EX.

NO:6(C)
MAN-IN-THEMIDDLE
DATE:

AIM :
To guide Man In The Middle Attack and resolved it.
INTRODUCTION :
A man-in-the-middle (MITM) attack is a malicious technique in which an attacker intercepts
and possibly alters the communication between two parties by positioning themselves
between them.
By exploiting vulnerabilities in the communication channel, the attacker gains unauthorized
access to sensitive information without the knowledge of the communicating parties.
Steps To Perform Advanced Man-in-the-Middle Attacks with Xerosploit
Step 1: Clone the official Xerosploit repository from Github using the git clone command.
git clone https://github.com/LionSec/xerosploit

Step 2: Change the directory to xerosploit using the cd command. and then install the
xerosploit.
sudo cd xerosploit
sudo python install.py
Step 3: Install it’s all dependencies using the following command:
sudo apt install nmap hping3 build-essential ruby-devlibpcap-dev libgmp3-dev

Step 4: Run the following command for setting up the terminaltables.

sudo pip3 tabulate terminaltables
Step 5: Run Xerpsploit.
sudo python3 xerosploit.py

Step 6: Use the commands for various purposes like scanning the network use the below
command.
Scan

Step 7: Select the target and run the module you want to execute.
EX.NO:8

DATE: INTRUSION DETECTION

AIM
To demonstrate Intrusion Detection System(IDS) using Snort software tool.

STEPS ON CONFIGURING AND INTRUSION DETECTION

1. Go to the official Snort website: http://www.snort.org/snort-downloads

2. Click on the download link for Snort for Windows.

3. Register or log in to download the latest version.
4. After downloading, double-click the Snort installer (.exe) to begin installation.

5. Choose the default directory (C:\Snort) during installation.

6. Download and install WinPcap from: https://www.winpcap.org/install/

7. Go to https://www.snort.org/snort-rules to download Snort rules (registration required).

8. Log in and download the Community or Subscriber rules package (in .tar.gz format).

9. Extract the downloaded rules archive using WinRAR or 7-Zip.

10. Open the extracted folder and locate the "rules" subfolder.
11. Copy all contents of the "rules" folder.
12. Paste the copied rules into the C:\Snort\rules folder.

13. Go back to the extracted rules archive and locate the "etc" folder.
14. Inside the "etc" folder, find the "snort.conf" file.

15. Copy the snort.conf file to the C:\Snort\etc folder.

16. Overwrite the existing snort.conf file if prompted.

17. Open snort.conf using Notepad or Notepad++.

18. Edit snort.conf to ensure rule paths and variable settings (e.g., include
$RULE_PATH/*.rules) are correct.

19. Save and close the snort.conf file after editing.

20. Open Command Prompt (cmd.exe) with administrator privileges.

21. Navigate to Snort’s bin directory using the command:

cd \Snort\bin

22. Check available network interfaces by typing:

snort -W
23. Start Snort in sniffer mode using the command:

snort -dev -i <interface_number>

(Replace <interface_number> with the correct one from step 22. For example: snort -dev -i3)
EX.NO:9

DATE: NETWORK MONITORING TOOLS

AIM
To achieve the network monitoring tools with the required function and softwares

INTROUDCTION:
Networks are the fundamentals behind businesses worldwide. It plays a pivotal role in
serving your employees for administrative purposes and your clients across the continents.
The networks help you keep information in a centralized location - accessible to those who
need and restrict every other inbound request. So how do you provide continuous top-notch
end user experience and maintain your rapidly evolving network? Only by monitoring the
availability, health, and performance of your networks over time with the help of reliable,
real-time network monitoring tools.

Requirements of a network monitoring tool

While selecting a network monitortool for your IT environment, it is important to weigh in
your current requirements and also your future needs because choosing the right one among
various tools for network monitoring is crucial. Some of the essential elements that a
network monitoring tool requires are:

