JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Department of Information Technology

LAB MANUAL

Lab Name : Cyber Security Lab

Lab Code : 7IT4 - 22
Branch : Information Technology
Year/Semester : 4th Year/VII

Department of Information Technology

Jaipur Engineering College and Research Centre, Jaipur
(Affiliated to RTU, Kota)

1
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

INDEX
S.NO CONTENTS PAGE
1 Motto of JECRC 3
NO.
2 Vision and Mission of the Institute 4
3 Vision and Mission of the Department 4
4 Program Outcomes (POs) 5
5 Program Educational Objective (PEOs) 6
6 PSO of the Department 6
7 RTU Syllabus with List of Experiments 7
8 Course Outcomes 8
9 Mapping of CO & PO 9
10 Mapping of CO & PSO 9
11 Introduction about Lab & its Applications 10
12 Instructions Sheet 11
Experiment List (As per RTU, Kota Syllabus)
Objectives: -1. Implement the following Substitution & Transposition
Techniques concepts: a) Caesar Cipherb) Rail fence row & Column 13
Experiment 1
Transformation.
Objectives: -2. Implement the Diffie-Hellman Key Exchange mechanism
using HTML and JavaScript. Consider the end user as one of the parties 19
(Alice) and the JavaScript
Experiment 2
application as other party (bob).
Objectives: -3. Implement the following Attack: a) Dictionary 21
Experiment 3 Attack b) Brute Force Attack.
Objectives:-4.Installation of Wire shark, tcpdump, etc and observe data
transferred in client server communication usingUDP/TCP and identify the 23
Experiment 4 UDP/TCP datagram.
Objectives: -5. Installation of rootkits and study about thevariety of
34
Experiment 5 options.
Objectives: -6. Perform an Experiment to Sniff Traffic using 36
Experiment 6
ARP Poisoning.
Experiment 7 Objectives: -7. Demonstrate intrusion detection system using 42
any tool (snort or any other s/w).
Objectives: -8. Demonstrate how to provide secure data 46
Experiment 8 storage, secure data transmission and for creating digitalsignatures.

2
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

MOTTO of JECRC

TEACH

TRAIN

&

TRANSFORM

For

 Contribution towards National Development

 Global Competencies among Students
 Incorporating a Value System
 Promotion to use of Technology
 Zeal for Excellence

3
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTER

Department of Information Technology
Branch: Information Technology Semester: 7th
Course Name: Cyber Security Lab Code: 7IT4 - 22
External Marks: 40 Practical Hrs: 2 hr/week
Internal Marks: 60 Total Marks: 100

VISION & MISSION OF INSTITUTE

VISION
To become a renowned centre of outcome based learning, and work towards academic,
professional, cultural and social enrichment of the lives of individuals and communities.

MISSION
 Focus on evaluation of learning outcomes and motivate students to inculcate research aptitude by
project based learning.
 Identify, based on informed perception of Indian, regional and global needs, areas of focus and
provide platform to gain knowledge and solutions.
 Offer opportunities for interaction between academia and industry.
 Develop human potential to its fullest extent so that intellectually capable and imaginatively gifted
leaders can emerge in a range of professions.

Department of Information Technology Engineering

VISION

To be recognized as Centre for providing outcome based education and prepare students to take
challenges as per present technological scenario.

MISSION
M1: Practice OBE for professional accomplishment of graduate attributes.
M2: Provide platform to gain knowledge and solutions as per social needs and requirement.
M3: Provide platform to enhance knowledge for inter-disciplinary challenges and motivation towards
achieving excellence.

4
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Program Outcomes (POs)

1. Engineering Knowledge: Apply the knowledge of mathematics, science, engineering
fundamentals, and an engineering specialization to the solution of complex engineering problems
in IT.
2. Problem analysis: Identify, formulate, research literature, and analyze complex engineering
problems reaching substantiated conclusions using first principles of mathematics, natural
sciences, and engineering sciences in IT.
3. Design/development of solutions: Design solutions for complex engineering problems and
design system components or processes that meet the specified needs with appropriate
consideration for the public health and safety, and the cultural, societal, and environmental
considerations using IT.
4. Conduct investigations of complex problems: Use research-based knowledge and research
methods including design of experiments, analysis and interpretation of data, and synthesis of the
information to provide valid conclusions using IT.
5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern
engineering and IT tools including prediction and modeling to complex engineering activities
with an understanding of the limitations in IT.
6. The engineer and society: Apply reasoning informed by the contextual knowledge to assess
societal, health, safety, legal and cultural issues and the consequent responsibilities relevant to the
professional engineering practice using IT.
7. Environment and sustainability: Understand the impact of the professional engineering
solutions in societal and environmental contexts, and demonstrate the knowledge of, and need for
sustainable development in IT.
8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and norms
of the engineering practice using IT.
9. Individual and team work: Function effectively as an individual, and as a member or leader in
diverse teams, and in multidisciplinary settings in IT.
10. Communication: Communicate effectively on complex engineering activities with the
engineering community and with society at large, such as, being able to comprehend and write
effective reports and design documentation, make effective presentations, and give and receive
clear instructions.
11. Project Management and finance: Demonstrate knowledge and understanding of the
engineering and management principles and apply these to one’s own work, as a member and
leader in a team, to manage IT projects and in multidisciplinary environments.
12. Life –long Learning: Recognize the need for, and have the preparation and ability to engage in
independent and life-long learning in the broadest context of technological changes needed in IT.

5
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

PROGRAM EDUCATIONAL OBJECTIVES (PEOs)

PEO1: To provide students with the fundamentals of Engineering Sciences with more
emphasis in Computer Science & Engineering by way of analyzing and exploiting
engineering challenges.

PEO2: To train students with good scientific and engineering knowledge so as to

comprehend, analyze, design, and create novel products and solutions for the real life
problems in Computer Science and Engineering

PEO3: To inculcate professional and ethical attitude, effective communication skills,

teamwork skills, multidisciplinary approach, entrepreneurial thinking and an ability to
relate engineering issues with social issues for Computer Science & Engineering.

