JSPM'S

JAYAWANTRAO SAWANT COLLEGE OF

ENGINEERING
DEPARTMENT OF INFORMATION TECHNOLOGY

LAB MANUAL

OF

Computer Network Security

Lab

T E (IT) 2019 COURSE

Vision of Department
“To develop competent IT professionals for e-development of
emerging societal needs.”

Mission of Department
M1. “Educating aspirants to fulfill technological and social
needs through effective teaching learning process.”

M2. “Imparting IT skills to develop innovative solutions catering

needs of multidisciplinary domain.”

Program Educational Objectives (PEOs)

PEO 1: Graduate shall have abilities to pursue professional
career.

PEO 2: Graduate shall have an ability to apply acquired

competencies in diverse environment for solving socio-economic
problems ethically.

Program Specific Outcomes (PSOs)

After graduation alumni of Information Technology course will have

demonstrated their ability to

PSO 1: Possess strong fundamentals knowledge in areas like

software design and development, computer architectures and
operating system, web systems, Computer networks and database
 management systems which addresses critical challenges in the
field of IT.

PSO 2: Apply skills in design and development of software systems,

operating system, databases management, computer networks and
web technologies.

PSO 3: Exhibit good teamwork skills and serve as effective members

of multidisciplinary project teams.

PROGRAM OUTCOMES (POs)

Engineering Graduates will be able to:

PO1. Engineering Knowledge: Apply the knowledge of mathematics,

science, engineering fundamentals, and an engineering specialization to the solution

of complex engineering problems.

PO2. Problem Analysis: Identify, formulate, review research literature, and

analyze complex engineering problems reaching substantiated conclusions using

first principles of mathematics, natural sciences, and engineering sciences.

PO3. Design/development of solutions: Design solutions for complex

engineering problems and design system components or processes that meet

the specified needs with appropriate consideration for the public health and
safety, and the cultural, societal, and environmental considerations.

PO4. Conduct Investigations of complex problems: Use research-based

knowledge and research methods including design of experiments, analysis and

interpretation of data, and synthesis of the information to provide valid conclusions.
PO5. Modern tool usage: Create, select, and apply appropriate techniques,

resources, and modern engineering and IT tools including prediction and modeling to
complex engineering activities with an understanding of the limitations.

PO6. The Engineer and society: Apply reasoning informed by the contextual
knowledge to assess societal, health, safety, legal and cultural issues and the
consequent responsibilities relevant to the professional engineering practice.

PO7. Environment and sustainability: Understand the impact of the professional

engineering solutions in societal and environmental contexts, and demonstrate the
knowledge of, and need for sustainable development.

PO8. E Thics: Apply ethical principles and commit to professional ethics and
responsibilities and norms of the engineering practice.

PO9. Individual and Team work: Function effectively as an individual, and as a

member or leader in diverse teams, and in multidisciplinary settings.

PO10. C Ommunication: Communicate effectively on complex engineering activities

with the engineering community and with society at large, such as, being able to
comprehend and write effective reports and design documentation, make effective
presentations, and give and receive clear instructions.

PO11. Project Management and finance: Demonstrate knowledge and

understanding of the engineering and management principles and apply these to

one’s own work, as a member and leader in a team, to manage projects and in
multidisciplinary environments.

I
PO12. L fe-long learning: Recognize the need for, and have the preparation and
 ability to engage in independent and life-long learning in the broadest context of
technological changes.

List of Laboratory Assignments

Attainment PO
Sr. No Title CO Mapping
and PSO
Using a Network Simulator (e.g. packet tracer) Configure
Router for… a) Configure a router using router commands and
PO1,PO2,PO3,
Configure Routing Information Protocol(RIP). b) Configure
1 CO314442.1 PO8,PO9,PO10,P
Access Control lists – Standard & Extended. c) Network
SO1
Address Translation: Static, Dynamic & PAT (Port Address
Translation)
Using a Network Simulator (e.g. packet tracer) Configure
Routing Protocols, a) Configure EIGRP – Explore Neighbor- PO1,PO2,PO3,
ship Requirements and Conditions, its K Values Metrics
CO314442.1 PO8,PO9,PO10,P
2 Assignment and Calculation. b) OSPF – Explore Neighbor-
ship Condition and Requirement, Neighbor-ship states, OSPF SO1
MetricCost Calculation. c) WLAN with static IP addressing
and DHCP with MAC security and filters.
Socket Programming in C/C++ on Linux. a) TCP Client, TCP CO314442.1 PO1,PO2,PO3,
3
Server b) UDP Client, UDP Server PO8,PO9,PO10,P
 SO1

PO1,PO2,PO3,
Introduction to server administration (server administration
4 commands and their applications) and configuration of below CO314442.1 PO8,PO9,PO10,P
Server: (Study/Demonstration Only) a) FTP b) Web Server O11,PO12,PSO1

PO1,PO2,PO3,
Implement a client and a server on different computers using
CO314442.5 PO8,PO9,PO10,P
5 python. Perform the communication between these two
entities by using RSA cryptosystem. O11,PO12,PSO1

PO1,PO2,PO3,
Implement a client and a server on different computers using
6 python. Perform the authentication ofsender between these CO314442.5 PO8,PO9,PO10,P
two entities by using RSA digital signature cryptosystem O11,PO12,PSO1

Implement a client and a server on different computers using PO1,PO2,PO3,

python. Perform the encryption of message of sender between CO314442.5 PO8,PO9,PO10,P
7
these two entities by using DES Algorithm and use Diffie O11,PO12,PSO1
Hellman method for exchange of keys.
PO1,PO2,PO3,
Use the snort intrusion detection package to analyze traffic CO314442.6 PO8,PO9,PO10,P
8
and create a signature to identify problem traffic. SO1

ASSGINMENT NO.1

Title: Using a Network Simulator (e.g. packet tracer) Configure Router for...
a) Configure a router using router commands and Configure Routing Information
Protocol (RIP).
b) Configure Access Control lists – Standard & Extended.
c) Network Address Translation: Static, Dynamic & PAT (Port Address Translation)

AIM: To study of various router commands and Access Control lists

Software Requirements:
1. Cisco packet tracer
Theory:
a) Configure a router using router commands and Configure Routing Information
Protocol (RIP).
RIP (Routing Information Protocol) is one of the oldest distance vector routing
protocols. It is usually used on small networks because it is very simple to configure
and maintain, but lacks some advanced features of routing protocols like OSPF or
EIGRP. Two versions of the protocol exists: version 1 and version 2. Both versions
use hop count as a metric and have the administrative distance of 120. RIP version 2
is capable of advertising subnet masks and uses multicast to send routing updates,
while version 1 doesn’t advertise subnet masks and uses broadcast for updates.
Version 2 is backwards compatible with version 1. RIPv2 sends the entire routing
table every 30 seconds, which can consume a lot of bandwidth. RIPv2 uses multicast
address of 224.0.0.9 to send routing updates, supports authentication and triggered
updates (updates that are sent when a change in the network occurs).

