JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ex:No:01
IMPLEMENTINGSYMMETRICKEY ALGORITHM

AIM

To implement symmetric encryption cryptography using the Java

programminglanguage.

PROCEDURE:
1. ClassSecureRandom: Thisclasshelpsgeneratea securerandomnumber.
2. Class KeyGenerator:This class provides the functionality for key generator.
The following are the standard KeyGenerator algorithms with the key sizes.
3. Approachtogeneratesymmetrickey:Thefollowingstepscanbefollowed in
order to generate a symmetric key.
 Create a secrete key usingSecureRandom classin java which is used to
generate a random number. This will be used to Encrypt and Decrypt the
data.
 The KeyGenerator class will provide a getInstance()method which canbe
used to pass a string variable which denotes the Key Generation
Algorithm. It returns a KeyGenerator Object.
4. EncryptionandDecryptionusingthesymmetrickey: Thefollowingsteps can
be followed in order to perform the encryption and decryption.
 Create the Initialization vector that is required to avoid repetition during
the encryption process. This is basically a random number. The cipher
class provides two functionalities the Encryption and Decryption.
 Finally doFinal()methodis invokedoncipher whichEncrypts or decrypts
data in a single-part operation, or finishes a multiple-part operation and
returns a byte array.

PROGRAM

//Javaprogramtoimplementthe//encryptionanddecryption

import java.security.SecureRandom;

import java.util.Scanner;

importjavax.crypto.Cipher;
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

importjavax.crypto.KeyGenerator;

import javax.crypto.SecretKey;

importjavax.crypto.spec.IvParameterSpec;

import javax.xml.bind.DatatypeConverter;

// Creating the symmetric

//classwhich implements

// the symmetric

publicclasssymmetric{

privatestaticfinal StringAES = "AES";

//We areusing aBlock cipher(CBCmode)

privatestaticfinalStringAES_CIPHER_ALGORITHM=
"AES/CBC/PKCS5PADDING";

privatestaticScannermessage;

// Function to create a

//secret key

publicstaticSecretKeycreateAESKey()

throws Exception

SecureRandom securerandom = new SecureRandom();

KeyGeneratorkeygenerator=KeyGenerator.getInstance(AES);

keygenerator.init(256, securerandom);

SecretKeykey=keygenerator.generateKey();

return key;

}
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

//Function toinitialize avector

//with an arbitraryvalue

publicstaticbyte[] createInitializationVector()

//Usedwith encryption

byte[] initializationVector = new byte[16];

SecureRandomsecureRandom=newSecureRandom();
secureRandom.nextBytes(initializationVector);

return initializationVector;

//This functiontakes plaintext,

// the keywith aninitialization

//vector toconvert plainText

// into CipherText.

public static byte[] do_AESEncryption( String plainText,

SecretKey secretKey, byte[] initializationVector) throws Exception

Cipher cipher =
Cipher.getInstance(AES_CIPHER_ALGORITHM);

IvParameterSpec ivParameterSpec = new IvParameterSpec(

initializationVector);

cipher.init(Cipher.ENCRYPT_MODE, secretKey,
ivParameterSpec);

returncipher.doFinal(plainText.getBytes());

//Thisfunctionperformsthe
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

// reverseoperation of the

//do_AESEncryptionfunction.

//It converts ciphertext to

// the plaintext using the key.

publicstaticStringdo_AESDecryption(byte[]cipherText,SecretKey
secretKey, byte[] initializationVector)

throws Exception

Cipher cipher = Cipher.getInstance

(AES_CIPHER_ALGORITHM);

IvParameterSpecivParameterSpec=newIvParameterSpec(
initializationVector);

cipher.init(Cipher.DECRYPT_MODE, secretKey,
ivParameterSpec);

byte[]result=cipher.doFinal(cipherText);

return new String(result);

// Driver code

publicstaticvoidmain(Stringargs[])

throws Exception

SecretKey Symmetrickey = createAESKey();

System.out.println("The Symmetric Key is :"+

DatatypeConverter.printHexBinary( Symmetrickey.getEncoded()));

byte[]initializationVector= createInitializationVector();
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Stringplaintext ="Thisis the message "+"I want To Encrypt.";

//Encrypting the message

//usingthesymmetric key

byte[] cipherText = do_AESEncryption(plainText,

Symmetrickey, initializationVector);

System.out.println("Theciphertextor"+"EncryptedMessageis:"
+DatatypeConverter.printHexBinary(cipherText));

// Decryptingtheencrypted

//message

StringdecryptedText=do_AESDecryption(cipherText, Symmetrickey,
initializationVector);

System.out.println( "Your original message is: " +

decryptedText);

}
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

OUTPUT:

Observation
Viva-Voce
Record
Total

RESULT:

Thus,theprogramimplementsasymmetrickeyalgorithmusingjavaand successfully
verified the output.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ex:No:02(a)
IMPLEMENTINGASYMMETRICKEYALGORITHM

AIM

ToimplementasymmetrickeyalgorithmusingtheJavaprogramming
language.

PROCEDURE:
1. To generate a keypair(public, private). The following steps can be followed
in order to generate asymmetric key:
 Weneedtofirstgeneratepublic&privatekeyusingtheSecureRandom class.
SecureRandom class is used to generate random number.
 The KeyGenerator classwill provide getInstance() method which can be
used to pass a string variable which denotes the Key Generation
Algorithm.ItreturnsKeyGeneratorObject.WeareusingRSAalgorithm for
generating the keys.

 Initializing the keyGenerator object with 2048 bits key size and
passingthe random number.

 Now, the secret key is generated and if we wish to actually see the
generated key which is an object, we can convert it into hexbinary format
using DatatypeConverter.

2. EncryptionandDecryptionusingtheasymmetric key:Intheabovesteps, we
have created the public & private keys for Encryption and Decryption. Now,
let us implement Asymmetric Encryption using the RSA algorithm. The
following steps can be followed in order to implement the encryption and
decryption.
 The cipher class is used for two different modes the encryption and
decryption. As Asymmetric encryption uses different keys, we use the
private key for encryption and the public key for decryption.

 ThedoFinal()method is invoked on cipher which encrypts/decrypts data

inasingle-partoperation,orfinishesa multiple-partoperationandreturns byte
array.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

 FinallywegettheCiphertextafterEncryptionwith
ENCRYPT_MODE.

