EX.

No:1a
IMPLEMENT SYMMETRIC KEY ALGORITHM USING AES
Date:

AIM:
To implement the symmetric key algorithm using AES.

ALGORITHM:
1. Create an instance of the AES Example class.
2. Set the original Val string that you want to encrypt.
3. Call the encrypt method with the original value.
4. Call the decrypt method with the encrypted value.
5. Print the original value, encrypted value, and decrypted value to the console.

PROGRAM :
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.util.Base64;

public class AESExample {

public static void main(String[] args) throws Exception
{ KeyGenerator keyGen =
KeyGenerator.getInstance("AES");
keyGen.init(128);
SecretKey secretKey = keyGen.generateKey();

Cipher cipher = Cipher.getInstance("AES");

// Encryption
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
String plaintext = "Secure AES Communication";
byte[] encrypted = cipher.doFinal(plaintext.getBytes());
System.out.println("Ciphertext: " +
Base64.getEncoder().encodeToString(encrypted));

// Decryption
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] decrypted = cipher.doFinal(encrypted);
System.out.println("Decrypted Text: " + new
String(decrypted));
}
}

1
OUTPUT:

Ciphertext: XO8HtvDQLk85N/w9lNttRWD0jkAQzu7hJzWaelxfmLw=

Decrypted Text: Secure AES Communication

RESULT:
Implementation of symmetric key using AES was successfully executed and output is verified.
2
EX.No:1b
IMPLEMENT SYMMETRIC KEY ALGORITHM USING DES
Date:

AIM:
To implement the symmetric key algorithm using Data Encryption Standard (DES).

ALGORITHM:
1. Create an instance of the DES Example class.
2. Set the original Val string that you want to encrypt.
3. Call the encrypt method with the original value.
4. Call the decrypt method with the encrypted value.
5. Print the original value, encrypted value, and decrypted value to the console.

PROGRAM :
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.util.Base64;

public class DESExample {

public static void main(String[] args) {

try {
// Generate a DES key
KeyGenerator keyGenerator = KeyGenerator.getInstance("DES");
SecretKey secretKey = keyGenerator.generateKey();

// Create a Cipher instance for DES

Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");

String plainText = "Network Security";

System.out.println("Original Text: " + plainText);

// Encrypt the text

cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encryptedBytes = cipher.doFinal(plainText.getBytes());
String encryptedText = Base64.getEncoder().encodeToString(encryptedBytes);
System.out.println("Encrypted Text: " + encryptedText);

// Decrypt the text

cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] decryptedBytes = cipher.doFinal(Base64.getDecoder().decode(encryptedText));
String decryptedText = new String(decryptedBytes);

3
 System.out.println("Decrypted Text: " + decryptedText);

} catch (Exception e) {
e.printStackTrace();
}
}
}

4
OUTPUT:

Original Text: Network Security

Encrypted Text: 6nGQL80Vr4mjUxIBCiKZuXDkALm6GfYc
Decrypted Text: Network Security

RESULT:
Implementation of symmetric key using DES was successfully executed and output is verified.

5
EX.NO. : 2(A)
IMPLEMENT ASYMMETRIC KEY ALGORITHM USING RSA
DATE :

AIM:
To implement the asymmetric key algorithm using RSA.

ALGORITHM:
1. Key Generation: Use Java’s KeyPairGenerator to generate the RSA public
and private key pairs.
2. Encryption: Use Java's Cipher class to encrypt the plaintext using the public key.
3. Decryption: Use Java's Cipher class to decrypt the ciphertext using the private key.

