
Step 3.4: Upon connection, it reads the message from the client, sends a response, and closes the
connection.
Program:
Client.java:
import javax.net.ssl.*;
import java.io.*;
import java.security.*;
public class Client {
public static void main(String[] args) throws Exception {
char[] truststorePassword = "password".toCharArray();
KeyStore trustStore = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream("samlKeystore.jks");
trustStore.load(fis, truststorePassword);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory sf = sslContext.getSocketFactory();
SSLSocket socket = (SSLSocket) sf.createSocket("localhost", 9999);
PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
BufferedReader in = new BufferedReader(new
InputStreamReader(socket.getInputStream()));
out.println("Hello from client");
String response = in.readLine();
System.out.println("Response from server: " + response);
out.close();
in.close();
socket.close();
}
}

Server.java:
import javax.net.ssl.*;
import java.io.*;
import java.security.*;
public class Server {
public static void main(String[] args) {
 try {
char[] keystorePassword = "password".toCharArray();
char[] keyPassword = "password".toCharArray();
KeyStore keyStore = KeyStore.getInstance("JKS");
try (FileInputStream fis = new FileInputStream("samlKeystore.jks")) {
keyStore.load(fis, keystorePassword);
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keyStore, keyPassword);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory ssf = sslContext.getServerSocketFactory();
SSLServerSocket serverSocket = (SSLServerSocket) ssf.createServerSocket(9999);
System.out.println("Server started. Waiting for client connection...");
SSLSocket socket = (SSLSocket) serverSocket.accept();
BufferedReader in = new BufferedReader(new
InputStreamReader(socket.getInputStream()));
PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
String message = in.readLine();
System.out.println("Received message from client: " + message);
out.println("Message received by server");
out.close();
in.close();
socket.close();
serverSocket.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}

KeyStore:
Command to create KeyStore file:
Keytool -genkeypair -keyalg RSA -keysize 2048 -validity 365 -alias myserverkey -keystore
samlKeystore.jks -storepass password -keypass password -dname
“CN=localhost,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown”
Output:
Result:
Thus the message integrity and confidentiality was checked successfully.
Ex No:6
Date: Experiment Eavesdropping, Dictionary Attacks and MITM Attacks

Aim:
To experiment eavesdropping, dictionary attack and MITM attacks.

Dictionary Attack:

A Dictionary Attack is an attack vector used by the attacker to break in a system, which is password
protected, by putting technically every word in a dictionary as a form of password for that system. This
attack vector is a form of Brute Force Attack.
Like the brute force attack, the dictionary attack aims to break in by logging in using username and
password combinations. It is only inefficient as far as its overall success rate: automated script scan do this
in a matter of seconds.
A hacker will look for applications and websites that don’t lock a user out quickly for incorrect
username and password combinations and don’t require other forms of authentication when signing in. Sites
that allow simple passwords are especially vulnerable.
Suppose the target website or application does not adequately monitor suspicious behaviour like this
or has lax password rules. In that case, the website runs a high risk of data disclosure resulting from a
dictionary attack. Leaked password databases have become a common feature of modern dictionary attacks.
Attempting to log in with username and password combinations used multiple times elsewhere makes these
dictionary attacks much more successful and potentially harder to detect on the application or website’s end.

Fig 6.1: Dictionary Attack

Eavesdropping:
Eavesdropping refers to the unauthorised and unseen intervention of a private, live conversation.
Sniffing or Eavesdropping pertains to the act of acquiring or intercepting data by capturing the
communication flow within a network using a packet sniffer tool.
 This technique involves monitoring the packets of information passing through the network, allowing
unauthorized access to sensitive data, akin to theft or unauthorized interception of information.

Fig 6.2: Eavesdropping

During the transmission of data across networks, if the data packets lack encryption, they become
vulnerable to interception, enabling unauthorized parties to read the contents of these network packets with
the use of a sniffer.

Categories of Network Sniffing:

Active and Passive Sniffing attacks are two distinct categories of network sniffing techniques used by
attackers to intercept and analyze data traffic.
1. Active Sniffing: Active Sniffing is performed through a Switch and it is easy to detect. It involves
more direct interaction with the network traffic. Instead of just observing and capturing data, the attacker
actively injects or modifies packets within the communication flow.
2. Passive Sniffing: Passive Sniffing is performed through a Hub which is difficult to detect. It
involves silently capturing and monitoring network traffic without altering or modifying thedata being
transmitted. The attacker’s presence is relatively discreet, as they do not actively participate in the
communication process. They just observe the data that flows through the network, looking for
sensitive/crucial information that is not encrypted.