 Real time monitoring

 Comprehensive monitoring capabilities
 scalability
 automation
 user management
Real time monitoring
Learning that your network is down from your end users is the nightmare that every IT admin
tries to avoid. The network monitoring application and its reporting tools must provide
performance insights into your network in real time. This helps you identify performance
hiccups early and avoid potential outages.
Comprehensive monitoring capabilities
Employing individual network monitoring tools for monitoring various network components
such as switches/routers, servers, virtual environment, HCI, applications, storage devices,
etc., and also employing network monitoring tools for Windows and Linux environments
separately is more trouble than help as the tools themselves require constant management,
additional resources, and there is also a certain learning curve associated with each network
monitoring tool. Therefore, the network performance monitoring tools should support
extensive monitoring in a single console.
Scalability
Network scalability is an important aspect to be considered when selecting enterprise network
monitoring tools. A network management tool or network monitoring software can be
called as scalable when it is more adaptable to the changing needs or demands of the business
or users. Scalability helps a network to stay in par with increased productivity, trends,
changing needs and new adaptations. Scalabiity ensures that the overall network performance
does not significantly degrade, even if the size of the network is increasing. Businesses also
need remote network monitoring tools for managing multiple geographical locations from
one console.
Automation
In network monitoring, automation helps network performance monitoring tools to react
based on threshold values or a set of framed rules/ criteria being met. With automation, the
monitoring network tools can automatically detect and troubleshoot problems (proactive
monitoring), send alert notifications, forecast storage growth, and much more. When you are
monitoring and managing multiple devices in your environment, automation comes in super
handy and saves you ample time and resources, making it an important usability aspect of
your network monitoring solutions.
User Management
User Management helps organizations ensure network security by providing access to the
designated users only. Apart from providing access to users with roles, the network
monitoring tool should also define the scope for users. This helps IT teams with multiple
staffs as it clearly defines their operational boundaries. Network monitoring tools with the
above features are excepetionally benefiting to your business.
Why is ManageEngineOpManager considered one of the best network monitor tools in the
market?
OpManager is a powerful network management and monitoring tool that monitors switches,
routers, servers, WLC, load balancers, VPN, printers, firewalls, VMs, Nutanix environments,
and anything that has an IP and connected to the network - in a single console.
1.top features
2.comprehensive monitoring capabilities
3.customer reviews

Comprehensive monitoring capabilities

Switch/Router monitoring
Network switches and routers form the backbone of any IT infrastructure. Any issue with
switch breaks the end user connectivity with the network. Using OpManager, you can
monitor switches, and routers from the likes of Cisco, Juniper, Aruba, ZTE, and many other
vendors for availability, health, and performance in real-time for 2,000+ parameters and
avoid possible network pitfalls. Apart from monitoring switches, OpManager maps switch
ports to devices and monitors the availability of the switch ports.
Network interface monitoring
Network interfaces are one of key performance indicators (KPI) as they help identify network
performance degradation at the earliest. OpManager, the best network monitoring tool,
monitors interfaces using SNMP and provides a single customizable dashboard to view and
analyze bandwidth performance and network traffic for your IT network. You can monitor
interfaces by checking the availability status of interfaces and monitor traffic speed on the
interface, errors, discards, etc. using OpManager.
WLC monitoring
OpManager's multi-vendor WLC monitoring module allows you to keep your network intact
by providing in-depth visibility of your wireless LAN controller (WLC), its associated
service set identifiers (SSIDs) and access points (APs). Cisco's WLC monitoring tool in
OpManager allows direct discovery of Cisco WLC and their associated SSIDs, APs and helps
you monitor the overall performance of your wireless network with the help of Cisco WLC
monitor. The WLC snapshot page provides inventory information, the device availability
status, and other similar information. In addition, knowing the top five access points based on
usage tells you who the top talkers are in your WLC environment, and custom dials display
information on various parameters, including CPU and memory usage.

VPN monitoring
Organizations allow connections into their networks through VPNs for their remote
workforce. These connections can sometimes be compromised, resulting in data theft or
network attacks. With a monitoring tool like OpManager, you can monitor your VPN by
tracking the number of active VPN sessions, VPN tunnel status, and VPN tunnels count in
real time, and also receive instant alerts on VPN connection regularities making your network
secure and keeping your remote productivity issues at bay.
Hybrid environment monitoring
Every organization's network has unique needs, so top-of-the-line networking technologies
are employed to address them. This helps networks deliver business services but also poses a
challenge with monitoring and managing the network. Using multiple network management
tools is not efficient and cost effective. With OpManager, apart from monitoring switches,
servers, etc., you can monitor VMware, Hyper-V, Hypervisors, Cisco UCS, Nutanix
infrastructures, and more, all within a unified console, making it the best network monitor.
Additionally, you can monitor your WAN with Cisco IP SLA using OpManager.

Mobile application
Access your OpManager's network monitoring and reporting anytime and anywhere using the
new ManageEngineOpManager mobile application. Available for both Android and iOS,
thislets you visualize your infrastructure, act on the alerts, drill-down to the root cause of the
problem without having to be physically present in your server room to resolve a fault!
OpManager makes your work easy
Apart from the above, OpManager, your comprehensive network monitoring solution
monitors Windows servers, Linux servers, storage devices, Windows services, processes and
scales upto 30,000 devices out of the box. This network software makes network monitoring
effortless with intelligent automations, ML-based forecasting, and extensive protocol support.

Here are some of OpManager'snetwork monitoring applications:

1. Storage capacity forecasting: With the help of ML-based forecasting techniques, this
network monitoring and reporting software pinpoints when the device storage will reach 80

percent, 90 percent, and 100 percent of the allocated storage, and helps with planning
purchase decisions.