PROGRAM :
import java.security.*;
import javax.crypto.*;
public class RSAExample {
// Method to generate RSA key pair
public static KeyPair generateRSAKeyPair(int keySize) throws NoSuchAlgorithmException
{ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(keySize);
return keyPairGenerator.generateKeyPair();
}
// Method to encrypt the message using RSA public key
public static byte[] encryptMessage(PublicKey publicKey, String message) throws Exception { Cipher
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey); return cipher.doFinal(message.getBytes());
}
// Method to decrypt the message using RSA private key
public static String decryptMessage(PrivateKey privateKey, byte[] encryptedMessage) throws
Exception {
Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decryptedBytes = cipher.doFinal(encryptedMessage); return new String(decryptedBytes);
}
public static void main(String[] args) { try {
// Generate RSA key pair (2048 bits)
KeyPair keyPair = generateRSAKeyPair(2048); String message = "Hello, RSA!";
System.out.println("Original Message: " + message);
// Encrypt the message using the public key
byte[] encryptedMessage = encryptMessage(keyPair.getPublic(), message);
System.out.println("Encrypted Message: " + new String(encryptedMessage));
// Decrypt the message using the private key
String decryptedMessage = decryptMessage(keyPair.getPrivate(), encryptedMessage);
System.out.println("Decrypted Message: " + decryptedMessage);
} catch (Exception e) {
e.printStackTrace();
}
}
}
6
OUTPUT:
Original Message: Hello, RSA!
Encrypted Message: ?(x?£◄♥◄∟±→·?÷♂=å;-??Äè²??♣?+`?☻??ö!☺???¼r?♂?i\‼???ƒƒB?=♥?n!t??
qH.3◄?|?Éiª3?←?*W??4¡(??å?o⌂?p6CàG±?N⌂?▼!ñ½?/qò?7S???X«¼?&.?←0)¼?☺??;?Gß?
n»V<°♀U←??îD?Q6▬w?ó+?ö‼ïÇ!?·ÉÇ☼ìo4²2ïÆ‼>ô|?
Decrypted Message: Hello, RSA!

RESULT:
Implementation of Asymmetric key algorithm using RSA was successfully executed and output is
verified.

7
 EX.No:2 (b)
IMPLEMENT ASYMMETRIC KEY EXCHANGE ALGORITHM
Date:

AIM:

To implement the asymmetric key exchange algorithm.

ALGORITHM:
1. Key Generation: Use Java’s KeyPairGenerator class with the DH algorithm to
generate Diffie-Hellman key pairs.

2. Shared Secret Computation: Use Java's KeyAgreement class to compute the shared
secret using the private key and the other party's public key.

PROGRAM :
import java.security.*;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import java.util.Base64;

public class DiffieHellmanExample {

public static void main(String[] args) {
try {
// Generate key pair for Party 1 (Alice)
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
keyPairGenerator.initialize(2048);
KeyPair keyPairA = keyPairGenerator.generateKeyPair();
PublicKey publicKeyA = keyPairA.getPublic();
PrivateKey privateKeyA = keyPairA.getPrivate();

// Generate key pair for Party 2 (Bob) using Alice's public key parameters
DHParameterSpec dhParameterSpec = ((DHPublicKey) publicKeyA).getParams();
keyPairGenerator.initialize(dhParameterSpec);
KeyPair keyPairB = keyPairGenerator.generateKeyPair();
PublicKey publicKeyB = keyPairB.getPublic();
PrivateKey privateKeyB = keyPairB.getPrivate();

// Generate shared secret for Alice

KeyAgreement keyAgreementA = KeyAgreement.getInstance("DH");
keyAgreementA.init(privateKeyA);
keyAgreementA.doPhase(publicKeyB, true);
byte[] sharedSecretA = keyAgreementA.generateSecret();

// Generate shared secret for Bob

8
 KeyAgreement keyAgreementB = KeyAgreement.getInstance("DH");
keyAgreementB.init(privateKeyB);
keyAgreementB.doPhase(publicKeyA, true);
byte[] sharedSecretB = keyAgreementB.generateSecret();

// Convert shared secret to Base64 string for display

String secretA = Base64.getEncoder().encodeToString(sharedSecretA);
String secretB = Base64.getEncoder().encodeToString(sharedSecretB);

// Both secrets should be identical

System.out.println("Shared Secret (Alice): " + secretA);
System.out.println("Shared Secret (Bob): " + secretB);

} catch (Exception e) {
e.printStackTrace();
}
}
}

OUTPUT:

Shared Secret (Alice): N6vD3uXbH9H8y2vA8fyBqTzy5F3bNnpt7I3h5q0M7F8=

Shared Secret (Bob): N6vD3uXbH9H8y2vA8fyBqTzy5F3bNnpt7I3h5q0M7F8=

RESULT:
Implementation of Asymmetric Diffie-Hellman key exchange was successfully executed and output is
verified.