OUTPUT:
RIP (PINGING FROM PC0 TO PC1):
C:\>ping 192.168.2.2
Pinging 192.168.2.2 with 32 bytes of data:
Reply from 192.168.2.2: bytes=32 time=11ms TTL=126
Reply from 192.168.2.2: bytes=32 time=12ms TTL=126
Reply from 192.168.2.2: bytes=32 time=13ms TTL=126
 Reply from 192.168.2.2: bytes=32 time=11ms TTL=126
Ping statistics for 192.168.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 13ms, Average = 11ms

b) Configure Access Control lists – Standard & Extended.

Access control list

ACLs are basically a set of commands, grouped together by a number or name that is used
to filter traffic entering or leaving an interface.

When activating an ACL on an interface, you must specify in which direction the traffic
should be filtered:
• Inbound (as the traffic comes into an interface)
• Outbound (before the traffic exits an interface)

Inbound ACLs: Incoming packets are processed before they are routed to an outbound
interface. An inbound ACL is efficient because it saves the overhead of routing lookups if
the packet will be discarded after it is denied by the filtering tests. If the packet is
permitted by the tests, it is processed for routing.

Outbound ACLs: Incoming packets are routed to the outbound interface and then processed
through the outbound ACL.

Universal fact about Access control list

1. ACLs come in two varieties : Numbered and named

2. Each of these references to ACLs supports two types of filtering: standard and extended.
3. Standard IP ACLs can filter only on the source IP address inside a packet.
4. Whereas an extended IP ACLs can filter on the source and destination IP addresses in the
packet.

5. There are two actions an ACL can take: permit or deny.

6. Statements are processed top-down.
7. Once a match is found, no further statements are processed—therefore, order is
important.
8. If no match is found, the imaginary implicit deny statement at the end of the ACL
drops the packet.
9. An ACL should have at least one permit statement; otherwise, all traffic will be dropped
because of the hidden implicit deny statement at the end of every ACL.

No matter what type of ACL you use, though, you can have only one ACL per protocol, per
interface, per direction. For example, you can have one IP ACL inbound on an interface
and another IP ACL outbound on an interface, but you cannot have two inbound IP ACLs
on the same interface.

Access List Ranges

Type Range
IP Standard 1–99
IP Extended 100–199
IP Standard Expanded Range 1300–1999
IP Extended Expanded Range 2000–2699

Standard ACLs
A standard IP ACL is simple; it filters based on source address only. You can filter a source
network or a source host, but you cannot filter based on the destination of a packet, the
particular protocol being used such as the Transmission Control Protocol (TCP) or the
User Datagram Protocol (UDP), or on the port number. You can permit or deny only
source traffic.
Extended ACLs:
An extended ACL gives you much more power than just a standard ACL. Extended IP
ACLs check both the source and destination packet addresses. They can also check for
specific protocols, port numbers, and other parameters, which allow administrators more
flexibility and control.

Named ACLs

One of the disadvantages of using IP standard and IP extended ACLs is that you reference
them by number, which is not too descriptive of its use. With a named ACL, this is not
the case because you can name your ACL with a descriptive name. The ACL named
Deny Mike is a lot more meaningful than an ACL simply numbered 1. There are both IP
standard and IP extended named ACLs.

Another advantage to named ACLs is that they allow you to remove individual lines out of
an ACL. With numbered ACLs, you cannot delete individual statements. Instead, you
will need to delete your existing access list and re-create the entire list.

Configuration Guidelines
• Order of statements is important: put the most restrictive statements at the top of the list
and the least restrictive at the bottom.
• ACL statements are processed top-down until a match is found, and then no more
statements in the list are processed.
• If no match is found in the ACL, the packet is dropped (implicit deny).
• Each ACL needs either a unique number or a unique name.
• The router cannot filter traffic that it, itself, originates.
• You can have only one IP ACL applied to an interface in each direction (inbound and
outbound)—you can't have two or more inbound or outbound ACLs applied to the same
interface. (Actually, you can have one ACL for each protocol, like IP and IPX, applied to
an interface in each direction.)
• Applying an empty ACL to an interface permits all traffic by default: in order for an ACL
to have an implicit deny statement, you need at least one actual permit or deny statement.
• Remember the numbers you can use for IP ACLs.Standard ACLs can use numbers
ranging 1–99 and 1300–1999, and extended ACLs can use 100–199 and 2000–2699.
• Wildcard mask is not a subnet mask. Like an IP address or a subnet mask, a wildcard
mask is composed of 32 bits when doing the conversion; subtract each byte in the subnet
mask from 255.

There are two special types of wildcard masks:

0.0.0.0 and 255.255.255.255

A 0.0.0.0 wildcard mask is called a host mask

255.255.255.255. If you enter this, the router will cover the address and mask to the
keyword any.

Placement of ACLs

Standard ACLs should be placed as close to the destination devices as possible. Extended
ACLs should be placed as close to the source devices as possible.
Standard access lists
Because a standard access list filters only traffic based on source traffic, all you need is the
IP address of the host or subnet you want to permit or deny. ACLs are created in global
configuration mode and then applied on an interface. The syntax for creating a standard
ACL is
access-list {1-99 | 1300-1999} {permit | deny} source-address [wildcard mask]

In this article we will configure standard access list. If you want read the feature and
characteristic of access list reads this previous article.
Consider the following network topology:

We want to allow traffic from the management LAN to the server S1. First, we need to write
an ACL to permit traffic from LAN 10.0.0.0/24 to S1. We can use the following command
on R1:

R1(config)#access-list 1 permit 10.0.0.0 0.0.0.255

The command above permits traffic from all IP addresses that begin with 10.0.0. We could
also target the specific host by using the host keyword:

R1(config)#access-list 1 permit host 10.0.0.1

The command above permits traffic only from the host with the IP address of 10.0.0.1.

Next, we will deny traffic from the Users LAN (11.0.0.0/24):

R1(config)#access-list 1 deny 11.0.0.0 0.0.0.255

Next, we need to apply the access list to an interface. It is recommended to place the
standard access lists as close to the destination as possible. In our case, this is
the Fa0/0 interface on R1. Since we want to evaluate all packets trying to exit out Fa0/0, we
will specify the outbound direction with the out keyword:

R1(config-if)#ip access-group 1 out

c) Network Address Translation: Static, Dynamic & PAT (Port Address Translation)

Types of NAT
There are three types of NAT; Static NAT, Dynamic NAT and PAT. These types define
how inside local IP address will be mapped with inside global IP address.

Static NAT
In this type we manually map each inside local IP address with inside global IP address.
Since this type uses one to one mapping we need exactly same number of IP address on
both sides.

Dynamic NAT
In this type we create a pool of inside global IP addresses and let the NAT device to map
inside local IP address with the available outside global IP address from the pool
automatically.

