Cyber Security Lab Manual-2023-24
Cyber Security Lab Manual-2023-24
LAB MANUAL
1
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
INDEX
S.NO CONTENTS PAGE
1 Motto of JECRC 3
NO.
2 Vision and Mission of the Institute 4
3 Vision and Mission of the Department 4
4 Program Outcomes (POs) 5
5 Program Educational Objective (PEOs) 6
6 PSO of the Department 6
7 RTU Syllabus with List of Experiments 7
8 Course Outcomes 8
9 Mapping of CO & PO 9
10 Mapping of CO & PSO 9
11 Introduction about Lab & its Applications 10
12 Instructions Sheet 11
Experiment List (As per RTU, Kota Syllabus)
Objectives: -1. Implement the following Substitution & Transposition
Techniques concepts: a) Caesar Cipherb) Rail fence row & Column 13
Experiment 1
Transformation.
Objectives: -2. Implement the Diffie-Hellman Key Exchange mechanism
using HTML and JavaScript. Consider the end user as one of the parties 19
(Alice) and the JavaScript
Experiment 2
application as other party (bob).
Objectives: -3. Implement the following Attack: a) Dictionary 21
Experiment 3 Attack b) Brute Force Attack.
Objectives:-4.Installation of Wire shark, tcpdump, etc and observe data
transferred in client server communication usingUDP/TCP and identify the 23
Experiment 4 UDP/TCP datagram.
Objectives: -5. Installation of rootkits and study about thevariety of
34
Experiment 5 options.
Objectives: -6. Perform an Experiment to Sniff Traffic using 36
Experiment 6
ARP Poisoning.
Experiment 7 Objectives: -7. Demonstrate intrusion detection system using 42
any tool (snort or any other s/w).
Objectives: -8. Demonstrate how to provide secure data 46
Experiment 8 storage, secure data transmission and for creating digitalsignatures.
2
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
MOTTO of JECRC
TEACH
TRAIN
&
TRANSFORM
For
3
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
MISSION
Focus on evaluation of learning outcomes and motivate students to inculcate research aptitude by
project based learning.
Identify, based on informed perception of Indian, regional and global needs, areas of focus and
provide platform to gain knowledge and solutions.
Offer opportunities for interaction between academia and industry.
Develop human potential to its fullest extent so that intellectually capable and imaginatively gifted
leaders can emerge in a range of professions.
To be recognized as Centre for providing outcome based education and prepare students to take
challenges as per present technological scenario.
MISSION
M1: Practice OBE for professional accomplishment of graduate attributes.
M2: Provide platform to gain knowledge and solutions as per social needs and requirement.
M3: Provide platform to enhance knowledge for inter-disciplinary challenges and motivation towards
achieving excellence.
4
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
5
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
PEO1: To provide students with the fundamentals of Engineering Sciences with more
emphasis in Computer Science & Engineering by way of analyzing and exploiting
engineering challenges.
PSO 1: Ability to interpret and analyze network specific and cyber security issues, automation in real
word environment.
PSO 2: Ability to apply the knowledge of cloud computing, artificial intelligence, machine learning and
deep learning under realistic constraints.
6
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
S.No. Contents
1 Implement the following Substitution & Transposition Techniques concepts:
a) Caesar Cipher b) Rail fence row & Column Transformation
2 Implement the Diffie-Hellman Key Exchange mechanism using HTML and JavaScript.
Consider the end user as one of the parties (Alice) and the JavaScript application as other party
(bob).
3 Implement the following Attack: Dictionary Attack b) Brute Force Attack
4 Installation of Wire shark, tcpdump, etc and observe data transferred in client server
communication using UDP/TCP and identify the UDP/TCP datagram.
5 Installation of rootkits and study about the variety of options.
6 Perform an Experiment to Sniff Traffic using ARP Poisoning.
7 Demonstrate intrusion detection system using any tool (snort or any other (s/w).
8 Demonstrate how to provide secure data storage, secure data transmission
and for creating digital signatures.
PROJECT: In a small area location such as a house, office or in a classroom, there is a small
network called a Local Area Network (LAN). The project aims to transfer a file peer-to-peer
from one computer to another computer in the same LAN. It provides the necessary
authentication for file transferring in the network transmission. By implementing the Server-
Client technology, use a File Transfer Protocol mechanism and through socket programming,
the end user is able to send and receive the encrypted and decrypted file in the LAN. An
additional aim of the project is to transfer a file between computers securely in LANs. Elements
of security are needed in the project because securing the files is an important task, which
ensures files are not captured or altered by anyone on the same network. Whenever you transmit
files over a network, there is a good chance your data will be encrypted by
encryption technique. Any algorithm like AES is used to encrypt the file that needs to transfer to
another computer. The encrypted file is then sent to a receiver computer and
will need to be decrypted before the user can open the file.
