[Approved by AICTE, Govt. of India & Affiliated to Dr.

APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Cyber Security Workshop

(BCC-401)

LAB MANUAL
ACADEMIC SESSION 2023-24

COURSE: B. TECH (ACSE)

SEM: IV

Dept. of Applied Computational Science &

Engineering VISION OF DEPARTMENT

To be recognized as a department imparting quality education in the field of applied

computational science and emerging technologies for catering the needs of the society.

MISSION OF DEPARTMENT
M1: To prepare graduates with a strong foundation in Artificial Intelligence, Machine Learning,
Data Science, emerging technologies and related disciplines.
M2: To inculcate problem solving skills in graduates in order to promote critical thinking and
leadership qualities.
M3: To educate socially competent professionals for various domains well versed with ethical uses
of emerging technologies.
M4: To stimulate technical competence, research and entrepreneurship in graduates for
socio-economic development.

PROGRAM EDUCATIONAL OBJECTIVES (PEOs)

 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

PEO1: Graduates will demonstrate technical competency and leadership to develop innovative
engineering solutions to real-world problems using Artificial Intelligence, Machine Learning, Data
Science and emerging technologies in an inter-disciplinary setting.
PEO2: Graduates will achieve professional success and pursue higher education and research in
Artificial Intelligence, Machine Learning, Data Science and emerging technologies.
PEO3: Graduates will exhibit social responsibility, adherence to ethical standards and effective
entrepreneurial practice towards society and environment.

PROGRAM OUTCOMES (POs)

1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering
fundamentals, and an engineering specialization to the solution of complex engineering
problems.
2. Problem analysis: Identify, formulate, review research literature, and analyze complex
engineering problems reaching substantiated conclusions using first principles of
mathematics, natural sciences, and engineering sciences.
3. Design/development of solutions: Design solutions for complex engineering problems
and design system components or processes that meet the specified needs with
appropriate consideration for the public health and safety, and the cultural, societal, and
environmental considerations.
4. Conduct investigations of complex problems: Use research-based knowledge and
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

research methods including design of experiments, analysis and interpretation of data,

and synthesis of the information to provide valid conclusions.
5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and
modern engineering and IT tools including prediction and modeling to complex
engineering activities with an understanding of the limitations.
6. The engineer and society: Apply reasoning informed by the contextual knowledge to
assess societal, healthy, safety, legal and cultural issues and the consequent
responsibilities relevant to the professional engineering practice.
7. Environment and sustainability: Understand the impact of the professional engineering
solutions in societal and environmental contexts, and demonstrate the knowledge of and
need for sustainable development.
8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and
norms of the engineering practice.
9. Individual and team work: Function effectively as an individual, and as a member or
leader in diverse teams, and in multidisciplinary settings.
10. Communication: Communicate effectively on complex engineering activities with the
engineering community and with society at large, such as, being able to comprehend and
write effective reports and design documentation, make effective presentations, and give
and receive clear instructions.
11. Project management and finance: Demonstrate knowledge and understanding of the
engineering and management principles and apply these to one’s own work, as a
member and leader in a team, to manage projects and in multidisciplinary environments.
12. Life-long learning: Recognize the need for, and have the preparation and ability to
engage in independent and life-long learning in the broadest context of technological
change.

PROGRAM SPECIFIC OUTCOMES(PSOs)

PSO1: Apply fundamental principles of Artificial Intelligence, Machine Learning, Data Science and
emerging technologies to design and develop innovative solutions for complex real-world
problems.
PSO2: Use applied computational science engineering knowledge and skills for professional
competence and entrepreneurship to meet industry standards and provide sustainable
development. Understanding how AI-based solutions affect the economy, society, and
environment.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

COURSE OUTCOMES

COURSE OUTCOMES
Mapping of
Understand the wrking and installation of various network analysis tools like
Program Outcomes
Wireshark, Ettercap, DVWA
with Course
Outcomes (COs) Apply network analysis tools to create and analyze various network attacks

CO-PO Matrix

Course PO PO PO PO P PO 7 PO PO PO PO PO
Outcomes 1 PO 3 4 5 O 8 9 10 11 12
2 6

BCS453.CO1 3

BCS453.CO2 3

BCS453.CO3 3

CO-PSO Matrix

COs PSO1 PSO2

BCS453.CO1 2

BCS453.CO2 2

2
BCS453.CO3

List of Experiments
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

S.No. Experiments

Module 1: Packet Analysis using Wire shark

1.
Basic Packet Inspection: Capture network traffic using Wire shark and analyze basic
protocols like HTTP, DNS, and SMTP to understand how data is transmitted and
received.