PAT
In this type a single inside global IP address is mapped with multiple inside local IP
addresses using the source port address. This is also known as PAT (Port Address
Translation) or NAT over load.

Situations where NAT is used

There are no hard and fast rules about where we should use NAT or where we should not
use the NAT. Whether we should use the NAT or not is purely depends on network
requirement for example NAT is the best solution in following situations: -

• Our network is built with private IP addresses and we want to connect it with internet. As
we know to connect with internet we require public IP address. In this situation we can
use NAT device which will map private IP address with public IP address.
• Two networks which are using same IP address scheme want to merge. In this situation
NAT device is used to avoid IP overlapping issue.
• We want to connect multiple computers with internet through the single public IP
address. In this situation NAT is used to map the multiple IP addresses with single IP
address through the port number.
How NAT Works
To understand how NAT works, let’s take one more example. In this example a user is
accessing a web server. User and Webserver both are connected through the NAT
devices. Both user and webserver are using private IP addresses which are not routable on
the internet. Now let’s understand how NAT makes this communication possible.

Configuring Static NAT

NAT can be performed both statically and dynamically. Static NAT simply maps one
private IP address to a single public IP address, and this is the flavor of NAT we are
discussing in this section.

A Cisco router performing NAT divides its universe into the inside and the outside.
Typically the inside is a private enterprise, and the outside is the public Internet. In addition
to the notion of inside and outside, a Cisco NAT router classifies addresses as
either local or global.

A local address is an address that is seen by devices on the inside, and a global address is an
address that is seen by devices on the outside. Given these four terms, an address may be
one of four types:

1. Inside local addresses are assigned to inside devices. These addresses are not
advertised to the outside.
2. Inside global are addresses by which inside devices are known to the outside.
3. Outside local are addresses by which outside devices are known to the inside.
4. Outside global addresses are assigned to outside devices. These addresses are not
advertised to the inside.

Let’s jump right into static NAT configuration on a Cisco router as shown in the Figure
below:
R1 is the router performing Network Address Translation (NAT) and has two interfaces:
Fa0/0 on the inside and Fa0/1 on the outside. The specific IP addresses involved are:

NAT Address Type IP Address

Inside local 192.168.1.2

Inside global 89.203.12.47

Outside local 202.14.35.28

Outside global 202.14.35.28

Table 1 NAT Addresses for Figure Above

You probably know very well how to configure IP addresses on router interfaces, so we skip
those configuration steps and move straight to the interesting stuff. First, we have to assign
Fa0/0 as NAT inside interface and Fa0/1 as NAT outside interface on R1. This would tell
the router that interesting traffic entering or exiting these two interfaces will be subject to
address translation.

R1#conf term
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface Fa0/0
R1(config-if)#ip nat inside
R1(config-if)#interface Fa0/1
R1(config-if)#ip nat outside
R1(config-if)#end
Now we would tell the router how to perform address translation and mention which IP
addresses (source or destination) to re-write in packets moving between the inside and
outside interfaces. Here we go:

R1(config)#ip nat inside source static 192.168.1.2 89.203.12.47

Here, we are telling the router to perform NAT on packets coming into the router on the
inside interface Fa0/0. More specifically the router would identify which of these packets
have a source IP address of 192.168.1.2 and would change it to 89.203.12.47 before
forwarding the packet out the outside interface Fa0/1. Similarly, return packets coming in at
outside interface Fa0/1 would undergo translation of destination IP address.

Let’s now verify if NAT is actually working as it is supposed to work. There are a couple of
very useful Cisco IOS commands that can be used to do just that. Command show ip nat
statistics displays the number of static and dynamic NAT translations, inside and outside
interfaces, and the number of hits and misses.

R1#show ip nat statistics

Total active translations: 1 (1 static, 0 dynamic; 0 extended)

Outside interfaces:
FastEthernet0/1
Inside interfaces:
FastEthernet0/0
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
Appl doors: 0
Normal doors: 0
Queued Packets: 0

Command show ip nat translations displays the IP addresses for NAT translations.

Result: Thus, understand the concept and operation of RIP and access control list and
pinged from PC in are networks to PC to another network.
 ASSGINMENT NO.2

Title: Using a Network Simulator (e.g. packet tracer) Configure Routing Protocols, a)
Configure EIGRP – Explore Neighbor-ship Requirements and Conditions, its K Values
Metrics Assignment and Calculation. b) OSPF – Explore Neighbor-ship Condition and
Requirement, Neighbor-ship states, OSPF Metric Cost Calculation. c) WLAN with static IP
addressing and DHCP with MAC security and filters.

AIM: To study of various Routing Protocols

Software Requirements:
1. Cisco packet tracer

Theory:
Enhanced Interior Gateway Routing Protocol (EIGRP Protocol) is an enhanced distance
vector routing protocol which Uses Diffused Update Algorithm (DUAL) to calculate the
shortest path. It is also considered as a Hybrid Routing Protocol because it has
characteristics of both Distance Vector and Link State Routing Protocols. EIGRP
supports classless routing and VLSM, route summarization, incremental updates, load
balancing and other features.

ROUTER0 CLI:
Router(config)#router eigrp 10
Router(config-router)#network 192.168.10.0 255.255.255.0
Router(config-router)#network 192.168.20.0 255.255.255.0
Router(config-router)#exit
ROUTER1 CLI:
Router(config)#router eigrp 10
Router(config-router)#network 192.168.20.0 255.255.255.0
%DUAL-5-NBRCHANGE: IP-EIGRP 10: Neighbor 192.168.20.1 (Serial0/1/0) is up: new
adjacency
Router(config-router)#network 192.168.30.0 255.255.255.0
Router(config-router)#exit
OUTPUT:
ROUTER0:
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, FastEthernet0/0
C 192.168.20.0/24 is directly connected, Serial0/3/0
D 192.168.30.0/24 [90/20514560] via 192.168.20.2, 00:04:51, Serial0/3/0

ROUTER1:
D 192.168.10.0/24 [90/20514560] via 192.168.20.1, 00:05:35, Serial0/1/0
C 192.168.20.0/24 is directly connected, Serial0/1/0
C 192.168.30.0/24 is directly connected, FastEthernet0/0