Text / Reference Books:
T1: Hacking: The Art of Exploitation (2nd Ed.) by Jon Erickson
T2: The Science of Secrecy from Ancient Egypt to Quantum Cryptography by Simon Singh
7
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
COURSE OUTCOMES
Graduates would be able:
PROGRAM OUTCOMES
COURSE
OUTCOMES 1 2 3 4 5 6 7 8 9 10 11 12
CO-1 3 3 2 2 3 3 1 2 3 1 2 3
CO-2 3 2 3 3 3 2 2 3 3 2 2 2
CO-1 3 2
CO-2 3 2 2 2
8
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
CO BT
S.N Contents
o. s
1 Implement the following Substitution & Transposition Techniques concepts: 1 3
b) Caesar Cipher b) Rail fence row & Column Transformation
2 Implement the Diffie-Hellman Key Exchange mechanism using HTML and 1 4
JavaScript. Consider the end user as one of the parties (Alice) and the JavaScript
application as other party (bob).
3 Implement the following Attack: Dictionary Attack b) Brute Force Attack 1 3
4 Installation of Wire shark, tcpdump, etc and observe data transferred in client server 2 3
communication using UDP/TCP and identify the UDP/TCP datagram.
5 Installation of rootkits and study about the variety of options. 2 3
6 Perform an Experiment to Sniff Traffic using ARP Poisoning. 2 5
7 Demonstrate intrusion detection system using any tool (snort or any other (s/w). 1 4
8 Demonstrate how to provide secure data storage, secure data transmission 2 5
and for creating digital signatures.
* BT - Bloom's Taxonomy
9
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
The Cyber Security Laboratory is a state-of-the-art, dedicated space in which students can safely
engage in cyber related activities, including malware detection and deactivation, and penetration
testing, in a contained and controlled environment without possible impact to other campus
networks.
Cyber Security is a process that's designed to protect networks and devices from external threats.
Businesses typically employ Cyber Security professionals to protect their confidential information,
maintain employee productivity, and enhance customer confidence in products and services.
Cyber security is how individuals and organisations reduce the risk of cyber-attack. Cyber security's core
function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the
services we access - both online and at work - from theft or damage.
Protect networks and data from unauthorized access.
Improved information security and business continuity management.
Improved stakeholder confidence in your information security arrangements.
Improved company credentials with the correct security controls in place.
List of Hardware Requirements & Software
RequirementsSoftware Requirements
C
C++
Java or equivalent Compiler GnuPG
Snort
Hardware Requirements
10
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Instructions Sheet
Instructions of Lab
DO’s
1. Please switch off the Mobile phone before enter into the Lab.
2. Check whether all peripheral are available at your desktop before proceeding for program.
3. Intimate the lab technician whenever you face any problem related to hardware and
software.
4. Arrange all the peripheral and seats before leaving the lab.
5. Properly shutdown the system before leaving the lab.
6. Keep the bag outside.
7. Maintain the decorum of the lab.
DON’TS
1. No one is allowed to use pen drives without permission of lab technician in the lab.
2. Don’t mishandle the system.
3. Don’t bring any external material in the lab.
4. Don’t make noise in the lab.
5. Don’t litter in the lab.
6. Don’t delete or make any modification in system files.
7. Don’t carry any lab equipment’s outside the lab.
11
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
All the students are supposed to prepare the theory regarding the next program.
Students are supposed to bring the practical file and the lab copy.
Assignment given in previous labs should be written in the practical file.
Print out of diagram should be pasted in the lab file.
Any student not following these instructions will be denied entry in the lab.
12
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Experiment No. 1
ALGORITHM DESCRIPTION:
It is a type of substitution cipher in which each letter in the plaintext is
replaced by a letter some fixed number of positions down the alphabet. For
example, with a left shift of 3, D would be replaced by A, E would become
B, and so on.
The method is named after Julius Caesar, who used it in his private
correspondence. The transformation can be represented by aligning two
alphabets; the cipher alphabet isthe plain alphabet rotated left or right by
some number of positions.
The encryption can also be represented using modular arithmetic by first
transformingthe letters into numbers, according to the scheme, A = 0, B =
1, Z = 25.