Procedure:
Step 1: Launch the Wireshark software on your computer and choose the ‘eth0’ option, In your web
browser, input the URL we want to capture login credentials from.
Step 2: Input the login credentials, which are ‘test’, and then click on the login button.
Step 3: Then by entering ‘http’ in the filter section, the captured packets using the HTTP protocol will be
shown. Choose ‘Follow’ to access additional options, then select ‘http stream’ from the available choices.
Step 4: Explore the provided information, and you will uncover the login credentials.
Output:

Fig 6.3: Home Page of Wireshark

Fig 6.4: Filter HTTP protocol

 Fig 6.5: HTTP stream

Fig 6.6: Uncover the login information

Result:
Thus the eavesdropping, dictionary attack and MITM attacks was implemented successfully.
Ex.No:7
Date: Experiment With Sniff Traffic using ARP Poisoning

Aim:

To perform sniff traffic using ARP poisoning.

Address Resolution Protocol(ARP):

Address Resolution Protocol (ARP) is used to convert IP address to physical address.The host sends
an ARP broadcast on the network, and the recipient computer responds with its MAC address.The resolved
IP/MAC address is then used to communicate. ARP poisoning is sending fake MAC addresses to the switch
so that it can associate the fake MAC addresses with the IP address of a computer on a network and hijack
the traffic.

ARP Poisoning Countermeasures:

Static ARP entries:

These can be defined in the local ARP cache and the switch configured to ignore all auto ARP reply
packets. The disadvantage of this method is, it’s difficult to maintain on large networks. IP/MAC address
mapping has to be distributed to all the computers on the network.

ARP poisoning detection software:

These systems can be used to cross check the IP/MAC address resolution and certify them if they are
authenticated. Uncertified IP/MAC address resolutions can then be blocked.

Operating System Security:

This measure is dependent on the operating system been used. The following are the basic techniques
used by various operating systems.
 Linux based: These work by ignoring unsolicited ARP reply packets.
 Microsoft Windows: The ARP cache behavior can be configured via the registry.
The following list includes some of the software that can be used to protect networks against
sniffing;
 AntiARP: Provides protection against both passive and active sniffing
 Agnitum Outpost Firewall: Provides protection against passive sniffing
 XArp: Provides protection against both passive and active sniffing
 Mac OS: ArpGuard can be used to provide protection. It protects against both active and
passive sniffing.
Computers communicate using networks:
These networks could be on a local area network LAN or exposed to the internet. Network Sniffers
are programs that capture low-level package data that is transmitted over a network. An attacker can analyze
this information to discover valuable information such as user ids and passwords.

Network Sniffing:
Computers communicate by broadcasting messages on a network using IP addresses. Once a
message has been sent on a network, the recipient computer with the matching IP address responds with its
MAC address.
Network sniffing is the process of intercepting data packets sent over a network. This can be done by
the specialized software program or hardware equipment. Sniffing can be used to;
 Capture sensitive data such as login credentials
 Eavesdrop on chat messages
Capture files have been transmitted over a network The following are protocols that are vulnerable to
sniffing
 Telnet
 Rlogin
 HTTP
 SMTP
 NNTP
 POP
 FTP
 IMAP
The above protocols are vulnerable if login details are sent in plain text.
 Fig 7.1: Network Sniffing

Hub:
A hub works by sending broadcast messages to all output ports on it except the one that has sent the
broadcast. The recipient computer responds to the broadcast message if the IP address matches. This means
when using a hub, all the computers on a network can see the broadcast message. It operates at the physical
layer (layer 1) of the OSI Model. Fig 7.2 illustrates how the hub works.

