UNITED INSTITUTE OF TECHNOLOGY (284)

NAINI, PRAYAGRAJ
(Affiliated to Dr. A.P.J Abdul Kalam Technical University, Lucknow)

CYBER SECURITY WORKSHOP LAB (BCS-453)

For

4th SEMESTER

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

(SESSION 2024-2025)

NAME:----------------------------------------------------------------------------

ROLL NO:-------------------------------------------------------------------------

BRANCH/SEM/SE:--------------------------------------------------------------
 Vision of the Department

To be a centre of excellence in the field of Computer Science and Engineering for

producing talented engineers to ethically serve constantly changing needs of society and
industry throughout their career and life.

Mission of the Department

M1. Accomplish excellence with committed faculty by providing theoretical
foundation and practical skills for solving complex engineering problems in the
state-of-the-art trends in Computer science and allied disciplines.

M2. To foster skills and competency, generating novel ideas, entrepreneurship and
model creations focused towards deep knowledge, interpersonal skills and
leadership.

M3. To develop habitude of research among faculty and students in the area of
Computer Science & Allied disciplines by providing the desired environment, for
addressing the needs of industry and society.

M4. To mould the students with ethical principles in thoughts, expression and deeds.
 General laboratory instructions
1. Students are advised to come to the laboratory at least 5 minutes before (to starting time),
those who come after 5 minutes will not be allowed into the lab.

2. Plan your task properly much before to the commencement, come prepared to the lab with
the synopsis/ program / experiment details.

3. Student should enter into the laboratory with: a. Laboratory observation notes with all the
details (Problem statement, Aim, Algorithm, Procedure, Program, Expected Output, etc.,)
filled in for the lab session. b. Laboratory Record updated up to the last session
experiments and other utensils (if any) needed in the lab. c. Proper Dress code and
Identity card.

4. Sign in the laboratory login register, write the TIME-IN, and occupy the computer system
allotted to you by the faculty.

5. Execute your task in the laboratory, and record the results / output in the lab observation
note book, and get certified by the concerned faculty.

6. All the students should be polite and cooperative with the laboratory staff, must maintain
the discipline and decency in the laboratory.

7. Computer labs are established with sophisticated and high end branded systems, which
should be utilized properly.

8. Students / Faculty must keep their mobile phones in SWITCHED OFF mode during the
lab sessions. Misuse of the equipment, misbehaviours with the staff and systems etc., will
attract severe punishment.

9. Students must take the permission of the faculty in case of any urgency to go out ; if
anybody found loitering outside the lab / class without permission during working hours
will be treated seriously and punished appropriately.

10. Students should LOG OFF/ SHUT DOWN the computer system before he/she leaves the
lab after completing the task (experiment) in all aspects. He/she must ensure the system / seat is
kept properly.
 INDEX

S.No List of Experiments Page Date Faculty Remarks

No. Sign
1. Introduction To IP address and Wireshark
2. . Basic Packet Inspection: Capture
network traffic using Wire shark and
analyze basic protocols like
HTTP, DNS, and SMTP to understand
how data is transmitted and received.
3. Detecting Suspicious Activity:
Analyze network traffic to identify
suspicious patterns, such as repeated
connection attempts or unusual
communication between hosts.
4. Malware Traffic Analysis: Analyze
captured traffic to identify signs of
malware communication, such as
command-and-control traffic or
data infiltration.
5. Password Sniffing: Simulate a scenario
where a password is transmitted in
plaintext. Use Wireshark to capture and
analyze the packets to demonstrate the
vulnerability and the importance of
encryption.
6. ARP Poisoning Attack: Set up an ARP
poisoning attack using tools like Ettercap.
Analyze the captured packets to understand
how the attack can lead to a Man-in-
theMiddle scenario.
7. SQL Injection: Use DVWA
to practice SQL injection
attacks. Demonstrate how
an attacker can manipulate
input fields to extract,
modify, or delete database
information.
8. Cross-Site Scripting (XSS): Exploit XSS
vulnerabilities in DVWA to inject
malicious scripts into web pages. Show
the potential impact of XSS attacks, such
as stealing cookies or defacing websites
9. Cross-Site Request Forgery (CSRF): Set
up a CSRF attack in DVWA to
 demonstrate how attackers can manipulate
authenticated users into performing
unintended actions
10. File Inclusion Vulnerabilities: Explore
remote and local file inclusion
vulnerabilities in DVWA. Show how
attackers can include malicious files on a
server and execute arbitrary code.
11. Brute-Force and Dictionary Attacks: Use
DVWA to simulate login pages and
demonstrate brute-force and dictionary
attacks against weak passwords. Emphasize
the importance of strong password policies.