PROGRAM
// Java programtoperformthe

// encryption and decryption

//usingasymmetrickey

package java_cryptography;

importjava.security.KeyPair;

importjava.security.KeyPairGenerator;

import java.security.PrivateKey;import

java.security.PublicKey;

importjava.security.SecureRandom;

import java.util.Scanner;

importjavax.crypto.Cipher;

import javax.xml.bind

.DatatypeConverter;

publicclassAsymmetric{

privatestaticfinal StringRSA

="RSA";

privatestaticScanner sc;
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

// Generating public & private keys

//usingRSA algorithm.

publicstaticKeyPairgenerateRSAKkeyPair()

throws Exception

SecureRandomsecureRandom

= new SecureRandom();

KeyPairGeneratorkeyPairGenerator

= KeyPairGenerator.getInstance(RSA);

keyPairGenerator.initialize(

2048, secureRandom);

returnkeyPairGenerator

.generateKeyPair();

//Encryption functionwhich converts

//the plainTextinto a cipherText

//using private Key.

publicstaticbyte[]do_RSAEncryption(

String plainText,

PrivateKeyprivateKey)

throws Exception

{
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ciphercipher

= Cipher.getInstance(RSA);

cipher.init(

Cipher.ENCRYPT_MODE,privateKey);

return cipher.doFinal(

plainText.getBytes());

//Decryption functionwhich converts

// the ciphertext back to the

// original plaintext.

publicstaticStringdo_RSADecryption(

byte[] cipherText,

PublicKeypublicKey)

throws Exception

Ciphercipher

= Cipher.getInstance(RSA);

cipher.init(Cipher.DECRYPT_MODE,

publicKey);

byte[]result
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

= cipher.doFinal(cipherText);

return newString(result);

// Driver code

publicstaticvoidmain(Stringargs[])

throws Exception

KeyPairkeypair

= generateRSAKkeyPair();

String plainText= "Thisis thePlainText "

+ "I want to Encrypt using RSA.";

byte[]cipherText

= do_RSAEncryption(

plainText,

keypair.getPrivate());

System.out.println(

"ThePublicKey is: "

+ DatatypeConverter.printHexBinary(

keypair.getPublic().getEncoded()));
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

System.out.println(

"The Private Keyis:"

+ DatatypeConverter.printHexBinary(

keypair.getPrivate().getEncoded()));

System.out.print("TheEncryptedTextis:");

System.out.println(

DatatypeConverter.printHexBinary(

cipherText));

String decryptedText

= do_RSADecryption(

cipherText,

keypair.getPublic());

System.out.println(

"Thedecrypted text is: "

+ decryptedText);

}
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

OUTPUT:

Observation
Viva-Voce
Record
Total

RESULT:

Thus,theprogramimplementsanasymmetricencryptionusingjavaand successfully
verified the output.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ex:No:2(b)
IMPLEMENTINGKEYEXCHANGEALGORITHM
(DIFFIE-HELLMAN ALGORITHM)

AIM

To Implementation of Key Exchange Algorithm (Diffie-Hellman Algorithm)

using java program

PROCEDURE:

The Diffie-Hellman algorithm is being used to establish a shared secret that can
beusedfor secretcommunications whileexchangingdataoverapublicnetwork
using the elliptic curve to generate points and get the secret key using the
parameters.

 For the sake of simplicity and practical implementation of the algorithm,

we will consider only 4 variables, one prime P and G (a primitive root of
P) and two private values a and b.

 P and G are both publicly available numbers. Users (say Alice and Bob)
pick private values a and b and they generate a key and exchange it
publicly. The opposite person receives the key and that generates a secret
key, after which they have the same secret key to encrypt.

Step1: Alice andBob get publicnumbers P =23, G= 9

Step2: Alice selecteda private keya = 4 and Bob selectedaprivate key b = 3

Step 3: Alice and Bob compute public valuesAlice:

x=(9^4mod23)=(6561mod23)=6

Bob: y =(9^3mod23)=(729mod23)= 16

Step4: Alice andBob exchange public numbers

 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Step5:Alicereceivespublickeyy=16and Bob

receives public key x = 6

Step 6: Alice and Bob compute symmetric keys

Alice:ka=y^amodp=65536mod23=9 Bob:

kb = x^b mod p = 216 mod 23 = 9

Step7: 9 is the shared secret.

PROGRAM

//This programcalculatesthe Keyfor two persons

//usingtheDiffie-HellmanKeyexchangealgorithm class

GFG {

//Powerfunctiontoreturnvalueofa^bmodP

privatestatic longpower(long a,long b,long p)

if(b == 1)

returna;

else

return(((long)Math.pow(a,b))%p);

// Driver code

publicstaticvoidmain(String[] args)
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

longP, G,x, a, y,b, ka, kb;

//Both the personswill be agreed upon the

// publickeysG and P

//AprimenumberPistaken P =

23;

System.out.println("ThevalueofP:"+ P);

//AprimitiverootforP,Gistaken G =

9;

System.out.println("ThevalueofG:"+ G);

//Alice will choosethe private keya

//aisthechosenprivatekey a =

4;

System.out.println("TheprivatekeyaforAlice:"

+ a);

//Getsthegeneratedkey x

= power(G, a, P);

//Bob will choose the private keyb

 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

//bisthechosenprivatekey b

= 3;

System.out.println("TheprivatekeybforBob:"

+ b);

//Getsthegeneratedkey y

= power(G, b, P);

//Generatingthe secretkeyafterthe exchange

//ofkeys

ka=power(y,a,P);//SecretkeyforAlice kb =

power(x, b, P); // Secret key for Bob

System.out.println("Secretkey fortheAliceis:"

+ ka);

System.out.println("SecretkeyfortheBobis:"

+ kb);

}
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

OUTPUT

Observation
Viva-Voce
Record
Total

RESULT:
Thus,theprogramimplementsaKeyExchangeAlgorithm(DHalgorithm) using
java and successfully verified the output.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ex:No:03
IMPLEMENTINGDIGITALSIGNATURES

AIM

ToImplementationofDigital Signaturesusingjava program.

PROCEDURE:

Let us implement the digital signature using algorithms SHA and RSA and also
verify if the hash matches with a public key.

1. Create a method named Create_Digital_Signature() to implement Digital

Signature by passing two parameters input message and the private key. In
this method we will get an instance of the signature object passing the
signing algorithm and assign it with a private key and finally pass the input
this will return byte array.

2. The next step is to generate asymmetric key pair using RSA algorithm and
SecureRandom class functions.

3. Finally verifying the signature using public key. Verify_Digital_Signature()

method is used to check whether the signature matches by passing it the
input, signature, and public key.

PROGRAM:

//JavaimplementationforGenerating

//and verifying the digital signature

packagejava_cryptography;

// Imports

importjava.security.KeyPair;
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

importjava.security.KeyPairGenerator;

import java.security.PrivateKey;import

java.security.PublicKey;

importjava.security.SecureRandom;

import java.security.Signature;

import java.util.Scanner;

importjavax.xml.bind.DatatypeConverter;

publicclassDigital_Signature_GeeksforGeeks{

// Signing Algorithm

privatestaticfinalString

SIGNING_ALGORITHM

= "SHA256withRSA";

privatestaticfinalStringRSA="RSA";

private static Scanner sc;

//FunctiontoimplementDigitalsignature

//usingSHA256 andRSA algorithm

//by passingprivatekey.

publicstaticbyte[]Create_Digital_Signature(

byte[] input,

PrivateKeyKey)
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

throws Exception

Signature signature

= Signature.getInstance(

SIGNING_ALGORITHM);

signature.initSign(Key);

signature.update(input);

return signature.sign();

//Generatingthe asymmetrickeypair

// using SecureRandom class

//functionsand RSA algorithm.

publicstaticKeyPairGenerate_RSA_KeyPair()

throws Exception

SecureRandomsecureRandom

= new SecureRandom();

KeyPairGeneratorkeyPairGenerator

= KeyPairGenerator

.getInstance(RSA);

keyPairGenerator

.initialize(

2048, secureRandom);
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

returnkeyPairGenerator

.generateKeyPair();

//Function forVerification ofthe

//digitalsignaturebyusingthepublickey public

static boolean Verify_Digital_Signature(

byte[]input,

byte[]signatureToVerify,

PublicKey key)

throws Exception

Signature signature

= Signature.getInstance(

SIGNING_ALGORITHM);

signature.initVerify(key);

signature.update(input);

return signature

.verify(signatureToVerify);