2.
Detecting Suspicious Activity: Analyze network traffic to identify suspicious patterns,
such as repeated connection attempts or unusual communication between hosts.

3.
Malware Traffic Analysis: Analyze captured traffic to identify signs of malware
communication, such as command-and-control traffic or data infiltration.

4.
Password Sniffing: Simulate a scenario where a password is transmitted in plaintext.
Use Wireshark to capture and analyze the packets to demonstrate the vulnerability
and the importance of encryption.

5. ARP Poisoning Attack: Set up an ARP poisoning attack using tools like Ettercap. Analyze the
captured packets to understand how the attack can lead to a Man-in-the-Middle scenario.

Module 2: Web Application Security using DVWA

1.
SQL Injection: Use DVWA to practice SQL injection attacks. Demonstrate how an
attacker can manipulate input fields to extract, modify, or delete database
information.

2.
Cross-Site Scripting (XSS): Exploit XSS vulnerabilities in DVWA to inject malicious
scripts into web pages. Show the potential impact of XSS attacks, such as stealing
cookies or defacing websites.

3.
Cross-Site Request Forgery (CSRF): Set up a CSRF attack in DVWA to demonstrate how
attackers can manipulate authenticated users into performing unintended actions.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

4.
File Inclusion Vulnerabilities: Explore remote and local file inclusion vulnerabilities in
DVWA. Show how attackers can include malicious files on a server and execute
arbitrary code.

5.
Brute-Force and Dictionary Attacks: Use DVWA to simulate login pages and
demonstrate brute-force and dictionary attacks against weak passwords. Emphasize
the importance of strong password policies.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Module 1: Packet Analysis using

Wire shark
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Experiment No:1

Aim: Basic Packet Inspection: Capture network traffic using Wire shark and analyze basic
protocols like HTTP, DNS, and SMTP to understand how data is transmitted and received.

Solution

a. Open Wireshark.
b. The following screen showing a list of all the network connections you can monitor is
displayed. You can select one or more of the network interfaces using shift+left-click or
by clicking on the tab All Interfaces Shown

c. Once the network interface is selected, you can start the capture, and there are several
ways to do that.
i. Click the first button on the toolbar, titled “Start capturing packets.”
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

OR

you can select the menu item Capture-> Start

d. During the capture process, Wireshark will show the following screen
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

e. Once you have captured all the packets needed, use the same buttons or menu

options to stop the capture as you did to begin.

Analyzing data packets on Wireshark: Wireshark Interface

Wireshark shows you three different panes for inspecting packet data. The Packet List, the top

pane, lists all the packets in the capture. When you click on a packet, the other two panes

change to show you the details about the selected packet. You can also tell if the packet is part

of a conversation.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Here are details about each column in the top pane:

No.: This is the number order of the packet captured. The bracket indicates that this

packet is part of a conversation.

Time: This column shows how long after you started the capture this particular packet

was captured. You can change this value in the Settings menu to display a different

option.

Source: This is the address of the system that sent the packet.

Destination: This is the address of the packet destination.

Protocol: This is the type of packet. For example: TCP, DNS, DHCPv6, or ARP.

Length: This column shows you the packet’s length, measured in bytes.

Info: This column shows you more information about the packet contents, which will vary
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

depending on the type of packet.

Packet Details, the middle pane, shows you information about the packet depending on the

packet type. You can right-click and create filters based on the highlighted text in this field.

The bottom pane, Packet Bytes, displays the packet exactly as it was captured in hexadecimal.