PEO4: To provide students with an academic environment aware of excellence,

leadership, written ethical codes and guidelines, and the self-motivated life-long learning
needed for a successful professional career in Computer Science & Engineering.

PEO5: To prepare students to excel in Industry and Higher education by Educating

Students along with High moral values and Knowledge in Computer Science &
Engineering.

PSO of the Department:

PSO 1: Ability to interpret and analyze network specific and cyber security issues, automation in real
word environment.

PSO 2: Ability to apply the knowledge of cloud computing, artificial intelligence, machine learning and
deep learning under realistic constraints.

6
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

RTU Syllabus with List of Experiments:

7IT4-22 Cyber Security Lab

Class: 7th Sem. B. Tech. 4th year Evaluation

Branch: Information Technology Examination Time = Two (2) Hours
Credits: 2 Maximum Marks = 100
Schedule per week: 2 Hrs (Practical) [Internal Assessment/Sessional(60)&End-term Exam(40 )]

S.No. Contents
1 Implement the following Substitution & Transposition Techniques concepts:
a) Caesar Cipher b) Rail fence row & Column Transformation
2 Implement the Diffie-Hellman Key Exchange mechanism using HTML and JavaScript.
Consider the end user as one of the parties (Alice) and the JavaScript application as other party
(bob).
3 Implement the following Attack: Dictionary Attack b) Brute Force Attack
4 Installation of Wire shark, tcpdump, etc and observe data transferred in client server
communication using UDP/TCP and identify the UDP/TCP datagram.
5 Installation of rootkits and study about the variety of options.
6 Perform an Experiment to Sniff Traffic using ARP Poisoning.
7 Demonstrate intrusion detection system using any tool (snort or any other (s/w).
8 Demonstrate how to provide secure data storage, secure data transmission
and for creating digital signatures.
PROJECT: In a small area location such as a house, office or in a classroom, there is a small
network called a Local Area Network (LAN). The project aims to transfer a file peer-to-peer
from one computer to another computer in the same LAN. It provides the necessary
authentication for file transferring in the network transmission. By implementing the Server-
Client technology, use a File Transfer Protocol mechanism and through socket programming,
the end user is able to send and receive the encrypted and decrypted file in the LAN. An
additional aim of the project is to transfer a file between computers securely in LANs. Elements
of security are needed in the project because securing the files is an important task, which
ensures files are not captured or altered by anyone on the same network. Whenever you transmit
files over a network, there is a good chance your data will be encrypted by
encryption technique. Any algorithm like AES is used to encrypt the file that needs to transfer to
another computer. The encrypted file is then sent to a receiver computer and
will need to be decrypted before the user can open the file.
Text / Reference Books:
T1: Hacking: The Art of Exploitation (2nd Ed.) by Jon Erickson
T2: The Science of Secrecy from Ancient Egypt to Quantum Cryptography by Simon Singh

7
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

COURSE OUTCOMES
Graduates would be able:

CO1: Understand the implementation of various techniques and security algorithms.

CO2: Apply different tools used for secure data transmission and for creating digital signature.

Mapping of CO & PO:

PROGRAM OUTCOMES
COURSE
OUTCOMES 1 2 3 4 5 6 7 8 9 10 11 12

CO-1 3 3 2 2 3 3 1 2 3 1 2 3
CO-2 3 2 3 3 3 2 2 3 3 2 2 2

Mapping of CO & PSO:

COURSE OUTCOMES Average mapping Average mapping with

PSO with course course

CO-1 3 2
CO-2 3 2 2 2

8
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Mapping of Experiments with Cos & BT Level

CO BT
S.N Contents
o. s
1 Implement the following Substitution & Transposition Techniques concepts: 1 3
b) Caesar Cipher b) Rail fence row & Column Transformation
2 Implement the Diffie-Hellman Key Exchange mechanism using HTML and 1 4
JavaScript. Consider the end user as one of the parties (Alice) and the JavaScript
application as other party (bob).
3 Implement the following Attack: Dictionary Attack b) Brute Force Attack 1 3
4 Installation of Wire shark, tcpdump, etc and observe data transferred in client server 2 3
communication using UDP/TCP and identify the UDP/TCP datagram.
5 Installation of rootkits and study about the variety of options. 2 3
6 Perform an Experiment to Sniff Traffic using ARP Poisoning. 2 5
7 Demonstrate intrusion detection system using any tool (snort or any other (s/w). 1 4
8 Demonstrate how to provide secure data storage, secure data transmission 2 5
and for creating digital signatures.

* BT - Bloom's Taxonomy

9
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Introduction About Laboratory & Applications

The Cyber Security Laboratory is a state-of-the-art, dedicated space in which students can safely
engage in cyber related activities, including malware detection and deactivation, and penetration
testing, in a contained and controlled environment without possible impact to other campus
networks.
Cyber Security is a process that's designed to protect networks and devices from external threats.
Businesses typically employ Cyber Security professionals to protect their confidential information,
maintain employee productivity, and enhance customer confidence in products and services.
Cyber security is how individuals and organisations reduce the risk of cyber-attack. Cyber security's core
function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the
services we access - both online and at work - from theft or damage.
 Protect networks and data from unauthorized access.
 Improved information security and business continuity management.
 Improved stakeholder confidence in your information security arrangements.
 Improved company credentials with the correct security controls in place.
List of Hardware Requirements & Software

RequirementsSoftware Requirements

 C
 C++
 Java or equivalent Compiler GnuPG
 Snort
Hardware Requirements

 Standalone Desktops (or) Server supporting 30 terminals or more

10
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Instructions Sheet

Instructions of Lab
DO’s
1. Please switch off the Mobile phone before enter into the Lab.
2. Check whether all peripheral are available at your desktop before proceeding for program.
3. Intimate the lab technician whenever you face any problem related to hardware and
software.
4. Arrange all the peripheral and seats before leaving the lab.
5. Properly shutdown the system before leaving the lab.
6. Keep the bag outside.
7. Maintain the decorum of the lab.

DON’TS
1. No one is allowed to use pen drives without permission of lab technician in the lab.
2. Don’t mishandle the system.
3. Don’t bring any external material in the lab.
4. Don’t make noise in the lab.
5. Don’t litter in the lab.
6. Don’t delete or make any modification in system files.
7. Don’t carry any lab equipment’s outside the lab.