Encryption of a letter x by a shift n can be described
mathematicallyas, En(x) = (x + n) mod26
Decryption is
performed
similarly, Dn
(x)=(x - n)
mod26
PROGRAM:
impo
rt
java.
util.*
;
class
caes
arCi
pher
13
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
{
public static String encode(String enc, int offset)
{
offset = offset
% 26 + 26;
StringBuilder
encoded = new
StringBuilder();
for (char i :
enc.toCharArra
y())
{
if (Character.isLetter(i))
{
if (Character.isUpperCase(i))
{
encoded.append((char) ('A' + (i - 'A' + offset) % 26 ));
}
else
{
encoded.append((char) ('a' + (i - 'a' + offset) % 26 ));
}
}
else
{
encoded.append(i);
}
}
return encoded.toString();
}
public static String decode(String enc, int offset)
{
return encode(enc, 26-offset);
}
public static void main (String[] args) throws java.lang.Exception
{
String msg = "Hello welcome to Security
Laboratory";
System.out.println("simulation of Caesar
Cipher"); System.out.println("input
message : " + msg); System.out.printf(
"encoded message : ");
System.out.println(caesarCipher.encode(
msg, 12)); System.out.printf( "decoded
message : ");
System.out.println(caesarCipher.decode(caesarCipher.encode(msg, 12), 12));
}
14
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
stdin:
Standard input is empty
stdout:
simulation of Caesar Cipher
RESULT:
Thus the program was executed and verified successfully.
15
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
1(b) To implement a program for encryption and decryption using rail fence
transposition technique.
ALGORITHM DESCRIPTION:
In the rail fence cipher, the plaintext is written downwards and diagonally on
successive "rails" of an imaginary fence, then moving up when we reach the bottom
rail.
When we reach the top rail, the message is written downwards again until the whole
plaintext is written out.
The message is then read off in rows.
PROGRAM:
import java.util.*;
class railfenceCipherHelper
{
int depth;
String encode(String msg, int depth) throws Exception
{
int r = depth;
int l =
msg.lengt
h(); int c
= l/depth;
int k = 0;
char mat[][] = new char[r][c]; String enc = "";
for (int i=0; i<c; i++)
{
for (int j=0; j<r; j++)
{
if (k != l)
{
mat[j][i] = msg.charAt(k++);
}
Else
{
mat[j][i] = 'X';
}}}
for (int i=0; i<r; i++)
{
for (int j=0; j<c; j++)
{
enc += mat[i][j];
}}
return enc;
16
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
}
String decode(String encmsg, int depth) throws Exception
{
int r = depth;
int l = encmsg.length(); int c = l/depth;
int k = 0;
char mat[][] = new char[r][c];
String dec = "";
for (int i=0; i<r; i++)
{
for (int j=0; j< c; j++)
{
mat[i][j] = encmsg.charAt(k++);
}}
for (int i=0; i<c; i++)
{
for (int j=0; j< r; j++)
{
dec += mat[j][i];
}}
return dec;
}}
class railfenceCipher
{
public static void main (String[] args) throws java.lang.Exception
{
railfenceCipherHelper rf = new
railfenceCipherHelper(); String msg, enc, dec;
msg="hellorailfen
cipher"; int depth =
2;
enc =
rf.encode(msg,
depth); dec =
rf.decode(enc,
depth);
System.out.println(
"simulation of
Railfence
Cipher");
System.out.println(
"input message : "
+ msg);
System.out.println(
"encoded message
: " + enc);
System.out.printf(
17
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
"decoded message
: " + dec);
}}
stdin:
Standard input is empty
stdout:
simulation of Railfence Cipher
Input message : hellorailfencecipher
Encoded message : hloaleccpeelrifneihr
Decoded message : hellorailfencecipher
RESULT:
Thus the program was executed and verified successfully.
18
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Experiment-2
DESCRIPTION:
Diffie–Hellman Key Exchange establishes a shared secret between two parties that can be used for
secret communication for exchanging data over a public network. It is primarily used as a method of
exchanging cryptography keys for use in symmetric encryption algorithms like AES. The algorithm in
itself is very simple. The process begins by having the two parties, Alice and Bob. Let's assume that
Alice wants to establish a shared secret with Bob.
EXAMPLE:
ALGORITHM:
STEP-1: Both Alice and Bob shares the same public keys g and p.
STEP-2: Alice selects a random public key a.
STEP-3: Alice computes his secret key A as ga mod p.
STEP-4: Then Alice sends A to Bob.