When looking at a packet that is part of a conversation, you can right-click the packet and select

Follow to see only the packets that are part of that conversation.

Wireshark filters

Filters allow you to view the capture the way you need to see it to troubleshoot the issues at

hand. Below are several filters.

Wireshark capture filters

Capture filters limit the captured packets by the chosen filter. If the packets don’t match the

filter, Wireshark won’t save them. Examples of capture filters include:

a. host IP-address: This filter limits the captured traffic to and from the IP address

b. net 192.168.0.0/24: This filter captures all traffic on the subnet

c. dst host IP-address: Capture packets sent to the specified host

d. port 53: Capture traffic on port 53 only

e. port not 53 and not arp: Capture all traffic except DNS and ARP traffic

Wireshark display filters

Wireshark display filters change the view of the capture during analysis. After you’ve stopped

the packet capture, use display filters to narrow down the packets in the Packet List to
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering
troubleshoot
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

your issue.

a. ip.src==IP-address and ip.dst==IP-address This filter shows packets sent from one

computer (ip.src) to another (ip.dst). You can also use ip.addr to show packets to and

from that IP.

b. tcp.port eq 25: This filter will show you all traffic on port 25, which is usually SMTP traffic

c. icmp: This filter will show you only ICMP traffic in the capture, most likely they are pings

d. ip.addr != IP_address: This filter shows you all traffic except the traffic to or from the

specified computer
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Experiment No:2

Aim: Detecting Suspicious Activity: Analyze network traffic to identify suspicious patterns,
such as repeated connection attempts or unusual communication between hosts.

Solution:

HTTPS traffic analysis

The Hypertext Transfer Application Layer Protocol (HTTP) utilizes the internet to establish
protocols whenever the HTTP client/server transmits/receives HTTP requests.

Start a Wireshark capture -> Open a web browser -> Navigate to any HTTPS-based website ->
Stop the Wireshark capture.

Input ' ssl' in the filter box to monitor only HTTPS traffic -> Observe the first TLS packet -> The
destination IP would be the target IP (server).

TCP traffic analysis

A standard port scan takes advantage of the TCP three-way handshake. The attacker sends the
SYN packet to the target port. The port is considered open when he gets SYN+ACK as a response,
whereas the arrival of RST shows the port is closed. After receiving SYN+ACK, the hacker would
send an ACK packet to establish a TCP connection.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Analyze TCP SYN traffic

Input ‘tcp.port == 80’ to see only TCP traffic connected to the webserver connection.

Observe the TCP [SYN] packet. Expand Ethernet and observe the destination address that is
the default gateway address; whereas, the source is your own MAC address.

To check the IP details, observe Internet Protocol Version 4; in our case, the destination IP is
Googles' web server IP, and the source IP is the local IP address.

To view TCP details, observe Transmission Control Protocol, like port numbers. Monitor the
flag values. SYN, which is enabled, shows the initial section of the TCP three-way handshake.

Analyze TCP SYN, ACK traffic

Take a look at the TCP [SYN, ACK] packet. Expand Ethernet and observe the destination
address now would be your own MAC address; whereas the source is the default gateway
address.

Monitor the acknowledgement code. It's worth noting that the number is one relative ACK
number. The real acknowledgement value is one higher than the previous segment's identifier.

Monitor the flag values. [SYN, ACK], which is enabled, shows the second section of the TCP
three-way handshake.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Analyze SYN flood attack

SYN flood occurs when an attacker delivers a substantial amount of SYN packets to a server using
fake IPs, causing the server to respond with an SYN+ACK and keep its ports partially open,
expecting a response from an invisible client.

By overwhelming a victim with SYN packets, an attacker can effectively overrun the victim's
resources. In this state, the victim fights with traffic, which causes processor and memory usage
to rise, eventually exhausting the victim's resources.

Use the hping3 tool to flood the victim IP. Simultaneously, start capturing the traffic on
Wireshark. Input 'tcp.flags.syn == 1' in the filter box to view SYN packets flood.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Notice a lot of SYN packets with no time lag.