The OSPF routing protocol has largely replaced the older Routing Information Protocol
(RIP) in corporate networks. Using OSPF, a router that learns of a change to a routing
table (when it is reconfigured by network staff, for example) or detects a change in the
network immediately multicasts the information to all other OSPF hosts in the network so
they will all have the same routing table information. Unlike RIP, which requires routers
to send the entire routing table to neighbors every 30 seconds, OSPF sends only the part
that has changed and only when a change has taken place. When routes change --
sometimes due to equipment failure -- the time it takes OSPF routers to find a new path
between endpoints with no loops (which is called "open") and that minimizes the length
of the path is called the convergence time.
ROUTER0 CLI:
Router#en
Router#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#network 192.168.1.0 0.0.0.255 area 1
Router(config-router)#network 10.0.0.0 0.255.255.255 area 1
Router(config-router)#exit
00:19:21: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.1 on Serial0/0/0 from LOADING
to
FULL, Loading Done
ROUTER1 CLI:
Router(config)#router ospf 2
Router(config-router)#network 192.168.2.0 0.0.0.255 area 0
Router(config-router)#network 10.0.0.0 0.255.255.255 area 1
00:19:07: %OSPF-5-ADJCHG: Process 2, Nbr 192.168.1.1 on Serial0/0/0 from LOADING
to
FULL, Loading Done
Router(config-router)#network 11.0.0.0 0.255.255.255 area 2
Router(config-router)#exit
00:25:52: %OSPF-5-ADJCHG: Process 2, Nbr 192.168.3.1 on Serial0/0/1 from LOADING
to
FULL, Loading Done
ROUTER2 CLI:
Router>en
Router#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#network 192.168.3.0 0.0.0.255 area 2
Router(config-router)#network 11.0.0.0 0.255.255.255 area 2
00:25:19: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.1 on Serial0/0/0 from
LOADING to FULL, Loading Done
Router(config)#exit
OUTPUT:
ROUTER0:
Router>en
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 10.0.0.0/8 is directly connected, Serial0/0/0
O IA 11.0.0.0/8 [110/128] via 10.0.0.2, 00:04:43, Serial0/0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
O IA 192.168.2.0/24 [110/65] via 10.0.0.2, 00:07:42, Serial0/0/0
O IA 192.168.3.0/24 [110/129] via 10.0.0.2, 00:00:53, Serial0/0/0
ROUTER1:
C 10.0.0.0/8 is directly connected, Serial0/0/0
C 11.0.0.0/8 is directly connected, Serial0/0/1
O 192.168.1.0/24 [110/65] via 10.0.0.1, 00:04:50, Serial0/0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0
O 192.168.3.0/24 [110/65] via 11.0.0.2, 00:04:45, Serial0/0/1

ROUTER2:
O IA 10.0.0.0/8 [110/128] via 11.0.0.1, 00:06:55, Serial0/0/0
C 11.0.0.0/8 is directly connected, Serial0/0/0
O IA 192.168.1.0/24 [110/129] via 11.0.0.1, 00:06:45, Serial0/0/0
O IA 192.168.2.0/24 [110/65] via 11.0.0.1, 00:06:55, Serial0/0/0
C 192.168.3.0/24 is directly connected, FastEthernet0/0

Result: Thus, understand the concept and operation of EIGRP and OSPF. Obtained the
routing table and observe transfer data packets in real and simulation time.
 ASSGINMENT NO.3

Title: Socket Programming in C/C++ on Linux: TCP Client, TCP Server UDP Client, UDP
Server

AIM: To study Socket Programming by using TCP and UDP

Software Requirements:
1. Ubuntu/ fedora

Theory:

• Sockets are used for interprocess communication.

• Most of the interprocess communication follow a Client-Server
• Model, where client and server are two separate processes in itself.
• Server and Client exchange messages over the network through a common Socket API
Server Examples
• Web server (port 80)
• FTP server (20, 21)
• Telnet server (23)
• Mail server (25)

Client Examples
• Examples of client programs
– Web browsers, ftp, telnet, ssh
How does a client find the server?
• The IP address in the server socket address identifies the host
• The (well-known) port in the server socket address identifies the service, and thus
implicitly identifies the server process that performs that service.
Examples of well know ports
• Port 7: Echo server
• Port 23: Telnet server
• Port 25: Mail server
• Port 80: Web server
What is an API ?
API expands as Application Programming Interface.
A set of routines that an application uses to request and carry out lower-level services
performed by a computer's operating system.
What is a socket?
• An interface between application and network which is used for communication between
processes
• Once configured the application can pass data to the socket for network transmission

receive data from the socket (transmitted through the network by some other host)
• To the kernel, a socket is an endpoint of communication.
• To an application, a socket is a file descriptor that lets the application read/write from/to
the network.
• Clients and servers communicate with each by reading from and writing to socket
descriptors.
• Remember: All Unix I/O devices, including networks, are modeled as files.

Two essential types of sockets SOCK_STREAM

• TCP
• connection-oriented
• reliable delivery
• in-order guaranteed
• bidirectional

SOCK_DGRAM
• UDP
• no notion of ―connection‖ – app indicates dest. for each packet
• unreliable delivery
• no order guarantees
• can send or receive

Socket Primitives
socket()

The function socket() creates an endpoint for communication and returns a file descriptor for
the socket. socket() takes three arguments:

• domain, which specifies the protocol family of the created socket. For example:
o AF_INET for network protocol IPv4 or
o AF_INET6 for IPv6.
o AF_UNIX for local socket (using a file).
• type, one of:
o SOCK_STREAM (reliable stream-oriented service or Stream Sockets)
o SOCK_DGRAM (datagram service or Datagram Sockets)
o SOCK_SEQPACKET (reliable sequenced packet service), or
o SOCK_RAW (raw protocols atop the network layer).
• protocol specifying the actual transport protocol to use. The most common are
IPPROTO_TCP, IPPROTO_SCTP, IPPROTO_UDP, IPPROTO_DCCP. These protocols
are specified in file netinet/in.h. The value 0 may be used to select a default protocol from
the selected domain and type.

The function returns -1 if an error occurred. Otherwise, it returns an integer representing the
newly assigned descriptor.
Prototype:

• int socket(int domain, int type, int protocol)

bind()

bind() assigns a socket to an address. When a socket is created using socket(), it is only
given a protocol family, but not assigned an address. This association with an address
must be performed with the bind() system call before the socket can accept connections
to other hosts. bind() takes three arguments:

• sockfd, a descriptor representing the socket to perform the bind on.

• my_addr, a pointer to a sockaddr structure representing the address to bind to.
• addrlen, a socklen_t field specifying the size of the sockaddr structure.

Bind() returns 0 on success and -1 if an error occurs. Prototype:

• int bind(int sockfd, const struct sockaddr *my_addr, socklen_t addrlen);

listen()

After a socket has been associated with an address, listen() prepares it for incoming
connections. However, this is only necessary for the stream-oriented (connection-
oriented) data modes, i.e., for socket types (SOCK_STREAM, SOCK_SEQPACKET).
listen() requires two arguments:

• sockfd, a valid socket descriptor.

• backlog, an integer representing the number of pending connections that can be queued
up at any one time. The operating system usually places a cap on this value.

Once a connection is accepted, it is dequeued. On success, 0 is returned. If an error occurs, -

1 is returned.

Prototype:

• int listen(int sockfd, int backlog);

accept()

When an application is listening for stream-oriented connections from other hosts, it is

notified of such events (cf. select() function) and must initialize the connection using the
accept() function. The accept() function creates a new socket for each connection and
removes the connection from the listen queue. It takes the following arguments:

• sockfd, the descriptor of the listening socket that has the connection queued.
• cliaddr, a pointer to a sockaddr structure to receive the client's address information.