STEP-5: Similarly Bob also selects a public key b and computes his secret key as B and sends the
same back to Alice.
STEP-6: Now both of them compute their common secret key as the other one’s secret key power of a
mod p.
PROGRAM: (Diffie Hellman Key
Exchange)#include<stdio.h>
#include<conio.h>
19
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
20
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Experiment No.-3
Aim: Implement the following Attack: a) Dictionary Attack b) Brute Force Attack
The bruteforce attack is simple enough to understand. It is performed by entering in every possible password
that can be accepted by a system until the correct password is entered. However, actually writing one is a bit
more complex. There's a complex underlying logic involved simply entering in every password. This post will
cover the logic of programming a sequential bruteforcer and cap off with writing a sequential ascending
bruteforcer in C/C++. Lastly, I will show a quick trick to turn the sequential ascending bruteforcer into a
sequential descending bruteforcer.
A bruteforcer has three main logical components: A selection where the user inputs specific location of the
attack; Generating the passwords to test; Testing the password. Having the user input the specific location to
attack is arguably the easiest part of writing a bruteforcer. This part can actually be "hard-coded" (specified by
the programmer so no input is required) so I was thinking of not even mentioning it. But, I decided to bring it
up as any bruteforcer meant to be used by more then one person will include this. Let's say we've written a
bruteforcer that attacks Yahoo accounts. In this case, the bruteforcer will be programmed to attack Yahoo
accounts, but the user must input the Yahoo account to specifically attack. This first component of the
bruteforcer will handle thus handles obtianing this information.
Once the bruteforcer knows what it is going to attack, it must generate the password to try. In a sequential
bruteforcer, the password tried each time will be sequentially one step away from the last password tried. So, in
a sequential ascending bruteforcer, the bruteforcer will try the password 000001 followed by 000002. This
works in reverse in a sequential descending bruteforcer. The programming of this is generally handled by
writing a continuous loop which breaks only when the password generated is successful. Meanwhile, a handful
of variables constantly increment with each run through the loop. When all of the possible passwords are tried,
the variables are all reset as low as possible, the number of characters in the password is incremented or
decremented, and the process begins again with checking all of the passwords one character longer or shorter
then the last number of characters in a password. In practice, this is simpler then it sounds.
The last main component of a bruteforcer is the part in which a bruteforcer checks to see if it's generated the
correct password. In some cases, this can surprisingly be the hardest part of the bruteforcer to write. Using our
Yahoo example again, writing this part of the bruteforcer requires a knowledge of the Yahoo API. It's really
hard for me to write how to perform the password check as each check will be written differently. While all
checks are simple from a broad perspective, this is liable to get quite complex depending on what you're trying
to bruteforce. My recommendation is to look for a library to do the check for you so you can do the least
amount of work possible to perform what is really be a trivial step overall.
Here is the code I wrote to an ascending bruteforcer in C/C++. It's really rather small code and thus pretty self-
explanatory. (The comments should help explain things too):
21
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
22
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Experiment No. -4
Aim: Installation of Wire shark, tcpdump, etc and observe data transferred in client server
communication using UDP/TCP and identify the UDP/TCP datagram.
Description:
The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free open- source network
protocol analyzer. It is used for network troubleshooting and communication protocol analysis. Wireshark
captures network packets in real time and display them in human-readable format. It provides many
advanced features including live capture and offline analysis, three-pane packet browser, coloring rules
for analysis. This document uses Wireshark for the experiments, and it covers Wireshark installation,
packet capturing, and protocol analysis.
23
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Background
- Application Layer: The application layer includes the protocols used by most applications
for providing user services. Examples of application layer protocols are Hypertext
Transfer Protocol (HTTP), Secure Shell (SSH), File Transfer Protocol (FTP), and Simple
Mail Transfer Protocol (SMTP).
- Transport Layer: The transport layer establishes process-to-process connectivity, and it
provides end-to-end services that are independent of underlying user data. To implement
the process-to-process communication, the protocol introduces a concept of port. The
examples of transport layer protocols are Transport Control Protocol (TCP) and User
Datagram Protocol (UDP). The TCP provides flow- control, connection establishment,
and reliable transmission of data, while the UDP is a connectionless transmission model.
- Internet Layer: The Internet layer is responsible for sending packets to across networks. It
has two functions: 1) Host identification by using IP addressing system (IPv4 and IPv6);
and 2) packets routing from source to destination. The examples of Internet layer
protocols are Internet Protocol (IP), Internet Control Message Protocol (ICMP), and
Address Resolution Protocol (ARP).