11
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Instructions for Student

BEFORE ENTERING IN THE LAB

 All the students are supposed to prepare the theory regarding the next program.
 Students are supposed to bring the practical file and the lab copy.
 Assignment given in previous labs should be written in the practical file.
 Print out of diagram should be pasted in the lab file.
 Any student not following these instructions will be denied entry in the lab.

WHILE WORKING IN THE LAB

 Adhere to experimental schedule as instructed by the lab in-charge.
 Get the previously executed program signed by the instructor.
 Get the output of the current program checked by the instructor in the lab copy.
 Each student should work on his/her assigned computer at each turn of the lab.
 Take responsibility of valuable accessories.
 Concentrate on the assigned practical and do not play games.
 If anyone caught red handed carrying any equipment of the lab, then he will have to face
serious consequences.

12
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Experiment No. 1

AIM: Implement the following Substitution & Transposition Techniques concepts:

a) Caesar Cipher
b) Rail fence row & Column Transformation
Description: To implement a program for encrypting a plain text and decrypting a cipher text
using CaesarCipher (shift cipher) substitution technique

ALGORITHM DESCRIPTION:
It is a type of substitution cipher in which each letter in the plaintext is
replaced by a letter some fixed number of positions down the alphabet. For
example, with a left shift of 3, D would be replaced by A, E would become
B, and so on.
The method is named after Julius Caesar, who used it in his private
correspondence. The transformation can be represented by aligning two
alphabets; the cipher alphabet isthe plain alphabet rotated left or right by
some number of positions.
The encryption can also be represented using modular arithmetic by first
transformingthe letters into numbers, according to the scheme, A = 0, B =
1, Z = 25.
Encryption of a letter x by a shift n can be described
mathematicallyas, En(x) = (x + n) mod26
Decryption is
performed
similarly, Dn
(x)=(x - n)
mod26
PROGRAM:
impo
rt
java.
util.*
;
class
caes
arCi
pher

13
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

{
public static String encode(String enc, int offset)
{
offset = offset
% 26 + 26;
StringBuilder
encoded = new
StringBuilder();
for (char i :
enc.toCharArra
y())
{
if (Character.isLetter(i))
{
if (Character.isUpperCase(i))
{
encoded.append((char) ('A' + (i - 'A' + offset) % 26 ));
}
else
{
encoded.append((char) ('a' + (i - 'a' + offset) % 26 ));
}
}
else
{
encoded.append(i);
}
}
return encoded.toString();
}
public static String decode(String enc, int offset)
{
return encode(enc, 26-offset);
}
public static void main (String[] args) throws java.lang.Exception
{
String msg = "Hello welcome to Security
Laboratory";
System.out.println("simulation of Caesar
Cipher"); System.out.println("input
message : " + msg); System.out.printf(
"encoded message : ");
System.out.println(caesarCipher.encode(
msg, 12)); System.out.printf( "decoded
message : ");
System.out.println(caesarCipher.decode(caesarCipher.encode(msg, 12), 12));
}

14
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

stdin:
Standard input is empty

stdout:
simulation of Caesar Cipher

input message : Hello welcome to Security Laboratory

encoded message : Tqxxa

iqxoayq fa Eqogdufk
Xmnadmfadk

decoded message : Hello

welcome to SecurityLaboratory

RESULT:
Thus the program was executed and verified successfully.

15
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

1(b) To implement a program for encryption and decryption using rail fence
transposition technique.
ALGORITHM DESCRIPTION:
In the rail fence cipher, the plaintext is written downwards and diagonally on
successive "rails" of an imaginary fence, then moving up when we reach the bottom
rail.
When we reach the top rail, the message is written downwards again until the whole
plaintext is written out.
The message is then read off in rows.
PROGRAM:
import java.util.*;
class railfenceCipherHelper
{
int depth;
String encode(String msg, int depth) throws Exception
{
int r = depth;
int l =
msg.lengt
h(); int c
= l/depth;
int k = 0;
char mat[][] = new char[r][c]; String enc = "";
for (int i=0; i<c; i++)
{
for (int j=0; j<r; j++)
{
if (k != l)
{
mat[j][i] = msg.charAt(k++);
}
Else
{
mat[j][i] = 'X';
}}}
for (int i=0; i<r; i++)
{
for (int j=0; j<c; j++)
{
enc += mat[i][j];
}}
return enc;

16
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

}
String decode(String encmsg, int depth) throws Exception
{
int r = depth;
int l = encmsg.length(); int c = l/depth;
int k = 0;
char mat[][] = new char[r][c];
String dec = "";
for (int i=0; i<r; i++)
{
for (int j=0; j< c; j++)
{
mat[i][j] = encmsg.charAt(k++);
}}
for (int i=0; i<c; i++)
{
for (int j=0; j< r; j++)
{
dec += mat[j][i];
}}
return dec;
}}
class railfenceCipher
{
public static void main (String[] args) throws java.lang.Exception
{
railfenceCipherHelper rf = new
railfenceCipherHelper(); String msg, enc, dec;
msg="hellorailfen
cipher"; int depth =
2;
enc =
rf.encode(msg,
depth); dec =
rf.decode(enc,
depth);
System.out.println(
"simulation of
Railfence
Cipher");
System.out.println(
"input message : "
+ msg);
System.out.println(
"encoded message
: " + enc);
System.out.printf(

17
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

"decoded message
: " + dec);
}}
stdin:
Standard input is empty

stdout:
simulation of Railfence Cipher
Input message : hellorailfencecipher
Encoded message : hloaleccpeelrifneihr
Decoded message : hellorailfencecipher

RESULT:
Thus the program was executed and verified successfully.