// Driver Code

publicstaticvoidmain(String args[])
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

throws Exception

String input

="GEEKSFORGEEKS IS A"

+"COMPUTERSCIENCEPORTAL";

KeyPairkeyPair

= Generate_RSA_KeyPair();

//FunctionCall

byte[]signature

=Create_Digital_Signature(

input.getBytes(),

keyPair.getPrivate());

System.out.println(

"Signature Value:\n "

+ DatatypeConverter

.printHexBinary(signature));

System.out.println("Verification: "+ Verify_Digital_Signature(

input.getBytes(), signature, keyPair.getPublic()));

}
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

OUTPUT:

Observation
Viva-Voce
Record
Total

RESULT:

Thus,theprogramimplementsaDigitalSignatureSchemeusingjavaand successfully
verified the output.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ex:No:04 INSTALLATION OF WIRESHARK, TCPDUMP AND

OBSERVE THE DATA TRANSFERRED IN CLIENT
SERVERCOMMUNICATIONUSINGTCP/UDPAND
IDENTIFY THE TCP/UDP DATAGRAM.

AIM

To installation of wire shark, tcpdump observe the data transfer in client server
communication using TCP/UDP and identify the TCP/UDP datagram.

PROCEDURE

InstallationofWireshark Software

Beloware thestepstoinstall theWire sharksoftwareonthecomputer:

1 Opentheweb browser.

2 Searchfor 'DownloadWire shark.'

3 SelecttheWindowsinstalleraccordingtoyoursystemconfiguration, either
32-bt or 64-bit. Save the program and close the browser.

4 Now,openthesoftware,andfollowtheinstallinstructionbyaccepting the
license.

5 TheWire sharkis ready for use.

 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Thescreen/interface of the Wire sharkis divided into five parts:

o First part contains a menu bar and the options displayed below it. This
part is at the top of the window. File and the capture menus options are
commonly used in Wire shark. The capture menu allows to start the
capturing process. And the File menu is used to open and save a capture
file.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

o The second part is the packet listing window. It determines the packet
flow or the captured packets in the traffic. It includes the packet number,
time, source, destination, protocol, length, and info. We can sort the
packet list by clicking on the column name.

o Next comes the packet header- detailed window. It contains detailed

information about the components of the packets. The protocol info can
also be expanded or minimized according to the information required.

o The bottom window called the packet contents window, which displays
the content in ASCII and hexadecimal format.

o At last, is the filter field which is at the top of the display. The captured
packets on the screen can be filtered based on any component according
to your requirements. For example, if we want to see only the packets
with the HTTP protocol, we can apply filters to that option. All the
packets with HTTP as the protocol will only be displayed on the screen,
shown below:

Afterconnecting, you canwatchthe traffic below:

 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Basicconcepts ofthe NetworkTraffic

IP Addresses:It was designed for the devices to communicate with each other on
a local network or over the Internet. It is used for host or network interface
identification. It provides the location of the host and capacity of establishing
the path to the host in that network. Internet Protocol is the set of predefined
rules or terms under which the communication should be conducted. The types
of IP addresses are IPv4 and IPv6.

o IPv4isa32-bitaddressinwhicheachgrouprepresents8bitsranging from 0 to
255.

o IPv6 is a128-bit address.

JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Wiresharkpacketsniffing
o OpentheWireshark Application.

o Select the current interface. Here in this example, interface is Ethernet

that we would be using.

o The network traffic will be shown below, which will be continuous. To

stop or watch any particular packet, you can press the red button below
the menu bar.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

I/OGRAPHS
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

the stepsto understand the TCP Streamgraphs:

o Openthe Wireshark. Clickon the interface towatch the network traffic.

o Apply thefilter as'tcp.'

o Click on the option 'Statistics 'on the menu bar and select 'TCP Stream
graphs' and select 'Time sequence (tcptrace). You can also choose other
options in the 'TCP Stream graphs' category depending on your
requirements. Now the screen will look as:
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

WIRESHARK DECRYPTION
Thedecryptionprocessisusedforthedatatobeinareadableformat.Beloware the steps
for the decryption process.

o Open the Wireshark and then select the particular interfaceas

explained above.

o Goto the'Edit' optionand selectthe'Preferences'option.

o Adialogue willappear asshown below:

JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

o Selectthe 'Protocol'option inthe left column.

o From the drop-down list, select the 'IEEE 802.11' option.

Check the box of decryption and click on the Edit option
under it.

o Aboxwillappear.Clickontheoptionshownbelow:

o Selecttheoptionwpa-pwdandsetthepassword accordingly.

o Thedata will be decrypted.

o But the above decryption process is only possible if there isa

proper handshake.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Observation
Viva-Voce
Record
Total

RESULT:

Thus, the installation of wire shark, tcpdump observes the data transfer in client
server communication using TCP/UDP and identify the TCP/UDP datagram
successfully install and output is verified.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ex:No:05
CHECKMESSAGEINTERGRITYAND
CONFIDENTIALITY USING SSL

AIM:

ToCheckMessageIntergrityAndConfidentiality UsingSSL.

PROCEDURE:

Installing&ConfiguringHTTPwithSSL(HTTPS)
PublicKeyCryptography(AsymmetricCryptography)
In public key cryptography, a matching pair of keys is used; one for encryption
and the other for decryption. One of the key is called the public key (can be
published or sent over the network and known to all users). The other is called
the private key (kept secretly by the owner).
KE≠ KD

In some public-key algorithms, such as RSA, both keys can be used for
encryption. In other algorithms, one key is for encryption only and the other for
decryption.
Handshaking-KeyExchange
Oncetheciphersuittobeusedarenegotiatedandagree-upon,theclientand server will
establish a session key:
1. Theclientusesserver'spublickeytoencryptasecretandsendstothe server.
2. Only the server has the matching private key to decrypt the secret (not the
Eavesdroppers).
3. Theclientandserverthenusethissecrettogenerateasessionkey independently
and simultaneously.
Thissessionkeywouldthenbeusedforsecurecommunicationforthis particular
communication session

1. Theclientgeneratesa48-byte(384-bit)randomnumber
calledpre_master_secret, encrypts it using the verified server's public key
and sends it to the server.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

2. Server decrypts thepre_master_secretusing its own private key.

Eavesdroppers cannot decrypt the pre_master_secret, as they do not
possess the server's private key.
3. Clientandserver thenindependently and simultaneously createthesession
key,basedonthepre_master_secret,client_randomandserver_random.
Noticethatboththeserverandclientcontributetothesessionkey,through the
inclusion of the random number exchange in the hello messages.
Eavesdroppers can interceptclient_randomandserver_randomas they are
sent in plaintext, but cannot decrypt the pre_master_secret.
4. In a SSL/TLS session, the session key consists of 6 secret keys (to thwart
crypto-analysis). 3 secret keys are used for client-to-server messages, and
theother3secretkeysareusedforserver-to-clientmessages.Amongthe3 secret
keys, one is used for encryption (e.g., DES secret key), one is used for
message integrity (e.g., HMAC) and one is used for cipher initialization.
(Cipher initialization uses a random plaintext called Initial Vector (IV) to
prime the cipher pump.)
5. Client and server use the pre_master_secret(48-byte random number
created by the client and exchange
securely),client_random,server_random, and a pseudo-random function
(PRF)togeneratea master_secret.Theycanuse
themaster_secret,client_random,server_random, and the pseudo-random
function (PRF) to generate all the 6 shared secret keys. Once the secret
keys are generated, thepre_master_secretis no longer needed and should be
deleted.
6. Fromthis point onwards, all the exchanges are encrypted using the session
key.
7. The client sends Finished handshake message using their newly created
session key. Server responds with a Finished handshake message.
MessageExchange
Clientandservercanusetheagreed-uponsessionkey(consistsof6secretkeys) for
secure exchange of messages.
Sendingmessages:
1. Thesendercompressesthemessageusingtheagreed-uponcompression method
(e.g., PKZip, gzip).
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