9
EX.NO: 3
IMPLEMENT DIGITAL SIGNATURE SCHEME
DATE :

AIM:
To implement the signature scheme - Digital Signature Standard.

ALGORITHM:
1. Declare the class and required variables.
2. Create the object for the class in the main program.
3. Access the member functions using the objects.
4. Implement the SIGNATURE SCHEME - Digital Signature Standard.
5. It uses a hash function.
6. The hash code is provided as input to a signature function along with a
random number K generated for the particular signature.
7. The signature function also depends on the sender s private key.
8. The signature consists of two components.
9. The hash code of the incoming message is generated.
10. The hash code and signature are given as input to a verification function.

PROGRAM:
import java.security.*;
import java.util.Base64;

public class DigitalSignatureExample {

public static void main(String[] args) {
try {
// Generate RSA key pair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();

String message = "This is a secure message.";

System.out.println("Original Message: " + message);

// Create a Signature instance using SHA256 with RSA

Signature signature = Signature.getInstance("SHA256withRSA");

// Sign the message

signature.initSign(privateKey);
signature.update(message.getBytes());
byte[] digitalSignature = signature.sign();
String signatureBase64 = Base64.getEncoder().encodeToString(digitalSignature);
System.out.println("Digital Signature: " + signatureBase64);

10
 // Verify the signature
signature.initVerify(publicKey);
signature.update(message.getBytes());
boolean isVerified = signature.verify(digitalSignature);

System.out.println("Signature Verified: " + isVerified);

} catch (Exception e) {
e.printStackTrace();
}
}

OUTPUT:
Original Message: This is a secure message.
Digital Signature: A1B2C3D4... (Base64 encoded signature)
Signature Verified: true

11
RESULT:
Thus the Digital Signature Standard Signature Scheme has been implemented and executed
successfully.

12
EX.No: 4
INSTALLATION OF WIRESHARK , TCPDUMP USING UDP/TCP
Date:

AIM:
Installation of Wireshark, TCPDUMP using UDP/TCP.

STEPS TO INSTALL WIRESHARK :

Step 1: Visit the official Wireshark website using any web browser.
Step 2: Click on Download, a new webpage will open with different installers of
Wireshark. Step 3: Downloading of the executable file will start shortly. It is a small 73.69
MB file that will take some time.
Step 4: Now check for the executable file in downloads in your system and run it.
Step 5: It will prompt confirmation to make changes to your system. Click on
Yes. Step 6: Setup screen will appear, click on Next.
Step 7: The next screen will be of License Agreement, click on Noted.
Step 8: This screen is for choosing components, all components are already marked so don’t
change anything just click on the Next button.
Step 9: This screen is of choosing shortcuts like start menu or desktop icon along with file
extensions which can be intercepted by Wireshark, tick all boxes and click on Next button.
Step 10: The next screen will be of installing location so choose the drive which will have
sufficient memory space for installation. It needed only a memory space of 223.4 MB.
Step 11: Next screen has an option to install Npcap which is used with Wireshark to capture
packets pcap means packet capture so the install option is already checked don’t change
anything and click the next button.
Step 12: Next screen is about USB network capturing so it is one’s choice to use it or not,
click on Install.

Step 13: After this installation process will start.

Step 14: This installation will prompt for Npcap installation as already checked so the license
agreement of Npcap will appear to click on the I Agree button.
Step 15: Next screen is about different installing options of npcap, don’t do anything click on
Install.
Step 16: After this installation process will start which will take only a minute.
Step 17: After this installation process will complete click on the Next button.
Step 18: Click on Finish after the installation process is complete.
Step 19: After this installation process of Wireshark will complete click on the Next button.
Step 20: Click on Finish after the installation process of Wireshark is complete.

13
14
RESULT:
Thus, the Wireshark tool is installed successfully.