18
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Experiment-2

Aim: Implementation of Diffie Hellman key Exchange Algorithm

DESCRIPTION:
Diffie–Hellman Key Exchange establishes a shared secret between two parties that can be used for
secret communication for exchanging data over a public network. It is primarily used as a method of
exchanging cryptography keys for use in symmetric encryption algorithms like AES. The algorithm in
itself is very simple. The process begins by having the two parties, Alice and Bob. Let's assume that
Alice wants to establish a shared secret with Bob.
EXAMPLE:

ALGORITHM:
STEP-1: Both Alice and Bob shares the same public keys g and p.
STEP-2: Alice selects a random public key a.
STEP-3: Alice computes his secret key A as ga mod p.
STEP-4: Then Alice sends A to Bob.
STEP-5: Similarly Bob also selects a public key b and computes his secret key as B and sends the
same back to Alice.
STEP-6: Now both of them compute their common secret key as the other one’s secret key power of a
mod p.
PROGRAM: (Diffie Hellman Key
Exchange)#include<stdio.h>
#include<conio.h>

19
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

long long int power(int a, int b, int mod)

{
long long int t; if(b==1)
return a; t=power(a,b/2,mod); if(b%2==0)
return (t*t)%mod; else
return (((t*t)%mod)*a)%mod;
}
long int calculateKey(int a, int x, int n)
{
return power(a,x,n);
}
void main()
{
int n,g,x,a,y,b; clrscr();
printf("Enter the value of n and g : "); scanf("%d%d",&n,&g);
printf("Enter the value of x for the first person : "); scanf("%d",&x);
a=power(g,x,n);
printf("Enter the value of y for the second person : "); scanf("%d",&y);
b=power(g,y,n);
printf("key for the first person is :
%lld\n",power(b,x,n));
printf("key for the second person is :
%lld\n",power(a,y,n)); getch();
}
OUTPUT:

20
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Experiment No.-3

Aim: Implement the following Attack: a) Dictionary Attack b) Brute Force Attack

The bruteforce attack is simple enough to understand. It is performed by entering in every possible password
that can be accepted by a system until the correct password is entered. However, actually writing one is a bit
more complex. There's a complex underlying logic involved simply entering in every password. This post will
cover the logic of programming a sequential bruteforcer and cap off with writing a sequential ascending
bruteforcer in C/C++. Lastly, I will show a quick trick to turn the sequential ascending bruteforcer into a
sequential descending bruteforcer.
A bruteforcer has three main logical components: A selection where the user inputs specific location of the
attack; Generating the passwords to test; Testing the password. Having the user input the specific location to
attack is arguably the easiest part of writing a bruteforcer. This part can actually be "hard-coded" (specified by
the programmer so no input is required) so I was thinking of not even mentioning it. But, I decided to bring it
up as any bruteforcer meant to be used by more then one person will include this. Let's say we've written a
bruteforcer that attacks Yahoo accounts. In this case, the bruteforcer will be programmed to attack Yahoo
accounts, but the user must input the Yahoo account to specifically attack. This first component of the
bruteforcer will handle thus handles obtianing this information.
Once the bruteforcer knows what it is going to attack, it must generate the password to try. In a sequential
bruteforcer, the password tried each time will be sequentially one step away from the last password tried. So, in
a sequential ascending bruteforcer, the bruteforcer will try the password 000001 followed by 000002. This
works in reverse in a sequential descending bruteforcer. The programming of this is generally handled by
writing a continuous loop which breaks only when the password generated is successful. Meanwhile, a handful
of variables constantly increment with each run through the loop. When all of the possible passwords are tried,
the variables are all reset as low as possible, the number of characters in the password is incremented or
decremented, and the process begins again with checking all of the passwords one character longer or shorter
then the last number of characters in a password. In practice, this is simpler then it sounds.
The last main component of a bruteforcer is the part in which a bruteforcer checks to see if it's generated the
correct password. In some cases, this can surprisingly be the hardest part of the bruteforcer to write. Using our
Yahoo example again, writing this part of the bruteforcer requires a knowledge of the Yahoo API. It's really
hard for me to write how to perform the password check as each check will be written differently. While all
checks are simple from a broad perspective, this is liable to get quite complex depending on what you're trying
to bruteforce. My recommendation is to look for a library to do the check for you so you can do the least
amount of work possible to perform what is really be a trivial step overall.
Here is the code I wrote to an ascending bruteforcer in C/C++. It's really rather small code and thus pretty self-
explanatory. (The comments should help explain things too):

21
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

/*Change "(" to "<" and change ")" to ">" */

#include (iostream)
#include (string)
using namespace std;
/*Prototypes*/
void checkPassword(string password);
void recurse(int width, int position, string baseString);
/*Global Variables*/
char
chars[]={'z','y','x','w','v','u','t','s','r','q','p','o','n','m','l','k','j','i','h','g','f','e','d','c','b','a','9','8','7','6','5','4','3','2','1','0'};
string t;
/*This function generates the password*/
void recurse(int width, int position, string baseString)
{
for(int i=0;i<35;i++){
if (position < width-1){
recurse(width, position + 1, baseString+chars[i]);
}
checkPassword(baseString+chars[i]);
}}
/*This function checks to see if the generated password is correct*/
void checkPassword(string password)
{
cout << "Trying this password: " << password << endl;
if (password==t) {
cout << "match [" << password << "]" << endl;
int pause;
cin >> pause;
exit(1);
}}
int main(){
cout << "Enter a string (No more then 10 characters for demonstration purposes): " << endl;
cin >> t;
int maxChars = 10;
for(int i = maxChars; i >0; i++)
{
cout << "Checking passwords width [" << i << "]..." << endl;
recurse(i,0,"");}
return 0;
}

22
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Experiment No. -4

Aim: Installation of Wire shark, tcpdump, etc and observe data transferred in client server
communication using UDP/TCP and identify the UDP/TCP datagram.

Description:
The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free open- source network
protocol analyzer. It is used for network troubleshooting and communication protocol analysis. Wireshark
captures network packets in real time and display them in human-readable format. It provides many
advanced features including live capture and offline analysis, three-pane packet browser, coloring rules
for analysis. This document uses Wireshark for the experiments, and it covers Wireshark installation,
packet capturing, and protocol analysis.