2. The sender hashes the compressed data and the secret HMAC key to make
an HMAC, to assure message integrity.
3. The sender encrypts the compressed data and HMAC using
encryption/decryption secret key, to assure message confidentiality.
Retrievemessages:
1. The receiver decrypts the ciphertext using the encryption/decryption secret
key to retrieve the compressed data and HMAC.
2. The receiver hashes the compressed data to independently produce the
HMAC. It then verifies the generated HMAC with the HMAC containedin
the message to assure message integrity.
3. The receiver un-compresses the data using the agreed-upon compression
method to recover the plaintext.
OUTPUT

>openssls_client?
(Display theavailableoptions)

The following command turns on the debug option and forces the protocol to be
TLSv1:
>openssls_client -connectlocalhost:443-CAfileca.crt-debug -tls1

Loading'screen'intorandomstate-done
CONNECTED(00000760)

writeto 00988EB0 [009952C8](102 bytes=> 102 (0x66))

0000 - 16 03 01 00 61 01 00 00-5d 03 01 40 44 35 27 5c ....a...]..@D5'\
0010- 5a e8 74 26 e9 49 37e2-06 3b 1c 6d 77 37 d1 ae Z.t&.I7..;.mw7..
0020- 44 07 86 4798 fa 84 1a-8d f472 00 00 36 00 39 D..G. .... r..6.9
0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f .8.5.......3.2./
0040 - 00 07 00 66 00 05 00 04-00 63 00 62 00 61 00 15 ...f.....c.b.a..
0050 - 00 12 00 09 00 65 00 64-00 60 00 14 00 11 00 08 .....e.d.`......
0060 - 00 06 00 03 01 .....
0066 - <SPACES/NULS>

readfrom00988EB0[00990AB8](5bytes=>5(0x5))
0000 - 16 03 01 00 2a ......................................*
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

readfrom00988EB0[00990ABD](42bytes=>42(0x2A))
0000- 02 00 00 26 03 01 40 44-35 27 cc ef2b 51 e1b0 ...&..@D5'..+Q..
0010 - 44 1fefc483 72 df37-4f9b2b dd 11 50 13 87 D. .. r.7O.+..P..
0020- 91 0a a2 d2 28 b9 00 00-16 ....(....
002a - <SPACES/NULS>

readfrom00988EB0[00990AB8](5bytes=>5(0x5))
0000 - 16 03 01 02 05 .....

read from 00988EB0 [00990ABD] (517 bytes => 517 (0x205))

0000 - 0b 00 02 01 00 01 fe 00-01 fb 30 82 01 f7 30 82 ..........0...0.
0010- 01 60 02 01 01 30 0d06-09 2a 86 48 86 f7 0d01 .`...0...*.H....
0020 - 01 04 05 00 30 4d 31 0b-30 09 06 03 55 04 06 13 ....0M1.0...U...
0030- 02 55 53 31 10 30 0e 06-03 55 04 0b 13 07 74 65 .US1.0...U. .. te
0040- 73 74 31 30 31 31 0c 30-0a 06 03 55 04 03 13 03 st1011.0...U....
0050- 63 68 63 311e 30 1c 06-09 2a86 48 86 f7 0d01 chc1.0...*.H....
0060- 09 01 16 0f63 68 63 40-74 65 73 74 31 30 31 2e ........chc@test101.
0070- 63 6f6d 30 1e 17 0d 30-34 30 32 32 36 30 36 35 com0. . 040226065
0080- 36 35 34 5a 17 0d 30 35-30 32 32 35 30 36 35 36 654Z0502250656
0090- 35 34 5a 30 3b 31 0b 30-09 06 03 55 04 06 13 02 54Z0;1.0...U....
00a0- 55 53 31 0c 30 0a 06 03-55 04 03 13 03 63 68 63 US1.0...U. .. chc
00b0- 31 1e 30 1c 06 09 2a86-48 86 f7 0d 01 09 0116 1.0...*.H.......
00c0- 0f63 68 63 40 74 65 73-74 31 30 31 2e 63 6f 6d [email protected]
00d0- 30 81 9f300d 06 09 2a-86 4886 f7 0d 01 0101 0..0...*.H......
00e0 - 05 00 03 81 8d 00 30 81-89 02 81 81 00 cd e4 9e ......0.........
00f0- 7c b6 d2 344e d3 53 46-25 c753 88 25 60 e6 46 |..4N.SF%.S.%`.F
0100 - db 64 3a 73 61 92 ac23-92 cd 2c 94 a9 8fc67f .d:sa..#..,.....
0110 - 47 73 c0 d9 8d 34 b7 2c-dd c9 86 bd 82 6f ce ac Gs...4.,.....o..
0120 - d8 e2 ba 0f e5 f5 3a 67-2c 89 1a 1b 03 eb 21 85 ......:g,. ... !.
0130- 28 e3 2998 84 ed 4675-82 fa 0f30 a3 a9 a571 (.)...Fu...0. . q
0140- 46 4c d6 0d 17 c4 19fd-44 fb e2 18 46 a6 9d ab FL......D...F...
0150- 91 de 6b a1 7ffe 3006-28 5d d8 d3 29 00 c3 1d ..k...0.(]..)...
0160- 4c 13 00 618ff3 85 51-f5 68d8 69 25 02 03 01 L..a...Q.h.i%...
0170- 00 01 30 0d06 09 2a 86-48 86f7 0d 01 01 0405 ..0...*.H.......
0180- 00 03 81 8100 29 fd bf-5a ed70 8f53 a4 e9 14 .....)..Z.p.S...
0190 - 4c 5e ba84 c6 54 1b f2-c0 3c c4 30 0f7f12 80 L^...T...<.0....
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

01a0- 4e 01 b7fd39 50 f141-0d d8 aa 77d9 87 25 1a N...9P.A...w..%.