15
EX.No:5
MESSAGE INTEGRITY AND CONFIDENTIALITY USING SSL
Date:

AIM:
To check message integrity and confidentiality using SSL.

SERVER ALGORITHM:
1. Set the path to the server's keystore and trust store files.
2. Create an SSL server socket using the default SSL server socket factory.
3. Wait for a client connection by accepting incoming connections on the SSL server socket.
4. Once a client connects, create an SSL socket for communication.
5. Set up input and output streams for reading from and writing to the SSL socket.
6. Read the incoming message from the client.
7. Process the received message (perform any necessary operations).
8. Prepare a response message.
9. Write the response message to the output stream to send it back to the client.
10. Close the input/output streams and the SSL socket.
11. Close the SSL server socket.

PROGRAM :
SERVER
import java.io.BufferedReader;
import
java.io.InputStreamReader;
import java.io.OutputStream;
import javax.net.ssl.SSLServerSocket;
import
javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
public class SecureServer {
public static void main(String[] args)
{ try {
System.setProperty("javax.net.ssl.keyStore", "serverkeystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "keystorepassword");
System.setProperty("javax.net.ssl.trustStore", "servertruststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "truststorepassword");
SSLServerSocketFactory sslServerSocketFactory = (SSLServerSocketFactory)
SSLServerSocketFactory.getDefault();
SSLServerSocket serverSocket = (SSLServerSocket)
sslServerSocketFactory.createServerSocket(9999);
System.out.println("Server waiting for client connection...");
SSLSocket sslSocket = (SSLSocket) serverSocket.accept();
System.out.println("Client connected.");
BufferedReader reader = new BufferedReader(new
InputStreamReader(sslSocket.getInputStream()));
16
OutputStream outputStream = sslSocket.getOutputStream();
String clientMessage = reader.readLine();
System.out.println("Received from client: " + clientMessage);
String processedMessage = "Processed: " + clientMessage;
outputStream.write(processedMessage.getBytes());

17
System.out.println("Sent to client: " + processedMessage);
reader.close();
outputStream.close();
sslSocket.close();
serverSocket.close();
} catch (Exception e) {
e.printStackTrace();
}}
}
CLIENT ALGORITHM :
1. Set the path to the client's keystore and truststore files.
2. Create an SSL socket factory using the default SSL socket factory.
3. Create an SSL socket and connect to the server.
4. Set up input and output streams for reading from and writing to the SSL socket.
5. Prepare a message to send to the server.
6. Write the message to the output stream to end it to the server.
7. Read the response message from the server.
8. Process the received response (perform any necessary operations).
9. Close the input/output streams and the SSL socket.

PROGRAM :
CLIENT
import java.io.BufferedReader;
import
java.io.InputStreamReader;
import java.io.OutputStream;
import javax.net.ssl.SSLSocket;
import
javax.net.ssl.SSLSocketFactory; public
class SecureClient {
public static void main(String[] args)
{ try {
System.setProperty("javax.net.ssl.keyStore", "clientkeystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "keystorepassword");
System.setProperty("javax.net.ssl.trustStore", "clienttruststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "truststorepassword");
SSLSocketFactory sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket("localhost", 9999);
System.out.println("Connected to server.");
BufferedReader reader = new BufferedReader(new
InputStreamReader(sslSocket.getInputStream()));
OutputStream outputStream = sslSocket.getOutputStream();
String message = "Hello from the client!";
System.out.println("Sending message to server: " + message);
outputStream.write(message.getBytes());
String serverResponse = reader.readLine(); System.out.println("Received
18
response from server: " + serverResponse); reader.close();
outputStream.close();

19
sslSocket.close();
} catch (Exception e) {
e.printStackTrace();
}}
}

SERVER OUTPUT:
Server waiting for client connection...
Client connected.
Received from client: Hello from the client!
Sent to client: Processed: Hello from the client!

CLIENT OUTPUT:
Connected to server.
Sending message to server: Hello from the client!
Received response from server: Processed: Hello from the client!

RESULT:
Thus the program to check message integrity and confidentiality using SSL was successfully
executed and output is verified.