Figure 1: Wireshark in Kali Linux

23
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Background

TCP/IP Network Stack

Figure 2: Encapsulation of Data in the TCP/IP Network Stack

- Application Layer: The application layer includes the protocols used by most applications
for providing user services. Examples of application layer protocols are Hypertext
Transfer Protocol (HTTP), Secure Shell (SSH), File Transfer Protocol (FTP), and Simple
Mail Transfer Protocol (SMTP).
- Transport Layer: The transport layer establishes process-to-process connectivity, and it
provides end-to-end services that are independent of underlying user data. To implement
the process-to-process communication, the protocol introduces a concept of port. The
examples of transport layer protocols are Transport Control Protocol (TCP) and User
Datagram Protocol (UDP). The TCP provides flow- control, connection establishment,
and reliable transmission of data, while the UDP is a connectionless transmission model.
- Internet Layer: The Internet layer is responsible for sending packets to across networks. It
has two functions: 1) Host identification by using IP addressing system (IPv4 and IPv6);
and 2) packets routing from source to destination. The examples of Internet layer
protocols are Internet Protocol (IP), Internet Control Message Protocol (ICMP), and
Address Resolution Protocol (ARP).
- Link Layer: The link layer defines the networking methods within the scope of the local
network link. It is used to move the packets between two hosts on the same link. An
common example of link layer protocols is Ethernet.
Packet Sniffer

Packet sniffer is a basic tool for observing network packet exchanges in a computer. As the name
suggests, a packet sniffer captures (“sniffs”) packets being sent/received from/by your computer; it will

24
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

also typically store and/or display the contents of the various protocol fields in these captured packets. A
packet sniffer itself is passive. It observes messages being sent and received by applications and protocols
running on your computer, but never sends packets itself.
Figure 3 shows the structure of a packet sniffer. At the right of Figure 3 are the protocols (in this case,
Internet protocols) and applications (such as a web browser or ftp client) that normally run on your
computer. The packet sniffer, shown within the dashed rectangle in Figure 3 is an addition to the usual
software in your computer, and consists of two parts. The packet capture library receives a copy of every
link-layer frame that is sent from or received by your computer. Messages exchanged by higher layer
protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually encapsulated in link-layer frames
that are transmitted over physical media such as an Ethernet cable. In Figure 1, the assumed physical
media is an Ethernet, and so all upper-layer protocols are eventually encapsulated within an Ethernet
frame. Capturing all link-layer frames thus gives you access to all messages sent/received from/by all
protocols and applications executing in your computer.
The second component of a packet sniffer is the packet analyzer, which displays the contents of all fields
within a protocol message. In order to do so, the packet analyzer

Figure 3: Packet Sniffer Structure

must “understand” the structure of all messages exchanged by protocols. For example, suppose we are
interested in displaying the various fields in messages exchanged by the HTTP protocol in Figure 3. The
packet analyzer understands the format of Ethernet frames, and so can identify the IP datagram within an
Ethernet frame. It also understands the IP datagram format, so that it can extract the TCP segment within
the IP datagram. Finally, it understands the TCP segment structure, so it can extract the HTTP message
contained in the TCP segment. Finally, it understands the HTTP protocol and so, for example, knows that
the first bytes of an HTTP message will contain the string “GET,” “POST,” or “HEAD”.
We will be using the Wireshark packet sniffer [http://www.wireshark.org/] for these labs, allowing us to
display the contents of messages being sent/received from/by protocols at different levels of the protocol
stack. (Technically speaking, Wireshark is a packet analyzer that uses a packet capture library in your
computer). Wireshark is a free network protocol analyzer that runs on Windows, Linux/Unix, and Mac
computers.

25
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Getting Wireshark
The Kai Linux has Wireshark installed. You can just launch the Kali Linux VM and open Wireshark there.
Wireshark can also be downloaded from here: https://www.wireshark.org/download.html

Figure 4: Download Page of Wireshark

Starting Wireshark:
When you run the Wireshark program, the Wireshark graphic user interface will be shown as Figure 5.
Currently, the program is not capturing the packets.

Figure 5: Initial Graphic User Interface of Wireshark

26
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Then, you need to choose an interface. If you are running the Wireshark on your laptop, you need to
select WiFi interface. If you are at a desktop, you need to select the Ethernet interface being used. Note
that there could be multiple interfaces. In general, you can select any interface but that does not mean that
traffic will flow through that interface. The network interfaces (i.e., the physical connections) that your
computer has to the network are shown. The attached Figure 6 was taken from my computer.

After you select the interface, you can click start to capture the packets as shown in Figure 7.

Figure 6: Capture Interfaces in Wireshark

Figure 7: Capturing Packets in Wireshark

27
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Figure 8: Wireshark Graphical User Interface on Microsoft Windows

The Wireshark interface has five major components:
The command menus are standard pulldown menus located at the top of the window. Of interest to us
now is the File and Capture menus. The File menu allows you to save captured packet data or open a file
containing previously captured packet data, and exit the Wireshark application. The Capture menu allows
you to begin packet capture.
The packet-listing window displays a one-line summary for each packet captured, including the packet
number (assigned by Wireshark; this is not a packet number contained in any protocol’s header), the time
at which the packet was captured, the packet’s source and destination addresses, the protocol type, and
protocol-specific information contained in the packet. The packet listing can be sorted according to any of
these categories by clicking on a column name. The protocol type field lists the highest- level protocol
that sent or received this packet, i.e., the protocol that is the source or ultimate sink for this packet.
The packet-header details window provides details about the packet selected (highlighted) in the packet-
listing window. (To select a packet in the packet-listing window, place the cursor over the packet’s one-
line summary in the packet-listing window and click with the left mouse button.). These details include
information about the Ethernet frame and IP datagram that contains this packet. The amount of Ethernet
and IP-layer detail displayed can be expanded or minimized by clicking on the right- pointing or down-
pointing arrowhead to the left of the Ethernet frame or IP datagram line in the packet details window. If

28
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

the packet has been carried over TCP or UDP, TCP or UDP details will also be displayed, which can
similarly be expanded or minimized. Finally, details about the highest-level protocol that sent or received
this packet are also provided.
The packet-contents window displays the entire contents of the captured frame, in both ASCII and
hexadecimal format.
Towards the top of the Wireshark graphical user interface, is the packet display filter field, into which a
protocol name or other information can be entered in order to filter the information displayed in the
packet-listing window (and hence the packet-header and packet-contents windows). In the example
below, we’ll use the packet-display filter field to have Wireshark hide (not display) packets except those
that correspond to HTTP messages.