Fig 7.3: Hub

Switch:
A switch works differently; it maps IP/MAC addresses to physical ports on it. Broadcast messages
are sent to the physical ports that match the IP/MAC address configurations for the recipient computer. This
means broadcast messages are only seen by the recipient computer. Switches operate at the data link layer
(layer 2) and network layer (layer 3). Fig 7.4 illustrates how the switch works.
 Fig 7.4: Switch

Sniffing the network using Wireshark:

The illustration below shows you the steps that you will carry out to complete this exercise without
confusion

Fig 7.5: Illustration

Procedure:
Step 1: Download Wireshark from this link http://www.wireshark.org/download.html.
Step 2: Open Wireshark.
Step 3: Select the network interface you want to sniff.
Step 4: Click on start button.
Step 5: Open your web browser and type in http://www.techpanda.org/. Login using email id
[email protected] and the password is Password2010. And click on submit button
Step 6: A successful logon should give you the dashboard.
Step 7: Go back to Wireshark and stop the live capture.
Step 8: Filter for HTTP protocol results only using the filter textbox.
Step 9: Locate the Info column and look for entries with the HTTP verb POST and click on it
Step 10: Just below the log entries, there is a panel with a summary of captured data. Look for the summary
that says Line-based text data: application/x-www-form-urlencoded.
Step 11: View the plaintext values of all the POST variables submitted to the server via HTTP protocol.
Output:

Fig 7.6: Home Screen

Fig 7.7: Sniffing the Wireless Network

Fig 7.8: Login into tecpanda.org

Fig 7.9: Dashboard

 Fig 7.10: Filter HTTP Protocol Result

Fig 7.11: Lock POST and View Plaintext Value

Result:
Thus the traffic was sniffed successfully using ARP poisoning.
Ex. No: 8
Date: Demonstrate Intrusion Detection System Using Snort

Aim:
To demonstrate intrusion detection system using snort tool.

Intrusion Detection System:

Intrusion detection is a set of techniques and methods that are used to detect suspicious activity both at
the network and host level. Intrusion detection systems fall into two basic categories:
 Signature-based intrusion detection systems
 Anomaly detection systems.
Intruders have signatures, like computer viruses, that can be detected using software. Try to find data
packets that contain any known intrusion-related signatures or anomalies related to Internet protocols. Based
upon a set of signatures and rules, the detection system is able to find and log suspicious activity and
generate alerts. Anomaly-based intrusion detection usually depends on packet anomalies present in protocol
header parts. In some cases these methods produce better results compared to signature-based IDS. Usually
an intrusion detection system captures data from the network and applies its rules to that data or detects
anomalies in it. Snort is primarily a rule-based IDS, however input plug-ins are present to detect anomalies
in protocol headers.

Snort Tool:

Snort is based on libpcap (for library packet capture), a tool that is widely used in TCP/IPtraffic
sniffers and analyzers. Through protocolanalysis and content searching and matching, Snort detects attack
methods, including denial of service, buffer overflow, CGI attacks, stealthport scans, and SMB probes.
When suspicious behavior is detected, Snort sends a real-time alert to syslog, a separate 'alerts' file, or to
apop-up window.
Snort is currently the most popular free network intrusion detection software. The advantages of Snort
are numerous. According to the snort web site, “It can perform protocol analysis, content
searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflow,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more” (Caswell).
One of the advantages of Snort is its ease of configuration. Rules are very flexible, easily written, and
easily inserted into the rule base. If a new exploit or attack is found a rule for the attack can be added to the
rule base in a matter of seconds. Another advantage of snort is that it allows for raw packet data analysis.
SNORT can be configured to run in three modes:
1. Sniffer mode
2. Packet Logger mode
3. Network Intrusion Detection System mode
1. Sniffer mode:
 Snort –v: Print out the TCP/IP packets header on the screen
 Snort –vd: show the TCP/IP ICMP header with application data in transmit
2. Packet Logger mode:
 snort –dev –l c:\log [create this directory in the C drive] and snort will automatically know to go
into packet logger mode, it collects every packet it sees and places it in log directory.
 snort –dev –l c:\log –h ipaddress/24: This rule tells snort that you want to print out the data link
and TCP/IP headers as well as application data into the log directory.
 snort –l c:\log –b: This is binary mode logs everything into a single file.
3. Network Intrusion Detection System mode:
 snort –d c:\log –h ipaddress/24 –c snort.conf: This is a configuration file applies rule to each
packet to decide it an action based upon the rule type in the file.
 Snort –d –h ipaddress/24 –l c:\log –c snort.conf: This will cnfigure snort to run in its most basic
NIDS form, logging packets that trigger rules specifies in the snort.conf.

Procedure:
Step 1: Download SNORT from snort.org. Install snort with or without database support.
Step 2: Select all the components and Click Next. Install and Close.
Step 3: Skip the WinPcap driver installation.
Step 4: Add the path variable in windows environment variable by selecting new classpath.
Step 5: Create a path variable and point it at snort.exe variable name path and variable value c:\snort\bin.
Step 6: Click OK button and then close all dialog boxes. Open command prompt and type the commands.
Output:
Result:
Thus the intrusion detection system was demonstrated successfully using snort tool.
Ex. No: 9
Date: Explore Network Monitoring Tool

Aim:
To explore network monitoring tool.