20
EX. NO. : 6 EXPERIMENT ON EAVESDROPPING, DICTIONARY ATTACKS,
DATE : MITM ATTACKS

AIM:
To study on Eavesdropping, Dictionary attacks and MITM attacks.

EAVESDROPPING:

Definition:
An Eavesdropping attack occurs when a hacker intercepts, deletes, or modifies data that is
transmitted between two devices. Eavesdropping, also known as sniffing or snooping, relies on
unsecured network communications to access data in transit between devices. The data is
transmitted across an open network, which gives an attacker the opportunity to exploit
vulnerability and intercept it via various methods. Eavesdropping attacks can often be difficult
to spot.

Attacks:

Eavesdropping attacks are a big threat to the integrity and confidentiality of the data. It allows
an attacker to gather sensitive information, such as login credentials, financial data, or personal
conversations, without the victim’s knowledge. Furthermore, attackers can use the extracted
information for various malicious purposes, such as identity theft, extortion, or espionage.
Let’s look at the general steps in order to launch an Eavesdropping attack:
The first step is identifying a target for the attack, such as a specific individual or
organization. As soon as the attacker identifies the target, it starts gathering information about
it. Some useful information the attacker wants to extract includes the communication systems
and vulnerabilities that can be exploited.

The next step is to choose an appropriate method for the successful execution of the attack.

There’re several different methods that an attacker can use. Some examples are intercepting
communication over unsecured networks, using malware to gain access to a device, or
using hardware devices.

The next step is to execute the chosen method in the target system and intercept the target’s
communication. Finally, the attacker analyzes the intercepted communication and extracts
valuable information.

Prevention Techniques:
We can use several techniques to prevent eavesdropping attacks. Some popular techniques
include encryption, virtual private networks, secure communication protocols, firewalls, and
network segmentation. Encrypting communication makes it difficult for attackers to
intercept and read messages. In order to encrypt communication, we can use different types
of encryption algorithms, such as symmetric key algorithms and public key algorithms.

Advanced Encryption Standard (AES) is an example of a symmetric key algorithm.

Additionally, Rivest–Shamir–Adleman (RSA) is a widely used public key algorithm.
21
Virtual private networks (VPNs) create a secure, encrypted connection between a device and a
remote server. They can help to prevent eavesdropping attacks by encrypting communication
and making it difficult for attackers to intercept.

DICTIONARY ATTACKS:
Definition:
A dictionary attack is a method of breaking into a password-protected computer, network or
other IT resource by systematically entering every word in a dictionary as a password. A
dictionary attack can also be used in an attempt to find the key necessary to decrypt an
encrypted message or document.

Dictionary attacks work because many computer users and businesses insist on using ordinary
words as passwords. These attacks are usually unsuccessful against systems using multiple-
word passwords and are also often unsuccessful against passwords made up of uppercase and
lowercase letters and numbers in random combinations.

How do dictionary attacks work?

A dictionary attack uses a preselected library of words and phrases to guess possible
passwords.
It operates under the assumption that users tend to pull from a basic list of passwords, such as
"password," "123abc" and "123456."

These lists include predictable patterns that can vary by region. For example, hackers looking
to launch a dictionary attack on a New York-based group of targets might look to test phrases
like "knicksfan2020" or "newyorkknicks1234." Attackers incorporate words related to sports
teams, monuments, cities, addresses and other regionally specific items when building their
attack library dictionaries.

How effective is a dictionary attack?

How successful a dictionary attack is depending on how strong the passwords are for the
individuals a hacker is targeting. Because weak passwords are still common, attackers continue
to have success with these attacks. Individual users, however, aren't the only ones who are
subject to weak password security.

Take steps to prevent a dictionary attack

Dictionary hacking is a very common type of cybercrime that hackers use to gain access to an
individual’s personal accounts, including bank accounts, social media profiles, and emails.
With this access, hackers can perpetrate all sorts of actions, from financial fraud and malicious
social media posts to further cybercrimes like phishing. However, dictionary attack prevention
can be as simple as implementing certain safeguards to minimize the risk of falling victim to
these attacks. Using smart password management habits, employing different types of
authentications, and using readily available password managers, for example, can all help keep
passwords and accounts secure.