• addrlen, a pointer to a socklen_t location that specifies the size of the client address
structure passed to accept(). When accept() returns, this location indicates how many
bytes of the structure were actually used.

The accept() function returns the new socket descriptor for the accepted connection, or -1 if
an error occurs. All further communication with the remote host now occurs via this new
socket.

Datagram sockets do not require processing by accept() since the receiver may immediately
respond to the request using the listening socket.

Prototype:

• int accept(int sockfd, struct sockaddr *cliaddr, socklen_t *addrlen)

connect()

The connect() system call connects a socket, identified by its file descriptor, to a remote host
specified by that host's address in the argument list.

Certain types of sockets are connectionless, most commonly user datagram protocol sockets.
For these sockets, connect takes on a special meaning: the default target for sending and
receiving data gets set to the given address, allowing the use of functions such as send()
and recv() on connectionless sockets.
connect() returns an integer representing the error code: 0 represents success, while -1
represents an error. Historically, in the BSD-derived systems, the state of a socket
descriptor is undefined if the call to connect() fails (as it is specified in the Single Unix
Specification), thus, portable applications should close the socket descriptor immediately
and obtain a new descriptor with socket(), in the case the call to connect() fails.[3]

Prototype:

• int connect(int sockfd, const struct sockaddr *serv_addr, socklen_t addrlen)

gethostbyname() and gethostbyaddr()

The gethostbyname() and gethostbyaddr() functions are used to resolve host names and
addresses in the domain name system or the local host's other resolver mechanisms (e.g.,
/etc/hosts lookup). They return a pointer to an object of type struct hostent, which
describes an Internet Protocol host. The functions take the following arguments:

• name specifies the name of the host. For example: www.wikipedia.org

• addr specifies a pointer to a struct in_addr containing the address of the host.
• len specifies the length, in bytes, of addr.
• type specifies the address family type (e.g., AF_INET) of the host address.

The functions return a NULL pointer in case of error, in which case the external integer
h_errno
may be checked to see whether this is a temporary failure or an invalid or unknown host.
Otherwise a valid struct hostent * is returned.

These functions are not strictly a component of the BSD socket API, but are often used in
conjunction with the API functions. Furthermore, these functions are now considered
legacy interfaces for querying the domain name system. New functions that are
completely protocol- agnostic (supporting IPv6) have been defined. These new function
are getaddrinfo() and getnameinfo(), and are based on a new addrinfo data structure.
Prototypes:

• struct hostent *gethostbyname(const char *name)

• struct hostent *gethostbyaddr(const void *addr, int len, int type)

Socket programming with TCP

Socket programming with UDP

Conclusion: TCP & UDP socket programs are studied and executed.
 ASSGINMENT NO.4

Title: Introduction to server administration (server administration commands and their

applications) and configuration of below Server: (Study/Demonstration Only)
a) FTP b) Web Server

AIM: To study FTP and Web server.

Theory:
A server administrator or admin has the overall control of a server. This can be in the
context of a business organization, where often a server administrator oversees the
performance and condition of multiple servers in the business, or it can be in the context
of a single person running a game server. The admin for a server typically represents the
owners and financiers of the server. Alternatively, an owner can grant administrator
rights to a regular player (or clan member) on the server.
The Server Administrator's role is to design, install, administer, and optimize company
servers and related components to achieve high performance of the various business
applications supported by tuning the servers as necessary. This includes ensuring the
availability of client/server applications, configuring all new implementations, and
developing processes and procedures for ongoing management of the server environment.
Where applicable, the Server Administrator will assist in overseeing the physical security,
integrity and safety of the data center/server farm.

FTP:
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer
files from one host to another host over a TCP-based network, such as the Internet. FTP
is built on client-server architecture and uses separate control and data connections
between the client and the server. FTP is built on client-server architecture and uses
separate control and data connections between the client and the server. FTP users may
authenticate themselves using a clear-text sign-in protocol, normally in the form of a
username and password, but can connect anonymously if the server is configured to allow
it. For secure transmission that protects the

username and password, and encrypts the content, FTP is often secured with SSL/TLS
(FTPS). SSH File Transfer Protocol (SFTP) is sometimes also used instead, but is
 technologically different. The first FTP client applications were command-line
applications developed before operating systems had graphical user interfaces, and are
still shipped with most Windows, Unix, and Linux operating systems. Many FTP clients
and automation utilities have since been developed for desktops, servers, mobile devices,
and hardware, and FTP has been incorporated into productivity applications, such as Web
page editors.
History of FTP server: The original specification for the File Transfer Protocol was written
by Abhay Bhushan and published as RFC 114 on 16 April 1971. Until 1980, FTP ran on
NCP, the predecessor of TCP/IP. T he protocol was later replaced by a TCP/IP version,
RFC 765 (June 1980) and RFC 959 (October 1985), the current specification. Several
proposed standards amend RFC 959, for example RFC 2228 (June 1997) proposes
security extensions and RFC 2428 (September 1998) adds support for IPv6 and defines a
new type of passive mode.
Protocol overview:

i) Communication and data transfer: FTP may run in active or passive mode, which
determines how the data connection is established. In both cases, the client creates a TCP
control connection from a random unprivileged port N to the FTP server command port
21. In active modes, the client starts listening for incoming data connections on port N+1
from the server (the client sends the FTP command PORT N+1 to inform the server on
which port it is listening).
ii) Login: FTP login utilizes a normal username and password scheme for granting access.
The username is sent to the server using the USER command, and the password is sent
using the PASS command. If the information provided by the client is accepted by the
server, the server will send a greeting to the client and the session will commence. If the
server supports it, users may log in without providing login credentials, but the same
server may authorize only limited access for such sessions.
iii) Anonymous FTP: A host that provides an FTP service may provide anonymous FTP
access. Users typically log into the service with an 'anonymous' (lower-case and case-
sensitive in some FTP servers) account when prompted for user name. Although users are
commonly asked to send their email address instead of a password, no verification is
actually performed

on the supplied data. Many FTP hosts whose purpose is to provide software updates will
allow anonymous logins.
FTP Installation:

1. On the Start screen, move the pointer all the way to the lower left corner, right-click
the Start button, and then click Control Panel.
2. In Control Panel, click Programs and Features, and then click Turn Windows
features on or off.
3. Expand Internet Information Services, and then select FTP Server.

4. Click OK.
5. Click Close.

Web server:
A web server can be referred to as either the hardware (the computer) or the software (the
computer application) that helps to deliver content that can be accessed through the
Internet. A web server is what makes it possible to be able to access content like web
pages or other data from anywhere as long as it is connected to the internet.

Web server respond to the client request in either of the

following two ways:Sending the file to the client associated

with the requested URL.