01b0 - 1e e2 97 88 4f53 75 c8-70 22 6a 01 61 0f513e ......... OSu.p"j.a.Q>
01c0- 13 19 9c 64f2 76 14 e8-85 2523 a2 11 c4 8cf8 ...d.v...%#.....
01d0- 23 2c d1 c3d3 71 3ae6-71 5410 07 dc 72 ff ee #,...q:.qT...r..
01e0- e8 3ecf8e7773 e9 9f-f59a90 604d a0 aa03 .>..ws.....`M...
01f0- 32 1f11 6f2e 9a 5f3c-77 05 22 0c 81 bf29 96 2..o.._5 (0x5))
0000 - 16 03 01 01 8d .....

read from 00988EB0 [00990ABD] (397 bytes => 397 (0x18D))

0000 - 0c 00 01 89 00 80 e6 96-9d 3d 49 5b e3 2c 7c f1 ...........=I[.,|.
0010- 80 c3 bd d4 79 8e 91 b7-81 82 51 bb 05 5e 2a 20 ....y.....Q..^*
0020- 64 90 4a 79 a7 70 fa15-a2 59 cb d5 23 a6 a6 ef d.Jy.p...Y..#...
0030 - 09 c430 48 d5 a2 2f97-1f3c 20 12 9b 48 000e ..0H../..<..H..
0040- 6e dd 06 1c bc05 3e 37-1d 79 4e 53 27 df611e n.... >7.yNS'.a.
0050 - bb be 1b ac 9b 5c 60 44-cf 02 3d 76 e0 5e ea 9b .....\`D..=v.^..
0060- ad 99 1b 13 a6 3c97 4e-9e f1 83 9e b5 db 12 51 .....<.N. ..... Q
0070- 36 f7 26 2e56 a8 87 15-38 dfd8 23 c6 50 5085 6.&.V...8..#.PP.
0080- e2 1f0d d5 c8 6b 0001-02 00 80 11 3f5f fae4 .....k......?_..
0090- 79 9a 0b d9 e0 67 37 c4-2a 88 22 b0 95 b7 a7 be y....g7.*.".....
00a0 - 93 79 9d 51 ae 31 47 99-df47 dd 80 5e 3d 2a 4a .y.Q.1G..G..^=*J
00b0- 29 8b fd c163 5e 48 e8-e3 fdac 95 1b 3a 5f75 )...c^H......:_u
00c0- 98 2d 3c 9c ba68 18 7b-be 38 2c 69 3d 41 b7 c3 .-<..h.{.8,i=A..
00d0- 08 a1 dab0 a8 a4 fe9a-d6 1e 56 ff4c 8c 6e6b................. V.L.nk
00e0- 18 f1 ec 9d 22 a9 90 27-c1 c62c0e bd 0e 13 d4 ...."..'..,.....
00f0- fd b2 c98f 6fbb 8e06-e0 b51ff787 03 5fa8 ....o. ....... _.
0100- 12 4fbbceba f1 76fb-80 0837 0080 30 99 ad .O....v...7..0..
0110 - 9b fc 3a 14 6b a8 2c c5-fe 7b bd 1c 92 ec 19 a6 ..:.k.,..{......
0120- 75 2d 69 4e f4 9f74 60-5d d4 3e 06 97 38 bc b5 u-iN..t`].>..8..
0130- 0e 3c 1ff299 e6 554a-36 42 a8 f2b7 32 2a 1e .<....UJ6B. . 2*.
0140- a3 87 b3f3 79 43 28d1-7a 0d db 7c11 26 f368 ....yC(.z..|.&.h
0150- b1 73 b6 78 4b f3 2220-e4 f7 27 08 ab 74 92 92 .s.xK."..'..t..
0160- 79 26 61 40 1e e9 90 11-e8 b1 cf99 d9 9f c768 y&a@. ......... h
0170- 48 e8 f2 a5d5 d7 0e e1-88 9a bd 0f40 85 af2d H. ......... @..-
0180 - da 76 3a 10 6eb9 38 4d-37 9c 41 c8 9f .v:.n.8M7.A..

readfrom00988EB0[00990AB8](5bytes=>5(0x5))
0000 - 16 03 01 00 04 .....
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

readfrom00988EB0[00990ABD](4bytes=>4(0x4))
0000 - 0e .
0004 - <SPACES/NULS>

writeto 00988EB0 [00999BE0](139 bytes=> 139 (0x8B))

0000 - 16 03 01 00 86 10 00 00-82 00 80 63 c2 3c 69 26 ...........c...dU. ... ]n..
0030- 05 f1db 44 f313 a8 24-3a76 0e 3e1a6e 55 0c ...D. . $:v.>.nU.
0040- 31 9b 04 99 30 ff8fd2-8d 8e 0d b1 67 ac43 ee 1...0. ..... g.C.
0050- b2 3fd3 c7 c5 33 81e1-3fd2 47 6f5d 8a fb 4c .?...3..?.Go]..L
0060- 62 c7 23 b3 f7 ad 3ca9-0c 87 4a 08 07 55 ba 06 b.#...<...J..U..
0070- 34 18 0c 5fd9 35 f0 2b-90 9a 9d 6b 87 62 41 0f 4.._.5.+. . k.bA.
0080- b3 47 74 5f5b b8 59 5a-b2 21 dd .Gt_[.YZ.!.

writeto00988EB0[00999BE0](6bytes=>6(0x6))
0000 - 14 03 01 00 01 01 ......

writeto 00988EB0 [00999BE0](45 bytes=> 45 (0x2D))

0000 - 16 03 01 00 28 0f31 83-e0 f8 91 fa33 98 68 46 ....(.1. ... 3.hF
0010- c0 60 83 6628 fe d3 a5-00 f098 d5 df 22 722d .`.f(. ......"r-
0020- e4 40 9b 96 3b 4c f9 02-13 a7 e7 77 74 .@..;L .... wt

readfrom00988EB0[00990AB8](5bytes=>5(0x5))
0000 - 14 03 01 00 01 .....

readfrom00988EB0[00990ABD](1bytes=>1(0x1))
0000 - 01 .

readfrom00988EB0[00990AB8](5bytes=>5(0x5))
0000 - 16 03 01 00 28 ...................................... (

readfrom00988EB0[00990ABD](40bytes=>40(0x28))
0000- d4 0b a6 b7 e8 91 091e-e4 1e fc 44 5f80 cca1 ...........D_...
0010- 5d 51 55 3e 62 e8 0f78-07 f6 2f cd f9 bc 49 8d ]QU>b..x../...I.
0020 - 56 5b e8 b2 09 2c 18 52- V[...,.R
---
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Certificatechain
0 s:/C=US/CN=chc/[email protected]
i:/C=US/OU=test101/CN=chc/[email protected]
---

Server certificate
-----BEGIN CERTIFICATE-----
MIIB9zCCAWACAQEwDQYJKoZIhvcNAQEEBQAwTTELMAkGA1UEBh
MCVVMxEDAOBgNV
BAsTB3Rlc3QxMDExDDAKBgNVBAMTA2NoYzEeMBwGCSqGSIb3DQEJ
ARYPY2hjQHRl
c3QxMDEuY29tMB4XDTA0MDIyNjA2NTY1NFoXDTA1MDIyNTA2NTY1
NFowOzELMAkG
A1UEBhMCVVMxDDAKBgNVBAMTA2NoYzEeMBwGCSqGSIb3DQEJA
RYPY2hjQHRlc3Qx
MDEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN5J58
ttI0TtNTRiXH
U4glYOZG22Q6c2GSrCOSzSyUqY/Gf0dzwNmNNLcs3cmGvYJvzqzY4roP5f
U6ZyyJ
GhsD6yGFKOMpmITtRnWC+g8wo6mlcUZM1g0XxBn9RPviGEamnauR3mu
hf/4wBihd
2NMpAMMdTBMAYY/zhVH1aNhpJQIDAQABMA0GCSqGSIb3DQEBBA
UAA4GBACn9v1rt
cI9TpOkUTF66hMZUG/LAPMQwD38SgE4Bt/05UPFBDdiqd9mHJRoe4peIT
1N1yHAi
agFhD1E+ExmcZPJ2FOiFJSOiEcSM+CMs0cPTcTrmcVQQB9xy/+7oPs+Od3
Ppn/Wa
kGBNoKoDMh8Rby6aXzx3BSIMgb8plq3LOxiu
-----ENDCERTIFICATE-----

subject=/C=US/CN=chc/[email protected]
issuer=/C=US/OU=test101/CN=chc/[email protected]
---