22
MITM ATTACKS:
What is a Man-in-the-Middle (MITM) Attack?
Man-in-the-middle attacks (MITM) are a common type of cybersecurity attack that allows
attackers to eavesdrop on the communication between two targets. The attack takes place in
between two legitimately communicating hosts, allowing the attacker to “listen” to a
conversation they should normally not be able to listen to, hence the name “man-in-the-middle.

Types of Man-in-the-Middle Attacks

Rogue Access Point
Devices equipped with wireless cards will often try to auto-connect to the access point that is
emitting the strongest signal. Attackers can set up their own wireless access point and trick
nearby devices to join its domain.
ARP Spoofing
ARP is the Address Resolution Protocol. It is used to resolve IP addresses to physical MAC
(media access control) addresses in a local area network. When a host needs to talk to a host
with a given IP address, it references the ARP cache to resolve the IP address to a MAC
address.

MDNS Spoofing
Multicast DNS is similar to DNS, but it’s done on a local area network (LAN) using broadcast
like ARP. This makes it a perfect target for spoofing attacks. The local name resolution
system is supposed to make the configuration of network devices extremely simple.
DNS Spoofing
Similar to the way ARP resolves IP addresses to MAC addresses on a LAN, DNS resolves
domain names to IP addresses. When using a DNS spoofing attack, the attacker attempts to
introduce corrupt DNS cache information to a host in an attempt to access another host using
their domain name, such as www.onlinebanking.com.
Man-in-the-Middle Attack Techniques
Sniffing
Attackers use packet capture tools to inspect packets at a low level. Using specific wireless
devices that are allowed to be put into monitoring or promiscuous mode can allow an attacker
to see packets that are not intended for it to see, such as packets addressed to other hosts.
Packet Injection
An attacker can also leverage their device’s monitoring mode to inject malicious packets into
data communication streams. The packets can blend in with valid data communication streams,
appearing to be part of the communication, but malicious in nature. Packet injection usually
involves first sniffing to determine how and when to craft and send packets.
Session Hijacking
Most web applications use a login mechanism that generates a temporary session token to use
for future requests to avoid requiring the user to type a password at every page. An attacker
can sniff sensitive traffic to identify the session token for a user and use it to make requests as
the user. The attacker does not need to spoof once he has a session token.
SSL Stripping
Since using HTTPS is a common safeguard against ARP or DNS spoofing, attackers use SSL
stripping to intercept packets and alter their HTTPS-based address requests to go to their

23
HTTP equivalent endpoint, forcing the host to make requests to the server unencrypted.
Sensitive information can be leaked in plain text.

24
How to Detect a Man-in-the-Middle Attack
Detecting a Man-in-the-middle attack can be difficult without taking the proper steps. If you
aren't actively searching to determine if your communications have been intercepted, a
Man-in-the-middle attack can potentially go unnoticed until it's too late. Checking for
proper page authentication and implementing some sort of tamper detection are typically the
key methods to detect a possible attack, but these procedures might require extra forensic
analysis after-the-fact.

Attack Prevention
Strong WEP/WAP Encryption on Access Points.
Strong Router Login Credentials.
Virtual Private
Network.
Force HTTPS.
Public Key Pair Based Authentication.

RESULT:
Thus the Eavesdropping, dictionary attacks and MITM attacks are observed.

25
EX. NO: 7
EXPERIMENT WITH SNIFF TRAFFIC USING ARP POISONING
DATE :

AIM:
To study on sniff traffic using ARP poisoning.

Sniffing Attack:

Sniffing Attack in context of network security, corresponds to theft or interception of data by

capturing the network traffic using a packet sniffer (an application aimed at capturing network
packets). When data is transmitted across networks, if the data packets are not encrypted, the
data within the network packet can be read using a sniffer. Using a sniffer application, an
attacker can analyse the network and gain information to eventually cause the network to crash
or to become corrupted, or read the communications happening across the network. Sniffing
attacks can be compared to tapping of phone wires and get to know about the conversation, and
for this reason, it is also referred as wiretapping applied to computer networks.