- Link Layer: The link layer defines the networking methods within the scope of the local
network link. It is used to move the packets between two hosts on the same link. An
common example of link layer protocols is Ethernet.
Packet Sniffer
Packet sniffer is a basic tool for observing network packet exchanges in a computer. As the name
suggests, a packet sniffer captures (“sniffs”) packets being sent/received from/by your computer; it will
24
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
also typically store and/or display the contents of the various protocol fields in these captured packets. A
packet sniffer itself is passive. It observes messages being sent and received by applications and protocols
running on your computer, but never sends packets itself.
Figure 3 shows the structure of a packet sniffer. At the right of Figure 3 are the protocols (in this case,
Internet protocols) and applications (such as a web browser or ftp client) that normally run on your
computer. The packet sniffer, shown within the dashed rectangle in Figure 3 is an addition to the usual
software in your computer, and consists of two parts. The packet capture library receives a copy of every
link-layer frame that is sent from or received by your computer. Messages exchanged by higher layer
protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually encapsulated in link-layer frames
that are transmitted over physical media such as an Ethernet cable. In Figure 1, the assumed physical
media is an Ethernet, and so all upper-layer protocols are eventually encapsulated within an Ethernet
frame. Capturing all link-layer frames thus gives you access to all messages sent/received from/by all
protocols and applications executing in your computer.
The second component of a packet sniffer is the packet analyzer, which displays the contents of all fields
within a protocol message. In order to do so, the packet analyzer
must “understand” the structure of all messages exchanged by protocols. For example, suppose we are
interested in displaying the various fields in messages exchanged by the HTTP protocol in Figure 3. The
packet analyzer understands the format of Ethernet frames, and so can identify the IP datagram within an
Ethernet frame. It also understands the IP datagram format, so that it can extract the TCP segment within
the IP datagram. Finally, it understands the TCP segment structure, so it can extract the HTTP message
contained in the TCP segment. Finally, it understands the HTTP protocol and so, for example, knows that
the first bytes of an HTTP message will contain the string “GET,” “POST,” or “HEAD”.
We will be using the Wireshark packet sniffer [http://www.wireshark.org/] for these labs, allowing us to
display the contents of messages being sent/received from/by protocols at different levels of the protocol
stack. (Technically speaking, Wireshark is a packet analyzer that uses a packet capture library in your
computer). Wireshark is a free network protocol analyzer that runs on Windows, Linux/Unix, and Mac
computers.
25
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Getting Wireshark
The Kai Linux has Wireshark installed. You can just launch the Kali Linux VM and open Wireshark there.
Wireshark can also be downloaded from here: https://www.wireshark.org/download.html
Starting Wireshark:
When you run the Wireshark program, the Wireshark graphic user interface will be shown as Figure 5.
Currently, the program is not capturing the packets.
26
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Then, you need to choose an interface. If you are running the Wireshark on your laptop, you need to
select WiFi interface. If you are at a desktop, you need to select the Ethernet interface being used. Note
that there could be multiple interfaces. In general, you can select any interface but that does not mean that
traffic will flow through that interface. The network interfaces (i.e., the physical connections) that your
computer has to the network are shown. The attached Figure 6 was taken from my computer.
After you select the interface, you can click start to capture the packets as shown in Figure 7.
27
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
28
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
the packet has been carried over TCP or UDP, TCP or UDP details will also be displayed, which can
similarly be expanded or minimized. Finally, details about the highest-level protocol that sent or received
this packet are also provided.
The packet-contents window displays the entire contents of the captured frame, in both ASCII and
hexadecimal format.
Towards the top of the Wireshark graphical user interface, is the packet display filter field, into which a
protocol name or other information can be entered in order to filter the information displayed in the
packet-listing window (and hence the packet-header and packet-contents windows). In the example
below, we’ll use the packet-display filter field to have Wireshark hide (not display) packets except those
that correspond to HTTP messages.
Capturing Packets
After downloading and installing Wireshark, you can launch it and click the name of an interface under
Interface List to start capturing packets on that interface. For example, if you want to capture traffic on
the wireless network, click your wireless interface.