Generating response by invoking a script and communicating with

database

How Web Servers Work The Basic Process Let's say that you are sitting at your computer,
surfing the Web, and you get a call from a friend who says, "I Just read a great article!
Type in this URL and check it out. It’s at http:/www.howstuffworks.com/webserver.htm."
So you type that URL into your browser and press return. And magically, no matter
where in the world that URL lives, the page pops up on your screen. At the most basic
level possible, the following diagram shows the steps that brought that page to your
screen:
Conclusion:

Thus we have performed the server administration tasks in the Network Laboratory in
which we have learned how to Install and maintain FTP Server and Client and web
server.
 Group B: Network Security

ASSGINMENT NO.5

Title: Implement a client and a server on different computers using python. Perform the
communication between these two entities by using RSA cryptosystem.

AIM: To study communication between these two entities by using RSA cryptosystem.

THEORY:

Public Key Algorithm:

Asymmetric algorithms rely on one key for encryption and a different but related
key for decryption. These algorithms have the following important characteristics:

 It is computationally infeasible to determine the decryption key given only

knowledge of the cryptographic algorithm and the encryption key.

In addition, some algorithms, such as RSA, also exhibit the following characteristics:

 Either of the two related keys can be used for encryption, with the other used for
decryption.
A public key encryption scheme has six ingredients:

 Plaintext: This is readable message or data that is fed into the algorithm as input.

 Encryption algorithm: The encryption algorithm performs various

transformations on the plaintext.

 Public and private key: This is a pair of keys that have been selected so that if
one is used for encryption, the other is used for decryption. The exact
transformations performed by the algorithm depend on the public or private key
that is provided as input.

 Ciphertext: This is the scrambled message produced as output. It depends on the

plaintext and the key. For a given message, two different keys will produce two
different ciphertexts.
 Decryption algorithm: This algorithm accepts the ciphertext and the matching
key and produces the original plaintext.

Bob’s
Public key
Ring

Joy Ted

Alice Private
Alice Key

Transmitted
ciphertext

Plaintext Plaint
Input Decryp ext
tion Outp
Encryp algorit ut
tion hm
algorit
hm

Figure: Public key cryptography

 The essential steps are as the following:
1. Each user generates a pair of keys to be used for the encryption and decryption of
messages.
2. Each user places one of the two keys in a public register or the other accessible
file. This is the public key. The companion key is kept private. As figure suggests,
each user maintains a collection of public keys obtained from others.
3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message
using Alice’s public key.
4. When Alice receives the message, the decrypts it using her private key. No other
recipient can decrypt the message because only Alice knows Alice’s private key.

The RSA Algorithm:

The scheme developed by Rivest, Shamir and Adleman makes use of an

expression with exponentials. Plaintext is encrypted in blocks, with each block having a
binary value less than some number n. That is the block size must be less than or equal to
log2 (n); in practice the block size is I bits, where 2i<n<=2i+1. Encryption and
decryption are of the following form, for some plaintext block M and ciphertext block C:
e
C = M mod n
M = Cd mod n = (Me)d mod n = Med mod n
Both sender and receiver must know the value of n. The sender knows the value
of e, and only the receiver knows the value of d. Thus, this is a public-key encryption
algorithm with a public key of PU = {e, n} and a private key of PR = {d, n}. For this
algorithm to be satisfactory for public key encryption, the following requirements must
meet:
1. It possible to find values of e, d, n such that Med mod n = M for all M<n.
2. It is relatively easy to calculate Me mod n and Cd mod n for all values of M<n.

3. It is feasible to determine d given e and n.

 Key Generation

Select p, q p and q both prime,

p≠q
Calculate n = p * q

Calculate Ø(n) = (p-1)(q-1)

Select integer e gcd(Ø(n),e) = 1; 1<e< Ø(n)

Calculate d d = e(-1) mod Ø(n)

Public key PU = {e, n}

Private key PR = {d, n}

Encryption

Plaintext M<n

Ciphertext C=Me mod n

Decryption

Ciphertext C

Plaintext M = Cd mod n

Figure: The RSA Algorithm

Example:

1. Select two prime numbers, p = 17 and q = 11.

2. Calculate n = pq = 17*11 = 187.
3. Calculate Ø(n) = (p-1)(q-1) = 16*10 = 160.
4. Select e such that relatively prime to Ø(n) = 160 and less than Ø(n); we choose e
= 7.
5. Determine d such that de ≡ 1 (mod 160) and d < 160. The correct value is d = 23,
because 23*7 = 161 = 10*160+1; d can be calculated using the extended Euclid’s
algorithm.

The resulting keys are public key PU = {7, 187} and private key PR = {23, 187}. The
example shows the use of these keys for plaintext input of M=88.
Advantages:

1. Easy to implement.

Disadvantages:

1. Any one can announce the public key.

Input:

 Two prime numbers p = 17 and q = 11.

 Select e = 7.
 Plaintext = 88.
Output:

 PU = 7, 187.
 PR = 23, 187.
 Cipher text = 11.

Algorithm:

1. Start
2. Input two prime numbers p and q.
3. Calculate n = pq.
4. Calculate Ø(n) = (p-1)(q-1).
5. Input value of e.
6. Determine d.
7. Determine PU and PR.
8. Take input plaintext.
9. Encrypt the plaintext and show the output.
10. Stop.

Conclusion: We have studied and implemented the public key algorithm that is RSAalgorithm.

Oral Question
1. RSA stands for?
2. What is role of extended Euclidean algorithm in RSA
3. What is modular arithmetic
4. What are attacks on RSA
 ASSGINMENT NO.6

Title: Implement a client and a server on different computers using python. Perform the authentication
of sender between these two entities by using RSA digital signature cryptosystem
AIM: To study communication between these two entities by using RSA digital signature
cryptosystem.

THEORY:

Digital signatures are based on public key cryptography, also known as asymmetric cryptography.
Using a public key algorithm such as RSA, one can generate two keys that are mathematically
linked: one private and one public. To create a digital signature, signing software (such as an email
program) creates a one-way hash of the electronic data to be signed. The private key is then used to
encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm
-- is the digital signature. The reason for encrypting the hash instead of the entire message or
document is that a hash function can convert an arbitrary input into a fixed length value, which is
usually much shorter. This saves time since hashing is much faster than signing. The value of the
hash is unique to the hashed data. Any change in the data, even changing or deleting a single
character, results in a different value. This attribute enables others to validate the integrity of the data
by using the signer's public key to decrypt the hash. If the decrypted hash matches a second
computed hash of the same data, it proves that the data hasn't changed since it was signed. If the two
hashes don't match, the data has either been tampered with in some way (integrity) or the signature
was created with a private key that doesn't correspond to the public key presented by the signer
(authentication).