Using sniffing tools, attackers can sniff sensitive information from a network, including email
(SMTP, POP, IMAP), web (HTTP), FTP (Telnet authentication, FTP Passwords, SMB, NFS)
and many more types of network traffic. The packet sniffer usually sniffs the network data
without making any modifications in the network's packets. Packet sniffers can just watch,
display, and log the traffic, and this information can be accessed by the attacker.

What is ARP Poisoning?

ARP Poisoning consists of abusing the weaknesses in ARP to corrupt the MAC-to-IP mappings
of other devices on the network. Security was not a paramount concern when ARP was
introduced in 1982, so the designers of the protocol never included authentication mechanisms
to validate ARP messages. Any device on the network can answer an ARP request, whether the
original message was intended for it or not. For example, if Computer A “asks” for the MAC
address of Computer B, an attacker at Computer C can respond and Computer A would accept
this response as authentic. This oversight has made a variety of attacks possible. By leveraging
easily available tools, a threat actor can “poison” the ARP cache of other hosts on a local
network, filling the ARP cache with inaccurate entries.

Sniff traffic using ARP poisoning:

Sniffing traffic using ARP poisoning is a type of cyberattack those abuses weaknesses in the
Address Resolution Protocol (ARP) to intercept, modify, or block network traffic between two
devices. ARP is a protocol that maps an IP address to a MAC address within a local network.
However, ARP lacks authentication mechanisms, and this is what the attack exploits. The
attacker sends fake ARP responses to a specific host on the network, thus linking the attacker’s
MAC address to the IP address of another host, such as the network’s gateway. As a result, the
target host sends all its network traffic to the attacker instead of the intended host

To perform this attack, the attacker needs to have access to the same network as the target
devices, and use a tool that can send out forged ARP responses, such as Arp spoof or Driftnet.
The attacker configures the tool with their MAC address and the IP addresses of the two
devices they want to intercept traffic between. The forged responses tell both devices that the
correct MAC address for each of them is the attacker’s MAC address. As a result, both devices
start sending all their network traffic to the attacker’s machine, thinking it’s the other device
26
they want to communicate with.

The attacker can then do various things with the incorrectly directed traffic. If the attacker
chooses to inspect the traffic, they can steal sensitive information, such as passwords, account
details, or credit card numbers. If they decide to modify the traffic, they can inject malicious
scripts, such as malware, ransomware, or phishing links. Finally, if they choose to block the
traffic, they can perform a Denial of Service (DoS) attack, where they completely stop the
communication between the two devices.

ARP poisoning is a serious threat to network security, as it can compromise the confidentiality,
integrity, and availability of network data. To prevent ARP poisoning attacks, some possible
countermeasures are:

Using network monitoring tools, such as Wireshark or Nmap, to detect any anomalies or
suspicious activities on the network, such as duplicate MAC addresses, ARP requests, or ARP
responses.

RESULT:
Thus, the sniff traffic using ARP poisoning observed.

27
EX. NO. : 8 DEMONSTRATE INTRUSION DETECTION SYSTEM USING
DATE : ANY TOOL

AIM:
To demonstrate intrusion detection system using any tool.

ALGORITHM:
1. Start
2. Initialize Network Traffic and Intrusion Pattern
3. Compile Regular Expression.
4. Match Pattern in Network Traffic.
5. Print a message indicating the intrusion detection: "Intrusion detected: ".
6. Print a message indicating no intrusion: "No intrusion detected.".
7. Stop

PROGRAM :
import java.util.regex.*;
public class SimpleIDS
{
public static void main(String[] args) {
String networkTraffic = "Some network traffic with a suspicious pattern";
String intrusionPattern = "suspicious pattern";
Pattern pattern = Pattern.compile(intrusionPattern);
Matcher matcher = pattern.matcher(networkTraffic);
if (matcher.find()) {
System.out.println("Intrusion detected: " + intrusionPattern);
} else {
System.out.println("No intrusion detected.");
}}}

OUTPUT:
Intrusion detected: suspicious pattern

RESULT:
Program to demonstrate intrusion detection system was successfully executed.