Test Run
Do the following steps:
1. Start up the Wireshark program (select an interface and press start to capture packets).
2. Start up your favorite browser (ceweasel in Kali Linux).
3. In your browser, go to Wayne State homepage by typing www.wayne.edu.
4. After your browser has displayed the http://www.wayne.edu page, stop Wireshark packet
capture by selecting stop in the Wireshark capture window. This will cause the Wireshark
capture window to disappear and the main Wireshark window to display all
packets captured since you began packet capture see image below:
29
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
5. Color Coding: You’ll probably see packets highlighted in green, blue, and black.
Wireshark uses colors to help you identify the types of traffic at a glance. By default,
green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black
identifies TCP packets with problems — for example, they could have been delivered
out-of-order.
6. You now have live packet data that contains all protocol messages exchanged between
your computer and other network entities! However, as you will notice the HTTP
messages are not clearly shown because there are many other packets included in the
packet capture. Even though the only action you took was to open your browser, there are
many other programs in your computer that communicate via the network in the
background. To filter the connections to the ones we want to focus on, we have to use the
filtering functionality of Wireshark by typing “http” in the filtering field as shown below:
Notice that we now view only the packets that are of protocol HTTP. However, we also still do not have
the exact communication we want to focus on because using HTTP as a filter is not descriptive enough to
allow us to find our connection to http://www.wayne.edu. We need to be more precise if we want to
capture the correct set of packets.
7. To further filter packets in Wireshark, we need to use a more precise filter. By setting the
http.host==www.wayne.edu, we are restricting the view to packets that have as an http
host the www.wayne.edu website. Notice that we need two equal signs to perform the
match “==” not just one. See the screenshot below:
30
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
8. Now, we can try another protocol. Let’s use Domain Name System (DNS) protocol as an
example here.
31
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
9. Let’s try now to find out what are those packets contain by following one of the
conversations (also called network flows), select one of the packets and press the right
mouse button (if you are on a Mac use the command button and click), you should see
something similar to the screen below:
Click on Follow UDP Stream, and then you will see following screen.
32
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
10. If we close this window and change the filter back to “http.host==www.wayne.edu” and
then follow a packet from the list of packets that match that filter, we should get the
something similar to the following screens. Note that we click on Follow TCP Stream
this time.
33
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Experiment No.-5
Description:
Breaking the term rootkit into the two component words, root and kit, is a useful way to define it.
Root is a UNIX/Linux term that's the equivalent ofAdministrator in Windows. The word kit
denotes programs that allow someone to obtain root/admin-level access to the computer by executing
the programs in the kit — all of which is done without end-user consent or knowledge.
A rootkit is a type of malicious software that is activated each time your system boots up. Rootkits
are difficult to detect because they are activated before your system's Operating System has
completely booted up. A rootkit often allows the installation of hidden files, processes, hidden user
accounts, and more in the systems OS. Rootkits are able to intercept data from terminals,network
connections, and the keyboard.
Rootkits have two primary functions: remote command/control (back door) and software
eavesdropping. Rootkits allow someone, legitimate or otherwise, to administratively control a
computer. This means executing files, accessing logs, monitoring user activity, and even changing
the computer's configuration. Therefore, in the strictest sense, even versions of VNC are rootkits.
This surprises most people, as they consider rootkits to be solely malware, but in of themselves they
aren't malicious at all.
PROCEDURE:
34
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
35
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Experiment No. - 6
Description:
ARP is the acronym for Address Resolution Protocol. It is used to convert IP address to physical
addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and the
recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC
address is then used to communicate. ARP poisoning is sending fake MAC addresses to the
switch so that it can associate the fake MAC addresses with the IP address of a genuine
computer on a network and hijack the traffic.
36
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Network sniffing is the process of intercepting data packets sent over a network. This can be
done by the specialized software program or hardware equipment. Sniffing can be used to;
Telnet
Rlogin
HTTP
SMTP
NNTP
POP
FTP
IMAP
The above protocols are vulnerable if login details are sent in plain text
Before we look at passive and active sniffing, let’s look at two major devices used to network
computers; hubs and switches.
A hub works by sending broadcast messages to all output ports on it except the one that has
sent the broadcast. The recipient computer responds to the broadcast message if the IP address
matches. This means when using a hub, all the computers on a network can see the broadcast
message. It operates at the physical layer (layer 1) of the OSI Model.
37
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
A switch works differently; it maps IP/MAC addresses to physical ports on it. Broadcast
messages are sent to the physical ports that match the IP/MAC address configurations for the
recipient computer. This means broadcast messages are only seen by the recipient computer.
Switches operate at the data link layer (layer 2) and network layer (layer 3).
Passive sniffing is intercepting packages transmitted over a network that uses a hub. It is called
passive sniffing because it is difficult to detect. It is also easy to perform as the hub sends broadcast
messages to all the computers on the network.