Capturing Packets
After downloading and installing Wireshark, you can launch it and click the name of an interface under
Interface List to start capturing packets on that interface. For example, if you want to capture traffic on
the wireless network, click your wireless interface.

Test Run
Do the following steps:
1. Start up the Wireshark program (select an interface and press start to capture packets).
2. Start up your favorite browser (ceweasel in Kali Linux).
3. In your browser, go to Wayne State homepage by typing www.wayne.edu.
4. After your browser has displayed the http://www.wayne.edu page, stop Wireshark packet
capture by selecting stop in the Wireshark capture window. This will cause the Wireshark
capture window to disappear and the main Wireshark window to display all
packets captured since you began packet capture see image below:

29
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

5. Color Coding: You’ll probably see packets highlighted in green, blue, and black.
Wireshark uses colors to help you identify the types of traffic at a glance. By default,
green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black
identifies TCP packets with problems — for example, they could have been delivered
out-of-order.
6. You now have live packet data that contains all protocol messages exchanged between
your computer and other network entities! However, as you will notice the HTTP
messages are not clearly shown because there are many other packets included in the
packet capture. Even though the only action you took was to open your browser, there are
many other programs in your computer that communicate via the network in the
background. To filter the connections to the ones we want to focus on, we have to use the
filtering functionality of Wireshark by typing “http” in the filtering field as shown below:

Notice that we now view only the packets that are of protocol HTTP. However, we also still do not have
the exact communication we want to focus on because using HTTP as a filter is not descriptive enough to
allow us to find our connection to http://www.wayne.edu. We need to be more precise if we want to
capture the correct set of packets.
7. To further filter packets in Wireshark, we need to use a more precise filter. By setting the
http.host==www.wayne.edu, we are restricting the view to packets that have as an http
host the www.wayne.edu website. Notice that we need two equal signs to perform the
match “==” not just one. See the screenshot below:

30
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

8. Now, we can try another protocol. Let’s use Domain Name System (DNS) protocol as an
example here.

31
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

9. Let’s try now to find out what are those packets contain by following one of the
conversations (also called network flows), select one of the packets and press the right
mouse button (if you are on a Mac use the command button and click), you should see
something similar to the screen below:

Click on Follow UDP Stream, and then you will see following screen.

32
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

10. If we close this window and change the filter back to “http.host==www.wayne.edu” and
then follow a packet from the list of packets that match that filter, we should get the
something similar to the following screens. Note that we click on Follow TCP Stream
this time.

33
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Experiment No.-5

AIM: Installation of rootkits and study about the variety of options.

Rootkit is a stealth type of malicious software designed to hide the existence of certain process
from normal methods of detection and enables continued privileged access to a computer.

Description:
Breaking the term rootkit into the two component words, root and kit, is a useful way to define it.
Root is a UNIX/Linux term that's the equivalent ofAdministrator in Windows. The word kit
denotes programs that allow someone to obtain root/admin-level access to the computer by executing
the programs in the kit — all of which is done without end-user consent or knowledge.
A rootkit is a type of malicious software that is activated each time your system boots up. Rootkits
are difficult to detect because they are activated before your system's Operating System has
completely booted up. A rootkit often allows the installation of hidden files, processes, hidden user
accounts, and more in the systems OS. Rootkits are able to intercept data from terminals,network
connections, and the keyboard.

Rootkits have two primary functions: remote command/control (back door) and software
eavesdropping. Rootkits allow someone, legitimate or otherwise, to administratively control a
computer. This means executing files, accessing logs, monitoring user activity, and even changing
the computer's configuration. Therefore, in the strictest sense, even versions of VNC are rootkits.
This surprises most people, as they consider rootkits to be solely malware, but in of themselves they
aren't malicious at all.

PROCEDURE:

STEP-1: Download Rootkit Tool from GMER website www.gmer.net.

STEP-2: This displays the Processes, Modules, Services, Files, Registry, RootKit / Malwares,
Autostart, CMD of local host.
STEP-3: Select Processes menu and kill any unwanted process if any.
STEP-4: Modules menu displays the various system files like .sys, .dll
STEP-5: Services menu displays the complete services running with Autostart, Enable, Disable,
System, Boot.
STEP-6: Files menu displays full files on Hard-Disk volumes.
STEP-7: Registry displays Hkey_Current_user and Hkey_Local_Machine.
STEP-8: Rootkits / Malwares scans the local drives selected.
STEP-9: Autostart displays the registry base Autostart applications.
STEP-10:CMD allows the user to interact with command line utilities or Registry
SCREENSHOTS:

34
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

35
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Experiment No. - 6

Aim: Perform an Experiment to Sniff Traffic using ARP Poisoning.

Description:
ARP is the acronym for Address Resolution Protocol. It is used to convert IP address to physical
addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and the
recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC
address is then used to communicate. ARP poisoning is sending fake MAC addresses to the
switch so that it can associate the fake MAC addresses with the IP address of a genuine
computer on a network and hijack the traffic.

ARP Poisoning Countermeasures

Static ARP entries: these can be defined in the local ARP cache and the switch configured to ignore
all auto ARP reply packets. The disadvantage of this method is, it’s difficult to maintain on large
networks. IP/MAC address mapping has to be distributed to all the computers on the network.
ARP poisoning detection software: these systems can be used to cross check the IP/MAC address
resolution and certify them if they are authenticated. Uncertified IP/MAC address resolutions can
then be blocked.
Operating System Security: this measure is dependent on the operating system been used. The
following are the basic techniques used by various operating systems.
 Linux based: these work by ignoring unsolicited ARP reply packets.
 Microsoft Windows: the ARP cache behavior can be configured via the registry. The
following list includes some of the software that can be used to protect networks against
sniffing;
 AntiARP– provides protection against both passive and active sniffing
 Agnitum Outpost Firewall–provides protection against passive sniffing
 XArp– provides protection against both passive and active sniffing
 Mac OS: ArpGuard can be used to provide protection. It protects against both active and
passive sniffing.
 Computers communicate using networks. These networks could be on a local area network
LAN or exposed to the internet. Network Sniffers are programs that capture low-level
package data that is transmitted over a network. An attacker can analyze this information
to discover valuable information such as user ids and passwords.
 In this article, we will introduce you to common network sniffing techniques and tools used
to sniff networks.
What is network sniffing?
Computers communicate by broadcasting messages on a network using IP addresses. Once a
message has been sent on a network, the recipient computer with the matching IP address responds
with its MAC address.