NoclientcertificateCAnames sent
---
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

SSL handshake hasread 1031bytesand written 292 bytes

---

New,TLSv1/SSLv3,CipherisEDH-RSA-DES-CBC3-SHA
Serverpublickeyis1024bit
SSL-Session:
Protocol: TLSv1
Cipher :EDH-RSA-DES-CBC3-SHA
Session-ID:
Session-ID-ctx:
Master-Key:
57FDDAF85C7D287F9F9A070E8784A29C75E788DA2757699B
20F3CA50E7EE01A66182A71753B78DA218916136D50861AE
Key-Arg : None
Start Time: 1078211879
Timeout : 7200 (sec)
Verifyreturncode:0(ok)
---

GET/test.htmlHTTP/1.0

writeto 00988EB0 [009952C8](82 bytes=> 82 (0x52))

0000- 17 03 01 0018 74 fa 45-35 2db1 24 59 cfad96 .....t.E5-.$Y...
0010- 34 30 01 7dbe 8e 70 f9-41 6211 f1 36 17 0301 40.}..p.Ab..6...
0020 - 00 30 56 61 ba2d d3 58-5d e6 6a 83 78 07 87 7a .0Va.-.X].j.x..z
0030- db b2 a7 40c7 6d c1 4a-20 3b82 7d aa 15 e8 65 [email protected];.}...e
0040- 3b 92 bdc8 20 e9 9d41-f1 77 51 d9ae 31 c4 2c ;... ..A.wQ..1.,
0050 - 32 5a 2Z

writeto 00988EB0 [009952C8](58 bytes=> 58 (0x3A))

0000- 17 03 01 00 18 39 2fdf-43 75 91 13 34 1b 12 04 .....9/.Cu..4...
0010- 7d ef8d e186 54 4f67-c8 1d cd 07 a4 17 03 01 }....TOg........
0020- 00 18 53 d9 22 9d eb6e-8b 79 f8 e4 82 2fbaea ..S."..n.y.../..
0030 - 03 a5 3f12 85 2e 9f64-ff dc ..? ... d..

readfrom00988EB0[00990AB8](5bytes=>5(0x5))
0000 - 17 03 01 01 48 ...................................... H
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

readfrom00988EB0[00990ABD](328bytes=>328(0x148))
0000- bd eb 8b 9c 01 ac 73 30-8fca a4 8b 2a6fbd 02 ......s0.... *o..
0010- d7 fc 7118 61 47 f21d-70 8b 10 7d98 28 a4 50 ..q.aG..p..}.(.P
0020- f3 0f42 e8c5 e1 3e53-34 bd c7 62 34 1b 5e 8c ..B...>S4..b4.^.
0030- 99 2d 89 c6b3 f0 19 96-22 9743 b8 8f9d 7642 .-......".C .. vB
0040- 95 a5 7c db 3b 22 dd 57-29 8d e8 d4 28 3e 89 d8 ..|.;".W)...(>..
0050- 46 e5 dc 35 51 56 f844-d1 82 44 a0 65 b0 93 22 F..5QV.D..D.e.."
0060- 4b 0a eb07 26 c9 2a e2-45 4c de 07 0cbb 3ec6 K...&.*.EL.... >.
0070 - bc 37 94 cd ec 94 2f35-76 37 13 4d 0f88 9c b1 .7..../5v7.M....
0080- d7 1c 58 8a 35 5b 32 bc-12 2b 9c e6 5b d4 86 bd ..X.5[2..+..[...
0090- 39 fc 9918 79 ecf753-db 59 74 49da 07 69 54 9...y..S.YtI..iT
00a0- f4 66 aa3634 39 f90b-87 50 9e 76db 9fd0 44 .f.649...P.v... D
00b0 - 0c 0d e7 65 80 9b b8 51-56 3d d0 db aa 55 ff ca ...e...QV=...U..
00c0 - 74 38 24 c1 8c d7 32 cf-ab 03 b3 59 29 0f 80 18 t8$...2....Y)...
00d0- 6ad4 e07e fd 41 8c f7-1d 81 12 a700 b3 71 39 j..~.A. ...... q9
00e0- 78 1e 3c 17 42 d4 99 22-69 7b 2d 09 efd8 6ef4 x.<.B.."i{ ....n.
00f0- 64f6 6134728c89 f5-a8ea 1cb1 0d08 ff17 d.a4r...........
0100- 51 3e 46 2b38 75 61 6a-1e 34f4 14 14 38 0d5e Q>F+8uaj.4. . 8.^
0110- 6e ba db ef 83 88 ee a5-2c 18 5a 0c27 e3 d9 19 n.......,.Z.'...
0120- 6ca3 12 c0a1 3d e114-96 d31a f9 c9 f2 aad6 l....=..........
0130- 12 d5 36 ae 36 f2 18f5-dfc6 ef34 d7 7d 2b 70 ..6.6. .... 4.}+p
0140- 99 88 47 93 91 09 56 b1- ..G. . V.

HTTP/1.1200OK
Date:Tue, 02 Mar2004 07:18:08GMT
Server:Apache/1.3.29(Win32)mod_ssl/2.8.16OpenSSL/0.9.7c
Last-Modified: Sat, 07 Feb 2004 10:53:25 GMT
ETag:"0-23-4024c3a5"
Accept-Ranges: bytes
Content-Length: 35
Connection: close
Content-Type:text/html

<h1>Homepageonmainserver</h1>

readfrom00988EB0[00990AB8](5bytes=>5(0x5))
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

0000 - 15 03 01 00 18 .....

readfrom00988EB0[00990ABD](24bytes=>24(0x18))
0000 - a5 47 51 bd aa 0f 9b e4-ac d4 28 f2 d0 a0 c8 fa .GQ.......(.....
0010 - 2c d4 e5 e4 be c5 01 85- ,.......

closed

writeto 00988EB0 [009952C8](29 bytes=> 29 (0x1D))

0000- 15 03 01 00 18 d4 19 b9-59 88 88 c0 c9 38 ab 5c ........Y. .. 8.\
0010- 98 8c 43 fd b89e 14 3d-77 5e 4c 68 03 ..C ... =w^Lh.

Observation
Viva-Voce
Record
Total

RESULT:

Thus, the check message intergrityand confidentiality using SSL can verifiedthe
output successfully.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ex:No:06 EXPERIMENTEAVESDROPPING,DICTIONARY
ATTACKS, MITM ATTACK

AIM

Toexperimenteavesdropping,dictionaryattack,MITM attack.