A digital signature can be used with any kind of message -- whether it is encrypted or not -- simply
so the receiver can be sure of the sender's identity and that the message arrived intact. Digital
signatures make it difficult for the signer to deny having signed something (nonrepudiation) --
assuming their private key has not been compromised -- as the digital signature is unique to both the
document and the signer, and it binds them together. A digital certificate, an electronic document
that contains the digital signature of the certificate-issuing authority, binds together a public key with
an identity and can be used to verify a public key belongs to a particular person or entity. Most
modern email programs support the use of digital signatures and digital certificates, making it easy
to sign any outgoing emails and validate digitally signed incoming messages. Digital signatures are
also used extensively to provide proof of authenticity, data integrity and nonrepudiation of
communications and transactions conducted over the Internet.
ALGORITHM:
1. Choose a prime number q, which is called the prime divisor.
2. Choose another primer number p, such that p-1 mod q = 0. p is called the prime modulus.
3. Choose an integer g, such that 1 < g < p, g**q mod p = 1 and g = h**((p–1)/q) mod p. q
is also called g's multiplicative order modulo p.
4. Choose an integer, such that 0 < x < q.
5. Compute y as g**x mod p.
6. Package the public key as {p,q,g,y}, {p,q,g,x}.
7. Generate the message digest h, using a hash algorithm like SHA1.
8. Generate a random number k, such that 0 < k < q.
9. Compute r as (g**k mod p) mod q. If r = 0, select a different k.
10. Compute i, such that k*i mod q = 1. i is called the modular multiplicative inverse of
k modulo q.
11. Compute s = i*(h+r*x) mod q. If s = 0, select a different k.
12. Package the digital signature as {r,s}.
13. Generate the message digest h, using the same hash algorithm.
14. Compute w, such that s*w mod q = 1. w is called the modular multiplicative inverse
of s modulo q.
15. Compute u1 = h*w mod q. Compute u2 = r*w mod q.
16. Compute v = (((g**u1)*(y**u2)) mod p) mod q.
17. If v == r, the digital signature is valid.

RESULT:
Thus the program to implement Digital Signature was developed and executed successfully
Oral QUESTION:
1. What is a digital signature?
2. What does a digital signature look like?
3. What is an electronic document?
4. Does that mean that the authenticity of any electronic document can be verified by a
digital signature?
5. What is it like to actually sign an electronic document?
6. Can you actually see the signer's handwritten signature?
7. How do I get a digital signature certificate?
8. What is a certificate? What does it mean to "publish" a certificate?
9. How am I identified as the signer?
10. If my private key is stored on my computer, can't someone sign the documents without
my permission by getting access to the computer?
11. Can a digital signature be forged?
12. What are the responsibilities and the liability of a digital signature certificate subscriber?
13. What are the practical uses of a digital signature?
 ASSGINMENT NO.7

Title: Implement a client and a server on different computers using python. Perform the encryption of
message of sender between these two entities by using DES Algorithm and use Diffie Hellman
method for exchange of keys
AIM: To study the encryption of message of sender between these two entities by using DES
Algorithm and use Diffie Hellman method for exchange of keys

THEORY:
Data Encryption Standard (DES)
The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size is 64-
bit.
Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits of the
key are not used by the encryption algorithm (function as check bits only).
General Structure of DES is depicted in the following illustration

ALGORITHM:
1. Process the key.
i. Get a 64-bit key from the user.
ii. Calculate the key schedule.
1. Perform the following permutation on the 64-bit key. The parity bits are discarded, reducing the
key to 56 bits. Bit 1 of the permuted block is bit 57 of the original key, bit 2 is bit 49, and so on with
bit 56 being bit 4 of the original key.
2. Split the permuted key into two halves. The first 28 bits are called C[0] and the last 28 bits are
called D[0].
3. Calculate the 16 subkeys. Start with i = 1.
1. Perform one or two circular left shifts on both C[i-1] and D[i-1] to get C[i] and D[i], respectively.
The number of shifts per iteration are given in the table below.
Iteration # 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Left Shifts 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
2. Permute the concatenation C[i]D[i] as indicated below. This will yield K[i], which is 48 bits long.
3. Loop back to 1.ii.c.1 until K[16] has been calculated. 2 Process a 64-bit data block.
i. Get a 64-bit data block. If the block is shorter than 64 bits, it should be padded as appropriate for the
application.
ii. Perform the initial permutation on the data block.
iii. Split the block into two halves. The first 32 bits are called L[0], and the last 32 bits are called R[0].
iv. Apply the 16 subkeys to the data block. Start with i = 1.
a. Expand the 32-bit R[i-1] into 48 bits according to the bit-selection function Expansion (E)
b. Exclusive-or E(R[i-1]) with K[i].

c. Break E(R[i-1]) xor K[i] into eight 6-bit blocks. Bits 1-6 are B[1], bits 7-12 are B[2], and so on with
bits 43- 48 being B[8].
d. Substitute the values found in the S-boxes for all B[j]. Start with j = 1. All values in the S-boxes
should be considered 4 bits wide.
i. Take the 1st and 6th bits of B[j] together as a 2- bit value (call it m) indicating the row in S[j] to look
in for the substitution.
ii. Take the 2nd through 5th bits of B[j] together as a 4-bit value(call it n) indicating the column in S[j]
to find the substitution.
iii. Replace B[j] with S[j][m][n].
iv. Loop back to 2.iv.d.i until all 8 blocks have been replaced.
e. Permute the concatenation of B[1] through B[8]
f. Exclusive-or the resulting value with L[i-1]. Thus, all together, your
R[i] = L[i-1] xor P(S[1](B[1])...S[8](B[8])), where B[j] is a 6-
bit block of E(R[i-1])
xor K[i]. (The function for R[i] is written as, R[i] = L[i-1] xor f(R[i-1], K[i]).) g. L[i] = R[i-1].
h. Loop back to 2.iv.a until K[16] has been applied.
v. Perform the final permutation on the block R[16]L[16].
3. Decryption : Use the keys K[i] in reverse order. That is, instead of applying K[1]
4. for the first iteration, apply K[16], and then K[15] for the second, on down to K[1]
Diffie–Hellman key exchange (D–H) is a specific method of securely exchanging cryptographic keys
over a public channel and was one of the first public-key protocols. The Diffie– Hellman key
exchange method allows two parties that have no prior knowledge of each other to jointly establish a
shared secret key over an insecure channel. This key can then be used to encrypt subsequent
communications using a symmetric key cipher. This algorithm uses arithmetic modulus as the basis
of its calculation. Suppose Alice and Bob follow this key exchange procedure with Eve acting as a
man in middle interceptor (or the bad guy). Here are the calculation steps followed in this algorithm
that make sure that eve never gets to know the final keys through which actual encryption of data
takes place. First, both Alice and Bob agree upon a prime number and another number that has no
factor in common. Lets call the prime number as p and the other number as g. Note that g is also
known as the generator and p is known as prime modulus. Now, since eve is sitting in between and
listening to this communication so eve also gets to know p and g. Now, the modulus arithmetic says
that r = (g to the power x) mod p. So r will always produce an integer between 0 and p. The first
trick here is that given x (with g and p known)
, its very easy to find r. But given r (with g and p known) its difficult to deduce
x. One may argue that this is not that difficult to crack but what if the value of pis a very huge prime
number? Well, if this is the case then deducing x (if r is given) becomes almost next to impossible as
it would take thousands of years to crack this even with supercomputers. This is also called the
discrete logarithmic problem. Coming back to the communication, all the three Bob, Alice and eve
now know g and p. Now, Alice selects a random private number xa and