36
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Network sniffing is the process of intercepting data packets sent over a network. This can be
done by the specialized software program or hardware equipment. Sniffing can be used to;

 Capture sensitive data such as login credentials

 Eavesdrop on chat messages
 Capture files have been transmitted over a network

The following are protocols that are vulnerable to sniffing

 Telnet
 Rlogin
 HTTP
 SMTP
 NNTP
 POP
 FTP
 IMAP

The above protocols are vulnerable if login details are sent in plain text

Passive and Active Sniffing

Before we look at passive and active sniffing, let’s look at two major devices used to network
computers; hubs and switches.

A hub works by sending broadcast messages to all output ports on it except the one that has
sent the broadcast. The recipient computer responds to the broadcast message if the IP address
matches. This means when using a hub, all the computers on a network can see the broadcast
message. It operates at the physical layer (layer 1) of the OSI Model.

37
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

The diagram below illustrates how the hub works.

A switch works differently; it maps IP/MAC addresses to physical ports on it. Broadcast
messages are sent to the physical ports that match the IP/MAC address configurations for the
recipient computer. This means broadcast messages are only seen by the recipient computer.
Switches operate at the data link layer (layer 2) and network layer (layer 3).

The diagram below illustrates how the switch works.

Passive sniffing is intercepting packages transmitted over a network that uses a hub. It is called
passive sniffing because it is difficult to detect. It is also easy to perform as the hub sends broadcast
messages to all the computers on the network.

Active sniffing is intercepting packages transmitted over a network that uses a switch. There
are two main methods used to sniff switch linked networks, ARP Poisoning, and MAC flooding.

38
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Sniffing the network using Wireshark :The illustration below shows you the steps that you will carry out to
complete this exercise withoutconfusion

Download Wireshark from this link http://www.wireshark.org/download.html

 Open Wireshark
 You will get the following screen

 Select the network interface you want to sniff. Note for this demonstration, we are using a
wireless network connection. If you are on a local area network, then you should select the
local area network interface.
 Click on start button as shown above

39
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

 Open your web browser and type in http://www.techpanda.org/

 The login email is [email protected] and the password is Password2010

 Click on submit button
 A successful logon should give you the following dashboard

 Go back to Wireshark and stop the live capture

 Filter for HTTP protocol results only using the filter textbox

40
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

 Locate the Info column and look for entries with the HTTP verb POST and click on it

 Just below the log entries, there is a panel with a summary of captured data. Look for the
summary that says Line-based text data: application/x-www-form-urlencoded

 You should be able to view the plaintext values of all the POST variables submitted to the
server via HTTP protocol.

41
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Experiment No. - 7

Aim: Demonstrate intrusion detection system using any tool (snort or any other s/w).

Snort is an open source network intrusion detection system (NIDS) and it is a packet sniffer that
monitors network traffic in real time.
Description:
INTRUSION DETECTION SYSTEM: Intrusion detection is a set of techniques and methods thatare
used to detect suspicious activity both at the network and host level. Intrusion detection systems
fall into two basic categories:
 Signature-based intrusion detection systems
 Anomaly detection systems.
Intruders have signatures, like computer viruses, that can be detected using software. You try to find
data packets that contain any known intrusion-related signatures or anomalies related to Internet
protocols. Based upon a set of signatures and rules, the detection system is able to find and log
suspicious activity and generate alerts.

Anomaly-based intrusion detection usually depends on packet anomalies present in protocol header
parts. In some cases these methods produce better results compared to signature-based IDS. Usually
an intrusion detection system captures data from the network and applies its rules to that data or
detects anomalies in it. Snort is primarily a rule-based IDS, however input plug-ins are present to
detect anomalies in protocol headers.

SNORT TOOL:

Snort is based on libpcap (for library packet capture), a tool that is widely used in TCP/IPtraffic
sniffers and analyzers. Through protocolanalysis and content searching and matching, Snort detects
attack methods, including denial of service, buffer overflow, CGI attacks, stealthport scans, and
SMB probes. When suspicious behavior is detected, Snort sends a real-time alert to syslog, a
separate 'alerts' file, or to apop-up window.

Snort is currently the most popular free network intrusion detection software. The advantages of
Snort are numerous. According to the snort web site, “It can perform protocol analysis, content
searching/matching, and can be used to detect a variety of attacks and probes, such as buffer
overflow, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more”
(Caswell).

42
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

One of the advantages of Snort is its ease of configuration. Rules are very flexible, easily written,
and easily inserted into the rule base. If a new exploit or attack is found a rule for the attack can be
added to the rule base in a matter of seconds. Another advantage of snort is that it allows for raw
packet data analysis.

SNORT can be configured to run in three modes:

Sniffer mode
Packet Logger mode
Network Intrusion Detection System mode
Sniffer mode
Snort –v Print out the TCP/IP packets header on the screen
Snort –vd show the TCP/IP ICMP header with application data in transmit
Packet Logger mode
snort –dev –l c:\log [create this directory in the C drive] and snort will automatically know to go into
packet logger mode, it collects every packet it sees and places it in log directory.

snort –dev –l c:\log –h ipaddress/24:This rule tells snort that you want to print out the data link and
TCP/IP headers as well as application data into the log directory. snort –l c:\log –b This is binary
mode logs everything into a single file.

Network Intrusion Detection System mode

snort –d c:\log –h ipaddress/24 –c snort.conf This is a configuration file applies rule to each packet to
decide it an action based upon the rule type in the file.