PROCEDURE

ManintheMiddle(MITM)againstDiffie-Hellman:
A malicious Malory, that has a MitM (man in the middle) position, can
manipulatethecommunicationsbetweenAliceandBob,andbreakthe security of the
key exchange.
1. Selected public numbers p and g, p is a prime number, called the
“modulus” and g is called the base.
2. Selectingprivatenumbers.
let Alice pick a private random number a and let Bob pick a private
random number b, Malory picks 2 random numbers c and d.
3. Interceptingpublicvalues,
Malory intercepts Alice’s public value (ga(mod p)), block it fromreaching
Bob, and instead sends Bob her own public value (gc(modp))and Malory
intercepts Bob’s public value (gb(mod p)), block it from
reachingAlice,andinsteadsendsAliceherownpublicvalue(gd (modp))
4. Computingsecretkey
Alice will compute a key S1=gda(mod p), and Bob will compute a
different key, S2=gcb(mod p)
5. If Alice uses S1 as a key to encrypt a later message to Bob, Malory can
decryptit, re-encryptitusingS2,andsenditto Bob.BobandAlice won’t notice
any problem and may assume their communication is encrypted, but in
reality, Malory can decrypt, read, modify, and then re- encrypt all their
conversations.

PROGRAM:

importjava.util.Random;
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

importjava.util.Scanner;

publicclassMain{

public static void main(String[] args) {Scanner

scanner = new Scanner(System.in);

Random random = new Random();

System.out.print("Enter a prime number : ");

int p = scanner.nextInt();

System.out.print("Enter a number : ");

intg=scanner.nextInt();

class A {

private int n;

publicA(){

this.n=random.nextInt(p)+1;

publicintpublish(){

return(int)Math.pow(g,n)%p;
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

public int compute_secret(int gb) {

return (int) Math.pow(gb, n) % p;

class B {

private int a;

privateintb;

privateint[]arr;

publicB(){

this.a = random.nextInt(p) + 1;

this.b = random.nextInt(p) + 1;

this.arr = new int[]{a, b};

publicintpublish(inti){

return(int)Math.pow(g,arr[i])%p;

}
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

public int compute_secret(int ga, int i) {

return(int)Math.pow(ga,arr[i])%p;

Aalice=newA();

Abob=newA();

Beve=newB();

System.out.println("Alice selected (a) : " + alice.n);

System.out.println("Bob selected (b) : " + bob.n);

System.out.println("EveselectedprivatenumberforAlice(c):"+ eve.a);

System.out.println("Eve selected private number for Bob (d) : " + eve.b);

int ga = alice.publish();

int gb = bob.publish();

int gea = eve.publish(0);

intgeb=eve.publish(1);

System.out.println("Alice published (ga): " + ga);

System.out.println("Bob published (gb): " + gb);

System.out.println("Eve published value for Alice (gc): " + gea);

System.out.println("Eve published value for Bob (gd): " + geb);

}
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Output:
Enter a prime number (p) : 227
Enter a number (g) : 14

Alice selected (a) : 227

Bob selected (b) : 170

Eve selected private number for Alice (c) : 65

EveselectedprivatenumberforBob(d):175

Alice published (ga): 14

Bobpublished(gb):101

Eve published value for Alice (gc): 41

Eve published value for Bob (gd): 32

Alicecomputed(S1):41
EvecomputedkeyforAlice(S1):41

Bobcomputed(S2):167
EvecomputedkeyforBob(S2):167
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Observation
Viva-Voce
Record
Total

RESULT
Thus,theaboveprogramexperimenteavesdropping,dictionaryattacks, MITM attacks
are executed successfully and output are verified.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ex:No:07 EXPERIMENT WITH SNIFF TRAFFIC USING ARP

POISONING

AIM
ToexperimentwithsnifftrafficusingARPpoisoning.
PROCEDURE

Step1−InstalltheVMwareworkstationandinstalltheKaliLinuxoperating system.
Step2− LoginintotheKali Linuxusing usernamepass“root, toor”.
Step 3− Make sure you are connected to local LAN and check the IP addressby
typing the command ifconfig in the terminal.

Step4−Openuptheterminalandtype“Ettercap–G”tostartthegraphical version of
Ettercap.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Step 5− Now click the tab “sniff” in the menu bar and select “unified sniffing”
and click OK to select the interface. We are going to use “eth0” which means
Ethernet connection.

Step6−Nowclickthe“hosts”tab inthe menubar andclick“scan for hosts”.It will

start scanning the whole network for the alive hosts.
Step 7− Next, click the “hosts” tab and select “hosts list” to see the number of
hosts available in the network. This list also includes the default gateway
address. We have to be careful when we select the targets.

Step 8− Now we have to choose the targets. In MITM, our target is the host
machine, and the route will be the router address to forward the traffic. In an
MITM attack, the attacker intercepts the network and sniffs the packets. So, we
will add the victim as “target 1” and the router address as “target 2.”
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

In VMware environment, the default gateway will always end with “2” because
“1” is assigned to the physical machine.
Step 9− In this scenario, our target is “192.168.121.129” and the router is
“192.168.121.2”. So we will add target 1 as victimIPand target 2 asrouter IP.

Step10−Nowclickon“MITM”andclick“ARPpoisoning”.Thereafter, check the

option “Sniff remote connections” and click OK.

Step11−Click“start” and select“start sniffing”. Thiswill start ARP poisoning in

the networkwhich meanswe have enabledour network card in“promiscuous
mode” and now the local traffic can be sniffed.
Note− We have allowed only HTTP sniffing with Ettercap, so don’t expect
HTTPS packets to be sniffed with this process.
Step 12− Now it’s time to see the results; if our victim logged into some
websites. You can see the results in the toolbar of Ettercap.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Observation
Viva-Voce
Record
Total

RESULT
Thus, the above experiment with sniff traffic using ARP poisoning are executed
successfully and output are verified.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ex:No:08 DEMONSTRATE INTRUSION DETECTION SYSTEM

USING ANY TOOL

AIM
Todemonstrateintrusiondetectionsystemusinganytool(SNORT).

PROCEDURE

InWindows:
 Step-1: Download SNORT installer from
https://www.snort.org/downloads/snort/Snort_2_9_15_Installer.exe
 Step-1:ExecutetheSnort_2_9_15_Installer.exe
DifferentSNORTModes:
1. SnifferMode–
To print TCP/IP header use command./snort -v
ToprintIPaddressalongwithheaderusecommand./snort-vd
2. PacketLogging–
Tostorepacketindiskyouneedtogivepathwhereyouwanttostorethe logs. For this
command is./snort -dev -l ./SnortLogs.
3. Activatenetworkintrusiondetectionmode–
To start this mode use this command ./snort -dev -l ./SnortLogs -h
192.127.1.0/24 -c snort.conf

Observation
Viva-Voce
Record
Total

RESULT
Thustheabovedemonstrateintrusion systemusingSNORTare
installed successfully and output are verified.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ex:No:09
EXPLORENETWORKMONITORINGTOOL

PROCEDURE

1. SematextExperience

Sematext Experience is a real user monitoring solution that offers 100%

visibility into your website or web app that affects your users’ experience.

HereiswhatputsSematextonthetopofourlist:

 Easyinstallation
 Singlepageapplicationsupport
 Individualsessionperformance
 InspectPageloadevents
 MonitoryourApdexscore
 Real-timeautomaticalerts

Sematext Experience allows you to inspect individual sessions to get page-

levelspecifics. Thishelpsassesstheuser’ssatisfactiontopreventcustomer loss due
to poor performance.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Furthermore, you can set up alerts for Apdex score, script errors, and page
loadtime andreceive real-timenotifications wheneverperformance anomalies
are detected. this, in turn, will enable you to troubleshoot issues faster.