calculates (g to the power xa) mod p = ra. This resultant ra is sent on the communication channel to
Bob. Intercepting in between, eve also comes to know ra. Similarly Bob selects his own random
private number xb, calculates (g to the power xb) mod p = rb and sends this rb to Alice through the
same communication channel. Obviously eve also comes to know about rb. So eve now has
information about g, p, ra and rb. Now comes the heart of this algorithm. Alice calculates (rb to the
power xa) mod p = Final key which is equivalent to (g to the power (xa*xb) ) mod p. Similarly Bob
calculates (ra to the power xb) mod p = Final key which is again equivalent to (g to the power(xb *
xa)) mod p. So both Alice and Bob were able to calculate a common Final key without sharing each
others private random number and eve sitting in between will not be able to determine the Final key
as the private numbers were never transferred.

RESULT: Thus the program to implement Diffie-Hellman Key Exchange algorithm was developed and
executed successfully
VIVA QUESTIONS:
DES follows which basic stream cipher?
1. The DES Algorithm Cipher System consists of how many rounds (iterations) each with a round
key?
2. What is the key length of the DESalgorithm?
3. In the DES algorithm, although the key size is 64 bits only 48bits are used for the encryption
procedure, the rest are parity bits. Is it true or false?
4. In the DES algorithm, what is the size of the round key and the Round Input?
5. In the DES algorithm how the Round Input is expanded to 48 ?
6. What is size of the Initial Permutation table/matrix
7. How many unique substitution boxes are in DES after the 48 bit XOR operation?
8. In the DES algorithm the 64 bit key input is shortened to 56 bits by ignoring every 4th bit. Is it true
or false?

VIVA QUESTIONS :
1. What’s the difference between Diffie-Hellman and RSA?
2. Does Diffie Hellman guarantee secrecy?
3. Why is RSA preferred over Diffie-Hellman if they are both used to establish shared key?
4. Are there any one way operations that could be used for Diffie-Hellman post quantum?
5. Why is Diffie-Hellman required whenRSA is already used for key exchange in TLS?
6. What is Authenticated Diffie-Hellman Key Agreement?
7. How secure is ECDH if the public keys are never shared?
8. Which is better when the secret is leaked, RSA or Diffie-Hellman?
9. What role does RSA play in DH-RSA cipher suite?

10. Why is Diffie-Hellman used alongside public keys?

11. Is Diffie-Hellman key exchange based on one-way function or trapdoor function?
 ASSGINMENT NO.8

Title: Use the snort intrusion detection package to analyze traffic and create a signature to identify
problem traffic.
AIM: To study the snort intrusion detection package to analyze traffic and create a signature to identify
problem traffic.

Theory:

Snort 2.8 is installed on the FC12 snort-linux images on each machine.

The snort source tree is unpacked in Alice's home directory. The snort 2.8 user's manual is in the doc
directory of the source tree. In addition, I have several copies of the snort manual for use in the lab.
For full snort information, see http://snort.org.

Important Snort Files

• /var/log/snort – Snort log and alert files. You can use wireshark or tcpdump to look at the captured
packets in the log files. The alerts are in ascii.
• /etc/snort/snort.conf - Default configuration files. Controls the built in controls and loads the rule
files. Use this to tune the signatures you are scanning for.
• /home/alice/snort-orig.conf – Original version of the snort configuration file. Make a copy of this to
adjust how snort runs for you. Use the -c option of snort to pass in your personal copy of the snort
configuration file.
• /etc/snort/rules – Signature rule files.
Running Snort
You can run snort in several ways: as a sniffer, as an out-of-band NIDS, run from a file capture, or
inline.
Options to run as a sniffer:
• snort -v or snort -dv or snort -dve: Vary the amount of detail captures.
• Snort -dve -l ./log -h 192.168.100.0/24: Specify a log file and the home network. Default home
network can also be specified in snort.conf file.
Options to run as NIDS

• snort -dve -c /home/alice/my-snort.conf: Use default log, Run from the snort config file. Still capture
packets.
file ―captured-packets.pcap‖.
• snort –r captured-packets.pcap -c /home/alice/my-snort.conf
Run in inline mode. You won't be able to do this on the snort VMs. If you are really interested, we can
set up a machine to play with inline mode. First you need to set the device to run in transparent
bridge mode. See the script at http://www.cs.uiuc.edu/class/sp10/cs460/assignments/setbridge.sh for
the commands to set eth0 and eth1 into bridge mode.
Now we need to set the iptables to pass all packets to the queue to be processed by snort
• modprobe ip_queue – Load the kernel support for QUEUES. The QUEUE is a means to pass packets
from kernel to user space.
• iptables -I FORWARD -o br0 -j QUEUE No traffic will pass until we turn on snort
• snort -c /home/alice/my-snort.conf
The bridging commands were gleaned from the more general rc.firewall script distributed with the
honey net project (http://www.honeynet.org/tools/dcontrol/rc.firewall). This script also supports a L3
routed mode which they call NAT mode. The benefit of operating in a bridge or L2 mode is that you
can insert the snort box without adjusting your address distribution or routing logic. From the
honeynet perspective, it makes it harder for the attacker to notice that you might have an interception
point.

Hand in requirements
Review the rules and update the set of loaded rules in your copy of the snort.conf file. In your writeup
describe which rules you activated and why.
Run nmap through or past the snort box. Try using ftp to get some interesting system files. Describe
what if any alerts you get in these cases.
Use snort's ―-r‖ option to replay the logs in the /home/alice/logs directory: snort –r <packet file name>
-c /home/alice/my-snort.conf. For each log file do the following:
• Find the rules that caused the alerts. In some cases there will be many, many alerts, but there should
only be a few classes of alerts. For each file research five alerts that represent different classes of
attacks. If there are less than five classes of alerts in that file, research an instance from all classes of
alerts.
• In your write up describe the meaning of the alerts.
• Speculate on whether the alerts were due to real attacks or false positives. If you believe the alerts
were due to real malicious behavior, how would you address the problem?
• More details on the network where the logs were taken will be discussed in class and posted to the
newsgroup.
Write a signature that differentiates good and bad magic8 packets. Include an alert that is generated
from this signature. In your write up include the signature and your description of the signature. As
 the magic8 exploit writer, how would you adjust your attack to avoid this signature? Ultimately will
the attacker or defender win in a signature/exploit adjustment war?

Conclusion:
Thus the snort intrusion detection package to analyze traffic and create a signature to identify
problem traffic was understand successfully