Analyze DoS attacks

Let’s simulate a Denial of Service (DoS) attack to analyze it via Wireshark.
For the demo, I am using the macof tool, the component of the Dsniff suit
toolkit, and flooding a surrounding device's switch with MAC addresses.

The image below shows IP address is generating requests to another device

with the same data size repeatedly. This sort of traffic shows a standard
network DoS attack.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

For a DDoS attack, use the macof tool again to generate traffic. Observe the
fake source and destination IP addresses are sending many packets with similar
data sizes.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Experiment No:4

Aim:Password Sniffing: Simulate a scenario where a password is transmitted

in plaintext. Use Wireshark to capture and analyze the packets to demonstrate
the vulnerability and the importance of encryption.
Solution:
Password Sniffing:-Password sniffing is a type of network attack in which an
attacker intercepts data packets that include passwords. The attacker then uses a password-
cracking program to obtain the actual passwords from the intercepted data.Password
sniffing can be used to obtain passwords for any type of account, including email, social
media, and financial accounts.

Step 1:First of all, open your Wireshark tool in your window or in

Linux virtual machine. and start capturing the network. suppose
you are capturing your wireless fidelity.

Step:2 After starting the packet capturing we will go to the

website and login the credential on that website as you can see in
the image.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Step-3: Now after completing the login credential we will go and

capture the password in Wireshark. for that we have to use some
filter that helps to find the login credential through the packet
capturing.

Step 4: Wireshark has captured some packets but we specifically

looking for HTTP packets. so in the display filter bar we use some
command to find all the captured HTTP packets. as you can see in
the below image the green bar where we apply the filter.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Step 5: So there are some HTTP packets are captured but we

specifically looking for form data that the user submitted to the
website. for that, we have a separate filter .
As we know that there are main two methods used for submitting
form data from web pages like login forms to the server. the
methods are-
● GET

● POST

Step 6: So firstly for knowing the credential we use the first

method and apply the filter for the GET methods as you can see
below.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

As you can see in the image there are two packets where the login
page was requested with a GET request as well, but there is no
form data submitted with a GET request.

Step 7: Now after checking the GET method if we didn’t find the
form data, then we will try the POST method for that we will apply
the filter on Wireshark as you can see.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

As you can see we have a packet with form data click on the packet
with user info and the application URL encoded. and click on the
down-

HTML form URL Encoded where the login credential is found. login
credential as it is the same that we filed on the website in step 2.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

Experiment No:5

Aim: ARP Poisoning Attack: Set up an ARP poisoning attack using tools like Ettercap. Analyze
the captured packets to understand how the attack can lead to a Man-in-the-Middle scenario.

Solution:

1. Open Ettercap.

2. Go to pul-ldown menu that says "Sniff" and click on "Unified Sniffing".

When we do that, it opens a new window asking us what interface we want to use and defaults
to eth0.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

3. Click "OK", ettercap launches it sniffing and loads its plugins.

4. Click on the "Hosts" tab and you will see a menu that includes "Scan for Hosts". Click on it and ettercap w
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

5. Now, using that same "Hosts" tab, click on "Hosts List". This will display all the
hosts that ettercap has discovered on your network as seen in the
screenshot below.

6. Now, select one of the hosts that will be the target of this attack in the
window by clicking on it and then click on "Add to Target 1" at the
bottom of the window. When you do so, ettercap will add that host as
the first target in our MiTM attack as seen in the screenshot below.
Next, select the second host in this attack and then click "Add to Target
2".

7. Finally, go to the menu above and click on MITM tab and the drop down
menu will have a selection called "ARP Poisoning" as seen in the
screenshot below.
 [Approved by AICTE, Govt. of India & Affiliated to Dr. APJ
Abdul Kalam Technical University, Lucknow, U.P., India]
Department of Applied Computational Science & Engineering

8. Select it and it will open a pop window like below. Select "Sniff remote
connections".When we press OK, ettercap will begin ARP poisoning and you will see

Now, we have successfully placed ourselves between the two targets systems and
all
their traffic must flow through us.