28
EX. NO. : 9
EXPLORE NETWORK MONITORING TOOL
DATE :

AIM:

To explore network monitoring tool.

ALGORITHM:
1. Start
2. Get Network Devices
3. Select a Network Interface
4. Open the Selected Interface
5. Start Packet Capture
6. Stop

PROGRAM:
import
jpcap.*; import
jpcap.packet.*;
public class NetworkMonitor {
public static void main(String[] args) throws Exception
{ NetworkInterface[] devices =
JpcapCaptor.getDeviceList(); if (devices.length == 0) {
System.out.println("No network interface found. Make sure you have the required
permissions.");
return;
}
int selectedDeviceIndex = 0;
NetworkInterface selectedDevice = devices[selectedDeviceIndex];
JpcapCaptor captor = JpcapCaptor.openDevice(selectedDevice, 2000, true,
20); System.out.println("Monitoring " + selectedDevice.name + "...");
while (true) {
Packet packet = captor.getPacket();
if (packet != null) {
System.out.println(packet);
}}}}

OUTPUT:
Ethernet packet (source MAC: 00:11:22:33:44:55, destination MAC: AA:BB:CC:DD:EE:FF)
IPv4 packet (source IP: 192.168.1.2, destination IP: 8.8.8.8, protocol: TCP)
TCP packet (source port: 12345, destination port: 80, flags: SYN)
Payload data: Hello, this is a sample packet!

29
RESULT:
Program for network monitoring tool are explored successfully.

30
EX. NO. : 10
STUDY TO CONFIGURE FIREWALL VPN
DATE :

AIM:
To study configure firewall VPN.

Create and Configure the Network

Initialize the network:
1. Open the Object Palette dialog box by clicking. Make sure that the internet toolbox
item is selected from the pull-down menu on the object palette.
2. Add the following objects from the palette to the project workspace (see the
following figure for placement): Application Config, Profile Config, an
ip32_cloud, one ppp_ server, three ethernet4_slip8_gtwy routers, and two
pppwkstn hosts.
3. Rename the objects you added and connect them using PPP_DS1 links, as shown.
The Firewall Scenario
In the network we just created, the Sales Person profile allows both sales sites to access
applications such as database access, email, and Web browsing from the server (check the
Profile Configuration of the Profiles node). Assume that we need to protect the database in
the server from external access, including the salespeople. One way to do that is to replace
Router C with a firewall as follows:
1. Select Duplicate Scenario from the Scenarios menu and name it Firewall. Click OK.
2. In the new scenario, right-click on Router C · Edit Attributes.
3. Assign ethernet2_slip8_firewall to the model attribute.
4. Expand the hierarchy of the Proxy Server Information attribute · Expand the row
1, which is for the database application hierarchy · Assign No to the Proxy Server
Deployed attribute as shown.
5. Click OK, and Save your project.

The Firewall VPN Scenario

In the Firewall scenario, we protected the databases in the server from “any” external access
using a firewall router. Assume that we want to allow the people in the Sales A site to have
access to the databases in the server. Because the firewall filters all database-related traffic
regard less of the source of the traffic, we need to consider the VPN solution. A virtual tunnel
can be used by Sales A to send database requests to the server. The firewall will not filter the
traffic created by Sales A because the IP packets in the tunnel will be encapsulated inside an IP
datagram.
1. While you are in the Firewall scenario, select Duplicate Scenario from the
Scenarios menu and give it the name Firewall_VPN · Click OK.
2. Remove the link between Router C and the Server.
3. Open the Object Palette dialog box by clicking . Make sure that the
internet toolbox is selected from the pull-down menu on the object palette.
a. Add to the project workspace one ethernet4_slip8_gtwy and one IP
VPN Config (see the following figure for placement).
b. From the Object palette, use two PPP_DS1 links to connect the new router to
the Router C (the firewall) and to the Server, as shown in the following figure.
c. Close the Object Palette dialog box.
4. Rename the IP VPN Config object to VPN.
5. Rename the new router to Router D as shown in the following fig.
31
32
RESULT:
Thus, the configure to firewall VPN observe

33