SEMATEXTEXPERIENCE

Sematext Experience was designed so DevOps and BizOps can work together.
Having easy access to all your actionable data provides your whole team with
in-depth insights. With this data, effectual decisions can be made with ease to
ensure your customers are always satisfied.

Pricing

 From$9/mo

Pros

 Combine the power of metrics, logs, and end-user monitoring under one
roof with Sematext Cloud
 First-classsupportforpopularfrontendframeworkssuchasReact, Ember, and
Angular
 URLgroupingforbothpage-loadeventsandHTTPrequests
 Powerfulcostcontrolusingdatasampling
 Hasasolutionforsyntheticmonitoring
 Errortracking
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

2. DynatraceRUM

PartofDynatrace’sdigitalexperiencemonitoringtoolset,DynatraceRUMis a
powerful website monitoring service that offers complete real-time visibilityof
customer experience. You can monitor the activity of all mobile and web
application users across all devices and browsers to assess and improve user
satisfaction.

WithDynatraceRUMyoucanalsocollectbusiness-relevantmetrics, allowing you to

correlate performance issues with potential business impact.

Features

 Mapthewholeuserjourney
 Replayindividualcustomersessions
 Business-relevant,usertransactionmonitoring
 Real-timeAI-basedanalysis

Pricing

 Availableonrequest

Pros

 Intuitivenon-technicaldashboardusability
 InteractiveinterfacesandvisualreportsforROItracking
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

 Mobilemonitoringbreakdowns

Cons

 Reportedlypricey
 TheUIcanbeoverwhelmingatfirst

3. AppDynamicsBrowserRUM

AppDynamics’s RUM tool tracks customers’ journey to provide full visibility

into their interaction with your webapp. You receive browser-user insights to
help you optimize web experiences. Self-learning algorithms use the app’s
behavior to dynamically baseline web metrics with automatic anomalydetection
and resolution.

Features

 Real-timeintelligentalerting
 Backendandfrontendmonitoringinsamesolution
 Businesstransactioncorrelation
 Browsersnapshotwaterfalls
 Dynamicperformancebaselining

Pricing
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

 Availableintwooptions:Lite(free)versionandProversion.Pricing available
on request

Pros

 Freetraining
 Self-learningplatform

Cons

 Reportedlypricey

4. NewRelicBrowser

New Relic is mostly known for their APM tool, but they completed their
monitoring tools set with a RUM solution, New RelicBrowser.

New Relic Browser has advanced RUM features that give you access toinsights
from the users’ perspective by focusing on browser performance. It monitors
the entire life cycle of a page or a view, from the moment users enter the app
until they disconnect.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Features

 BrowserPageviewsandPageLoadTimes
 JavaErrorsandInstancedetails
 AJAXTimingandCallReports
 BrowserSessionTraces
 FilterableGeographyAnalytics
 Routechangesinappswithsinglepageapplication(SPA)architecture
 Individualsessionperformance

Pricing

 Pricing information available on request. Also has a free (Lite)

versionwith fewer features

Pros

 Syntheticmonitoringoptionavailable

Cons

 MostfeaturesareavailableforProaccountsonly
 Reportsarenotverycomprehensive
 MissingdetailedHTTPresourcesmetrics
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

5. Pingdom

Pingdom is a unified performance monitoring tool that brings together

transaction, uptime, and real user monitoring.

Pingdom allows you to filter data from specific users to get greater insights on
the regional performance of your website and make optimizations to deliver a
betterexperience to yourmost valuable users. It’s highly scalable, allowingyou
to monitor millions of pageviews without compromising your data.

Features

 Tailoredincidentmanagement
 Real-timedataandalerting
 Websiteandservermonitoring
 Mobileaccessibility

Pricing

 Thebasicsetupstartsat$10/month,upto$199–$15,000

Pros
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

 Customizable,fastandcomprehensivealertingandreporting
 Syntheticandendusermonitoring
 Notificationstomultipledestinations(textmessage,email)

Cons

 Expensiveifyouincreasevolumeorscaleupasthereisnodata sampling
available
 Noerrortrackingorerrormanagement
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Observation
Viva-Voce
Record
Total

RESULT

Thus, the above process are explore network monitoring tools and view the
output.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

Ex:No:10
STUDYTO CONFIGUREFIREWALL, VPN

AIM
Tostudy to configurefirewall,VPN usingGooglecloud services.

PROCEDURE

GoogleCloud firewall rules

GoogleCloudfirewallrulesapplytopacketssenttoandfromvirtualmachine (VM)
instances within your VPC network and through Cloud VPN tunnels.

Consolegcloud

1. IntheGoogleCloudconsole,goto theVPN tunnelspage.

2. Go to VPN tunnels
3. ClicktheVPN tunnel thatyou want to use.

4. IntheVPNgateway section,clickthenameoftheVPCnetwork.This action

directs you to the VPC network details page that contains the tunnel.

5. ClicktheFirewallrulestab.

6. ClickAdd firewall rule. Add arule for TCP, UDP, and ICMP:

 Name:Enterallow-tcp-udp-icmp.

 Sourcefilter: SelectIPv4 ranges.

 Source IP ranges:Enter aRemote network IP rangevalue from

when you created the tunnel. If you have more than one peer
network range, enter each one. Press the Tabkey between entries.
To allow traffic from all source IPv4 addresses in your peer
network, specify 0.0.0.0/0.

 Specifiedprotocols orports:Selecttcpandudp.

 Other protocols:Entericmp.

 Targettags:Addanyvalidtag or tags.

7. ClickCreate.
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

If you need to allow access to IPv6 addresses on your VPC network from your
peer network, add an allow-ipv6-tcp-udp-icmpv6firewall rule.

ClickAdd firewall rule. Add a rule for TCP, UDP, and ICMPv6:

 Name:Enterallow-ipv6-tcp-udp-icmpv6.

 Sourcefilter: SelectIPv6 ranges.

 Source IP ranges:Enter aRemote network IP rangevalue from

when you created the tunnel. If you have more than one peer
network range, enter each one. Press the Tabkey between entries.
To allow traffic from all source IPv6 addresses in your peer
network, specify ::/0.

 Specifiedprotocols orports:Selecttcpandudp.

 Otherprotocols: Enter 58. 58 istheprotocolnumber for ICMPv6.

 Targettags:Addanyvalidtagortags.

Click Create.

Observation
Viva-Voce
Record
Total
 JAYA COLLEGE OF ENGINEERING AND TECHNOLOGY

CONCLUSION

The purpose of this study was to explore the role of the firewall in network
security. This was done by researching five more specific problems. Two of
them were concerned with the relationship between firewalls and network
services, and it is in this area we believe this study makes its foremost
contribution. With regard to the question about firewall configurations, our
results are in line with findings from other studies, not least those by Wool.
Realistically,wedonotconsiderourresultstobethatrevolutionarynorreliable. VPNs
allow users or corporations to connect to remote servers, branch offices, or to
other companies over a public internetwork, while maintaining secure
communications.Inallthesecases,thesecure connection appears tothe user as a
private network communication-despite the fact that this
communicationoccursoverapublicinternetwork. VPNtechnologyis designed to
address issues surrounding the current business trend towards increased
telecommuting and widely distributed global operations, where
workersmustbeableto connect tocentral resourcesand communicatewith each
other.