Introduction of Network Monitoring Tool:

A network monitoring tool is a software application or hardware device used to monitor, manage, and
analyse network infrastructure, devices, and traffic in real-time or over a period of time. These tools play a
crucial role in maintaining the health, performance, and security of computer networks by providing
visibility into network activities, identifying issues, and facilitating proactive management and
troubleshooting.
The primary functions of a network monitoring tool include:
 Real-Time Monitoring: Continuously monitors network devices, services, and traffic to detect
anomalies, performance degradation, or security threats as they occur.
 Performance Monitoring: Measures and analyzes network performance metrics such as
bandwidth utilization, latency, packet loss, and throughput to identify bottlenecks and optimize
network resources.
 Fault Management: Detects and alerts administrators about network faults, failures, or errors,
allowing them to promptly address issues and minimize downtime.
 Security Monitoring: Monitors network traffic for suspicious activity, intrusion attempts,
malware, and other security threats, helping to protect the network from unauthorized access
and data breaches.
 Traffic Analysis: Captures, inspects, and analyses network traffic to gain insights into
application usage, protocol behaviour, and user activity, facilitating capacity planning and
troubleshooting.
 Alerting and Notification: Generates alerts and notifications based on predefined thresholds
or conditions, notifying administrators of potential issues or deviations from normal network
behaviour.
 Reporting and Analysis: Provides comprehensive reports, dashboards, and visualizations to
summarize network performance, security incidents, and compliance status, aiding in decision-
making and compliance reporting.
 Historical Data Storage: Stores historical data and logs of network events, allowing
administrators to analyse trends, track changes, and conduct forensic investigations.
Wireshark:

Wireshark is a powerful and widely-used open-source network protocol analyser. Originally known as
Ethereal, it was renamed Wireshark in 2006. Wireshark allows users to capture, inspect, and analyse network
traffic in real-time, providing detailed insights into the communication between devices and systems within
a network.
Wireshark is a powerful network protocol analyzer widely used for troubleshooting, analysis, and
development of communication protocols. It offers a graphical interface and extensive features for capturing
and dissecting network packets in real-time. With support for various protocols and platforms, Wireshark
enables deep inspection of network traffic, revealing details such as packet contents, headers, and timing
information. Its packet filtering and search capabilities facilitate targeted analysis, aiding in the detection of
network issues, security threats, and performance optimization. As an open-source tool, Wireshark enjoys a
large community of users and contributors, continuously enhancing its functionality and usability.

Zenmap:

Zenmap is a graphical front-end for the open-source network scanning tool Nmap. It provides an
intuitive interface for users to conduct network exploration and security auditing tasks. Zenmap simplifies
the process of configuring and executing Nmap scans by offering predefined scan profiles and visualizing
scan results in various formats, including interactive topology maps. With its robust feature set, Zenmap
enables users to discover devices, services, and vulnerabilities within a network, aiding in network inventory
management, security assessments, and penetration testing. Its user-friendly design makes it accessible to
both novice and experienced users seeking to understand and secure their network infrastructure.

Software and Hardware requirements:

Software Requirements:
 Operating System: Compatible with Windows XP SP3 and later, Linux kernel version 2.6 or later,
and macOS X 10.8 (Mountain Lion) or later.
 Dependencies: Requires Nmap security scanner installed.

Hardware Requirements:
 Processor: Modern processor recommended.
 Memory (RAM): Minimum 512MB RAM recommended, more for larger scans.
 Storage: Adequate disk space for Nmap-generated scan result files.
 Network Interface Card (NIC): Functional NIC required for network scanning.
 Graphics: Minimum display resolution of 1024x768 recommended.
Purpose of Zenmap:

1.Network Discovery:
Zenmap helps users discover devices and services running on a network. It can scan large networks
and provide detailed information about the devices connected to it, such as their IP addresses, open ports,
operating systems, and services running on those ports.

2.Security Auditing:
Zenmap is commonly used for security auditing and vulnerability assessment. By scanning a network,
administrators can identify potential security vulnerabilities, misconfigurations, and weaknesses that could
be exploited by attackers.