Active sniffing is intercepting packages transmitted over a network that uses a switch. There
are two main methods used to sniff switch linked networks, ARP Poisoning, and MAC flooding.
38
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Sniffing the network using Wireshark :The illustration below shows you the steps that you will carry out to
complete this exercise withoutconfusion
Open Wireshark
You will get the following screen
Select the network interface you want to sniff. Note for this demonstration, we are using a
wireless network connection. If you are on a local area network, then you should select the
local area network interface.
Click on start button as shown above
39
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Filter for HTTP protocol results only using the filter textbox
40
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Locate the Info column and look for entries with the HTTP verb POST and click on it
Just below the log entries, there is a panel with a summary of captured data. Look for the
summary that says Line-based text data: application/x-www-form-urlencoded
You should be able to view the plaintext values of all the POST variables submitted to the
server via HTTP protocol.
41
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Experiment No. - 7
Aim: Demonstrate intrusion detection system using any tool (snort or any other s/w).
Snort is an open source network intrusion detection system (NIDS) and it is a packet sniffer that
monitors network traffic in real time.
Description:
INTRUSION DETECTION SYSTEM: Intrusion detection is a set of techniques and methods thatare
used to detect suspicious activity both at the network and host level. Intrusion detection systems
fall into two basic categories:
Signature-based intrusion detection systems
Anomaly detection systems.
Intruders have signatures, like computer viruses, that can be detected using software. You try to find
data packets that contain any known intrusion-related signatures or anomalies related to Internet
protocols. Based upon a set of signatures and rules, the detection system is able to find and log
suspicious activity and generate alerts.
Anomaly-based intrusion detection usually depends on packet anomalies present in protocol header
parts. In some cases these methods produce better results compared to signature-based IDS. Usually
an intrusion detection system captures data from the network and applies its rules to that data or
detects anomalies in it. Snort is primarily a rule-based IDS, however input plug-ins are present to
detect anomalies in protocol headers.
SNORT TOOL:
Snort is based on libpcap (for library packet capture), a tool that is widely used in TCP/IPtraffic
sniffers and analyzers. Through protocolanalysis and content searching and matching, Snort detects
attack methods, including denial of service, buffer overflow, CGI attacks, stealthport scans, and
SMB probes. When suspicious behavior is detected, Snort sends a real-time alert to syslog, a
separate 'alerts' file, or to apop-up window.
Snort is currently the most popular free network intrusion detection software. The advantages of
Snort are numerous. According to the snort web site, “It can perform protocol analysis, content
searching/matching, and can be used to detect a variety of attacks and probes, such as buffer
overflow, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more”
(Caswell).
42
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
One of the advantages of Snort is its ease of configuration. Rules are very flexible, easily written,
and easily inserted into the rule base. If a new exploit or attack is found a rule for the attack can be
added to the rule base in a matter of seconds. Another advantage of snort is that it allows for raw
packet data analysis.
Sniffer mode
Packet Logger mode
Network Intrusion Detection System mode
Sniffer mode
Snort –v Print out the TCP/IP packets header on the screen
Snort –vd show the TCP/IP ICMP header with application data in transmit
Packet Logger mode
snort –dev –l c:\log [create this directory in the C drive] and snort will automatically know to go into
packet logger mode, it collects every packet it sees and places it in log directory.
snort –dev –l c:\log –h ipaddress/24:This rule tells snort that you want to print out the data link and
TCP/IP headers as well as application data into the log directory. snort –l c:\log –b This is binary
mode logs everything into a single file.
snort –d c:\log –h ipaddress/24 –c snort.conf This is a configuration file applies rule to each packet to
decide it an action based upon the rule type in the file.
Snort –d –h ipaddress/24 –l c:\log –c snort.conf This will cnfigure snort to run in its most basic
NIDS form, logging packets that trigger rules specifies in the snort.conf.
PROCEDURE:
STEP-1: Sniffer mode€ snort –v € Print out the TCP/IP packets header on the screen.
STEP-2: Snort –vd € Show the TCP/IP ICMP header with application data in transit.
STEP-3: Packet Logger mode € snort –dev –l c:\log [create this directory in the C drive] and snort
will automatically know to go into packet logger mode, it collects every packet it sees and places it
in log directory.
STEP-4: snort –dev –l c:\log –h ipaddress/24 € This rule tells snort that you want to print out the
data link and TCP/IP headers as well as application data into the log directory.
STEP-5: snort –l c:\log –b € this binary mode logs everything into a single file.