Snort –d –h ipaddress/24 –l c:\log –c snort.conf This will cnfigure snort to run in its most basic
NIDS form, logging packets that trigger rules specifies in the snort.conf.

PROCEDURE:

STEP-1: Sniffer mode€ snort –v € Print out the TCP/IP packets header on the screen.
STEP-2: Snort –vd € Show the TCP/IP ICMP header with application data in transit.
STEP-3: Packet Logger mode € snort –dev –l c:\log [create this directory in the C drive] and snort
will automatically know to go into packet logger mode, it collects every packet it sees and places it
in log directory.
STEP-4: snort –dev –l c:\log –h ipaddress/24 € This rule tells snort that you want to print out the
data link and TCP/IP headers as well as application data into the log directory.
STEP-5: snort –l c:\log –b € this binary mode logs everything into a single file.
STEP-6: Network Intrusion Detection System mode € snort –d c:\log –h ipaddress/24 –c snort.conf €

43
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

This is a configuration file that applies rule to each packet to decide it an action based upon the rule
type in the file.
STEP-7: snort –d –h ip address/24 –l c:\log –c snort.conf € This will configure snort to run in its
most basic NIDS form, logging packets that trigger rules specifies in the snort.conf.
STEP-8: Download SNORT from snort.org. Install snort with or without database support.
STEP-9: Select all the components and Click Next. Install and Close.
STEP-10: Skip the WinPcap driver installation.
STEP-11: Add the path variable in windows environment variable by selecting new classpath.
STEP-12: Create a path variable and point it at snort.exe variable name € path and variable value €
c:\snort\bin.
STEP-13: Click OK button and then close all dialog boxes. Open command prompt and type the
following commands:

INSTALLATION PROCESS:

44
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

RESULT: Thus the demonstration of the instruction detection using Snort tool was done
successfully.

45
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Experiment No. - 8

Aim: Demonstrate how to provide secure data storage, secure data transmission andfor creating
digital signatures.
Demonstrate how to provide secure data storage, secure data transmission and for creating digital
signatures (GnuPG).
Description: Here’s the final guide in my PGP basics series, this time focusing on Windows The OS in
question will be Windows 7, but it should work for Win8 and Win8.1 as well Obviously it’s not recommended
to be using Windows to access the DNM, but I won’t go into the reasons here. The tool well be using is
GPG4Win
INSTALLING THE SOFTWARE:
Visit www.gpg4win.org. Click on the “Gpg4win 2.3.0” button
On the following screen, click the “Download Gpg4win” button.
When the “Welcome” screen is displayed, click the “Next” button

When the “License Agreement” page is displayed, click the “Next” button

46
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Set the check box values as specified below, then click the “Next” button

Set the location where you want the software to be installed. The default location is fine. Then,
click the “Next” button.

Specify where you want shortcuts to the software placed, then click the “Next” button.

47
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

If you selected to have a GPG shortcut in your Start Menu, specify the folder in which it will be
placed. The default “Gpg4win” is OK. Click the “Install” button to continue

A warning will be displayed if you have Outlook or Explorer opened. If this occurs, click the “OK”button.

The installation process will tell you when it is complete. Click the “Next” button

Once the Gpg4win setup wizard is complete, the following screen will be displayed. Click the
“Finish” button

48
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

If you do not uncheck the “Show the README file” check box, the README file will be
displayed. The window can be closed after you’ve reviewed it.

CREATING YOUR PUBLIC AND PRIVATE KEYS

GPG encryption and decryption is based upon the keys of the person who will be receiving the
encrypted file or message. Any individual who wants to send the person an encrypted file or message
must possess the recipient’s public key certificate to encrypt the message. The recipient must have
the associated private key, which is different than the public key, to be able to decrypt the file. The
public and private key pair for an individual is usually generated by the individual on his or her
computer using the installed GPG program, called “Kleopatra” and the following procedure: From

49
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

your start bar, select the “Kleopatra” icon to start the Kleopatra certificate managementsoftware

The following screen will be displayed from the “File” dropdown, click on the “New Certificate”
Option

50
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

The following screen will be displayed. Click on “Create a personal OpenGPG key pair” and the
“Next” button

The Certificate Creation Wizard will start and display the following:

51
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Enter your name and e-mail address. You may also enter an optional comment. Then, click the
“Next” button

Review your entered values. If OK, click the “Create Key” button

52
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

You will be asked to enter a passphrase

53
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

The passphrase should follow strong password standards. After you’ve entered your passphrase, click the
“OK” button.

You will be asked to re-enter the passphrase Re-enter the passphrase value. Then click the “OK” button. If the
passphrases match, the certificate will be created.

54
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Once the certificate is created, the following screen will be displayed. You can save a backup of your public and
private keys by clicking the “Make a backup Of Your Key Pair” button. This backup can be used to copy
certificates onto other authorized computers.

If you choose to backup your key pair, you will be presented with the following screen:

55
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Specify the folder and name the file. Then click the “OK” button.

After the key is exported, the following will be displayed. Click the “OK” button

56
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

You will be returned to the “Key Pair Successfully Created” screen. Click the “Finish” button.

Before the program closes, you will need to confirm that you want to close the program by clicking on the
“Quit Kleopatra” button

57
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

DECRYPTING AN ENCRYPTED E-MAIL THAT HAS BEEN SENT TO YOU:

Open the e-mail message

Select the GpgOL tab

58
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Click the “Decrypt” button

A command window will open along with a window that asks for the Passphrase to your private key that
willbe used to decrypt the incoming message.

59
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Enter your passphrase and click the “OK” button

The results window will tell you if the decryption succeeded. Click the “Finish” button top close the window

60
 JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTRE

JECRC Campus, Shri Ram Ki Nangal, Via-Vatika, Jaipur

Your unencrypted e-mail message body will be displayed.

When you close the e-mail you will be asked if you want to save the e-mail message in its unencrypted
form. For maximum security, click the “No” button. This will keep the message encrypted within the e-
mail system and will require you to enter your passphrase each time you reopen the e-mail message

RESULT:
Thus the secure data storage, secure data transmission and for creating digital signatures (GnuPG) was
developed successfully.

61