3.Network Mapping:
Zenmap provides visualizations and mapping features that allow users to create network topology
maps. These maps can help administrators understand the structure of their networks and identify potential
security risks or points of failure.

4.Penetration Testing:
Security professionals and ethical hackers often use Zenmap as part of their penetration testing
activities. By scanning networks and identifying potential vulnerabilities, they can assess the security
posture of a network and recommend appropriate measures to improve its security.

5.Troubleshooting:
Zenmap can also be used for troubleshooting network issues. By scanning a network and analyzing the
results, administrators can identify problems such as unreachable hosts, misconfigured devices, or network
congestion.

Features of Zenmap:

1.Graphical User Interface (GUI):

Zenmap provides a user-friendly graphical interface that allows users to interact with Nmap without
needing to use command-line parameters directly. This makes it more accessible to users who may not be
comfortable with command-line interfaces.

2.Profile Saving and Management:

Users can save scan configurations as profiles, allowing them to quickly reuse settings for future
scans. This feature is useful for recurring scans or when conducting similar types of assessments on different
networks.
3.Scan Configuration Wizards:
Zenmap includes wizards that guide users through the process of configuring scans based on their
objectives. These wizards help users specify scan parameters such as target hosts, scan types, timing options,
and output formats.

4.Flexible Scan Types:

Zenmap supports various types of scans, including TCP connect scans, SYN scans, UDP scans, and
more. Users can choose the appropriate scan type based on their requirements and network conditions.

5.Scan Results Visualization:

Zenmap provides visual representations of scan results, including interactive network maps and tabular
views. These visualizations help users understand the layout of the network and quickly identify hosts, open
ports, and other relevant information.

6.Host Filtering and Sorting:

Users can filter and sort scan results based on various criteria such as IP address, hostname, open
ports, operating system, and service version. This feature allows users to focus on specific hosts or services
of interest.
Output:

Wireshark:

Fig 9.1: Capture HTTP Protocol packet in Wireshark

Zanmap:

Fig 9.2: Quick Scan in Zenmap

Result:
Thus the network monitoring tools such as wireshark and zenmap was explored successfully.
Ex.No :10
Study To Configure Firewall and VPN
Date:

Aim:

To study and configure firewall and VPN.

Procedure:
Firewall in Windows 7:

Windows 7 comes with two firewalls that work together. One is the Windows Firewall, and the other is
Windows Firewall with Advanced Security (WFAS). The main difference between them is the complexity of
the rules configuration. Windows Firewall uses simple rules that directly relate to a program or a service.
The rules in WFAS can be configured based on protocols, ports, addresses and authentication. By default,
both firewalls come with predefined set of rules that allow us to utilize network resources. This includes
things like browsing the web, receiving e-mails, etc. Other standard firewall exceptions are File and Printer
Sharing, Network Discovery, Performance Logs and Alerts, Remote Administration, Windows Remote
Management, Remote Assistance, Remote Desktop, Windows Media Player, Windows Media Player
Network Sharing Service. With firewall in Windows 7 we can configure inbound and outbound rules. By
default, all outbound traffic is allowed, and inbound responses to that traffic are also allowed. Inbound
traffic initiated from external sources is automatically blocked.

Configuring Windows Firewall To open Windows Firewall:

Step 1: Go to Start and open Control Panel.

Step 2: Click on "Windows Firewall."
Step 3: In the left menu, select "Allow a program or feature through Windows Firewall."
Step 4: To modify settings, click the "Change settings" button.
Step 5: To add a program manually, click on "Allow another program."
Step 6: Select the program you want to allow and click "Add."
Step 7: Choose the network location types for the program by clicking on the "Network location types"
button.
Step 8: Core Networking feature should be allowed on both private and public networks.
Step 9: File and Printer Sharing should be allowed only on private networks.
Step 10: If necessary, turn off Windows Firewall completely by selecting "Turn Windows Firewall on or
off" from the left menu.
Step 11: Remember that Windows Firewall is a Windows service. If the Windows Firewall service is
stopped, the firewall will not work.
Step 12: Be cautious when modifying firewall settings, as it can affect your system's security. Always ensure
that necessary programs are allowed while blocking unauthorized access.
Output:

Fig 10.1: Windows Defender Firewall

Fig 10.2: Firewall Allowed Apps

 Fig 10.3: Add an App

Fig 10.4: Choose network type

Fig 10.5: App added successfully

Fig 10.6: Firewall Setting

Result:
Thus the firewall and VPN configuration was studied successfully.