STEP-6: Network Intrusion Detection System mode € snort –d c:\log –h ipaddress/24 –c snort.conf €
43
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
This is a configuration file that applies rule to each packet to decide it an action based upon the rule
type in the file.
STEP-7: snort –d –h ip address/24 –l c:\log –c snort.conf € This will configure snort to run in its
most basic NIDS form, logging packets that trigger rules specifies in the snort.conf.
STEP-8: Download SNORT from snort.org. Install snort with or without database support.
STEP-9: Select all the components and Click Next. Install and Close.
STEP-10: Skip the WinPcap driver installation.
STEP-11: Add the path variable in windows environment variable by selecting new classpath.
STEP-12: Create a path variable and point it at snort.exe variable name € path and variable value €
c:\snort\bin.
STEP-13: Click OK button and then close all dialog boxes. Open command prompt and type the
following commands:
INSTALLATION PROCESS:
44
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
RESULT: Thus the demonstration of the instruction detection using Snort tool was done
successfully.
45
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Experiment No. - 8
Aim: Demonstrate how to provide secure data storage, secure data transmission andfor creating
digital signatures.
Demonstrate how to provide secure data storage, secure data transmission and for creating digital
signatures (GnuPG).
Description: Here’s the final guide in my PGP basics series, this time focusing on Windows The OS in
question will be Windows 7, but it should work for Win8 and Win8.1 as well Obviously it’s not recommended
to be using Windows to access the DNM, but I won’t go into the reasons here. The tool well be using is
GPG4Win
INSTALLING THE SOFTWARE:
Visit www.gpg4win.org. Click on the “Gpg4win 2.3.0” button
On the following screen, click the “Download Gpg4win” button.
When the “Welcome” screen is displayed, click the “Next” button
When the “License Agreement” page is displayed, click the “Next” button
46
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Set the check box values as specified below, then click the “Next” button
Set the location where you want the software to be installed. The default location is fine. Then,
click the “Next” button.
Specify where you want shortcuts to the software placed, then click the “Next” button.
47
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
If you selected to have a GPG shortcut in your Start Menu, specify the folder in which it will be
placed. The default “Gpg4win” is OK. Click the “Install” button to continue
A warning will be displayed if you have Outlook or Explorer opened. If this occurs, click the “OK”button.
The installation process will tell you when it is complete. Click the “Next” button
Once the Gpg4win setup wizard is complete, the following screen will be displayed. Click the
“Finish” button
48
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
If you do not uncheck the “Show the README file” check box, the README file will be
displayed. The window can be closed after you’ve reviewed it.
49
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
your start bar, select the “Kleopatra” icon to start the Kleopatra certificate managementsoftware
The following screen will be displayed from the “File” dropdown, click on the “New Certificate”
Option
50
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
The following screen will be displayed. Click on “Create a personal OpenGPG key pair” and the
“Next” button
The Certificate Creation Wizard will start and display the following:
51
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Enter your name and e-mail address. You may also enter an optional comment. Then, click the
“Next” button
Review your entered values. If OK, click the “Create Key” button
52
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
53
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
The passphrase should follow strong password standards. After you’ve entered your passphrase, click the
“OK” button.
You will be asked to re-enter the passphrase Re-enter the passphrase value. Then click the “OK” button. If the
passphrases match, the certificate will be created.
54
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Once the certificate is created, the following screen will be displayed. You can save a backup of your public and
private keys by clicking the “Make a backup Of Your Key Pair” button. This backup can be used to copy
certificates onto other authorized computers.
If you choose to backup your key pair, you will be presented with the following screen:
55
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
Specify the folder and name the file. Then click the “OK” button.
After the key is exported, the following will be displayed. Click the “OK” button
56
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
You will be returned to the “Key Pair Successfully Created” screen. Click the “Finish” button.
Before the program closes, you will need to confirm that you want to close the program by clicking on the
“Quit Kleopatra” button
57
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
58
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
A command window will open along with a window that asks for the Passphrase to your private key that
willbe used to decrypt the incoming message.
59
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
The results window will tell you if the decryption succeeded. Click the “Finish” button top close the window
60
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE
When you close the e-mail you will be asked if you want to save the e-mail message in its unencrypted
form. For maximum security, click the “No” button. This will keep the message encrypted within the e-
mail system and will require you to enter your passphrase each time you reopen the e-mail message
RESULT:
Thus the secure data storage, secure data transmission and for creating digital signatures (GnuPG) was
developed successfully.
61