2. Notification profiles: OpManager lets you notify network faults via Slack channels, trouble
tickets, emails, SMS, and web alarms if they are not acknowledged, so no alarm goes
unnoticed.

3. Alarm Escalation: Alarm escalation rules can be configured for mission-critical devices
such as application servers, so any fault pertaining to availability, health, and performance is
escalated to a higher authority via email or SMS based on user-defined criteria.

4. Support for multiple vendors: OpManager offers support for more than 53,000 vendor
templates, so you can efficiently manage your network devices from vendors such as Cisco,

Juniper, Fortigate, and many more. These templates can also be customized to address your
organization's unique needs.

5. Support for wide range of protocols: OpManager supports communication protocols such
as ICMP, and LAN management protocols such as SNMP, WMI, CLI, and more.
6. Discovery Rule Engine: Discovery Rule Engine automatically associates device templates

and rules to network devices as defined by the user, thereby automating routine tasks, and
saving valuable time and resources.

7. In-built troubleshooting tools: OpManager offers multiple tools such as Ping, SNMP Ping,
Proxy Ping, Traceroute, WMI Query Tool, CLI Query Tool, and more that aid in
troubleshooting network issues within OpManager.

8. Dashboards: OpManager provides intuitive dashboards that provide a 360-degree view of

your entire IT infrastructure on one screen, and makes fault identification easier.
9. Visualizations: Determine the availability of crucial services in multiple branch offices with
maps and business views. With OpManager, you can easily monitor remote locations visually,
and get alerted in real time before network services are disrupted.

10. Multi-level thresholds: OpManager offers multi-level thresholds with color codes, so you
can identify show-stopping network faults and promptly take action.
EX.NO:7

DATE: SNIFF TRAFFIC USING ARP POISONING

AIM:
To guide Sniff Traffic Using Arp Poisoning and resolved it.

Enter the command

ipconfig /all

You will get detailed information about all the network connections available on your
computer. The results shown below are for a broadband modem to show the MAC address
and IPv4 format and wireless network to show IPv6 format.

What is ARP Poisoning?

ARP is the acronym for Address Resolution Protocol. It is used to convert IP address to

physical addresses [MAC address] on a switch. The host sends an ARP broadcast on the
network, and the recipient computer responds with its physical address [MAC Address]. The
resolved IP/MAC address is then used to communicate. ARP poisoning is sending fake

MAC addresses to the switch so that it can associate the fake MAC addresses with the
IP address of a genuine computer on a network and hijack the traffic.

ARP Poisoning Countermeasures

Static ARP entries: these can be defined in the local ARP cache and the switch configured to
ignore all auto ARP reply packets. The disadvantage of this method is, it’s difficult to
maintain on large networks. IP/MAC address mapping has to be distributed to all the

computers on the network.

ARP poisoning detection software: these systems can be used to cross check the IP/MAC

address resolution and certify them if they are authenticated. Uncertified IP/MAC address
resolutions can then be blocked.

Operating System Security: this measure is dependent on the operating system been used.
The following are the basic techniques used by various operating systems.

Linux based: these work by ignoring unsolicited ARP reply packets.

Microsoft Windows: the ARP cache behavior can be configured via the registry.

The following list includes some of the software that can be used to protect
networks against sniffing;
AntiARP– provides protection against both passive and active sniffing

Agnitum Outpost Firewall–provides protection against passive sniffing

XArp– provides protection against both passive and active sniffing

Mac OS: ArpGuard can be used to provide protection. It protects against both
active and passive sniffing.

Hacking Activity: Configure ARP entries in Windows

We are using Windows 7 for this exercise, but the commands should be able to work on other

versions of windows as well.

Open the command prompt and enter the following command

arp –a
HERE,
aprcalls the ARP configure program located in Windows/System32 directory

-a is the parameter to display to contents of the ARP cache

You will get results similar to the following
Note: dynamic entries are added and deleted automatically when using TCP/IP sessions with
remote computers.

Static entries are added manually and are deleted when the computer is restarted, and the
network interface card restarted or other activities that affect it.

Adding static entries

Open the command prompt then use the ipconfig /all command to get the IP and MAC
Address

The MAC address is represented using the Physical Address and the IP address is
IPv4Address

Enter the following command

arp –s 192.168.1.38 60-36-DD-A6-C5-43
Note: The IP and MAC address will be different from the ones used here. This is because

they are unique.

Use the following command to view the ARP cache

arp –a
You will get the following results

Note the IP address has been resolved to the MAC address we provided and it is of a static
type.

Deleting an ARP cache entry

Use the following command to remove an entry

arp –d 192.168.1.38

P.S. ARP poisoning works by sending fake MAC addresses to the switch