Experiment No.-1
 Objective: Introduction to IP address and Wireshark

Apparatus Required:

Hardware Required Software Required

 32-bit Pentium or alike  Wireshark

 128MB RAM system memory  Search Engine (like Google, Bing,
 75MB available disk space Brave Search, etc.)
 Internet connectivity

Theory:
What is IP address?

An IP (Internet Protocol) address is a unique numerical identifier assigned to each

device connected to a computer network. It serves two primary purposes: network
interface identification and location addressing. It changes from network to
network. It has 5 classes from class A-E. Class A-D are available for the user
whereas class D (multicast) and class E (lab experiment) are reserved for specific
purpose.

Types of IP Addresses:

 Public IP Addresses: Routable on the Internet, unique globally.

 Private IP Addresses: Used within a private network, not directly accessible from the Internet.
 Static vs. Dynamic IP Addresses: Static IP addresses remain constant, while dynamic IP
addresses are assigned dynamically by a DHCP server.
Different Types of IP Addresses:

1. Classful IP Address: In the early days of the Internet, IP addresses were divided into five
classes: A, B, C, D, and E. Classes A, B, and C were commonly used for addressing hosts,
while classes D and E were reserved for multicast and experimental purposes, respectively.
Address Range:

 Class A: Addresses in Class A have their first bit set to 0, allowing for a range from 0.0.0.0 to
127.255.255.255. The first octet represents the network portion, and the remaining three
octets represent the host portion.
 Class B: Addresses in Class B have their first two bits set to 10, allowing for a range from
128.0.0.0 to 191.255.255.255. The first two octets represent the network portion, and the
remaining two octets represent the host portion.
 Class C: Addresses in Class C have their first three bits set to 110, allowing for a range from
192.0.0.0 to 223.255.255.255. The first three octets represent the network portion, and the
remaining octet represents the host portion.
2. Classless IP Address: CIDR allows for more flexible allocation of IP addresses by using
variable-length subnet masking (VLSM). Instead of rigidly defined address classes, CIDR
allows for the allocation of any contiguous range of IP addresses.

What is MAC address?

A MAC address, short for Media Access Control address, is a unique identifier assigned
to each device connected to a network. It is a 12-digit hexadecimal number,
typically displayed in a format like 00-00-00-00-00-00 or 00:00:00:00:00:00. The
MAC address is used to identify a device at the data link layer of the OSI model,
which is responsible for managing data transmission between devices on the same
network. It is fixed through the NIC (Network Interface Controller) card.

Here are some key points about MAC addresses:

Unique identifier: Each device has a unique MAC address, which distinguishes it from
other devices on the same network.

Assigned by the manufacturer: MAC addresses are typically assigned by the device’s
manufacturer during the manufacturing process.

Burned into the NIC: MAC addresses are stored in the device’s network interface
controller (NIC) and cannot be changed.

Used for network communication: MAC addresses are used to identify devices on a
network and facilitate communication between them.

Used for troubleshooting: MAC addresses can be used to troubleshoot network issues,
as they can help identify which device is causing a problem.

Used for security: MAC addresses can be used to restrict access to a network by only
allowing devices with specific MAC addresses to connect.

In summary, a MAC address is a unique identifier assigned to each device connected to

a network, used for network communication, troubleshooting, and security
purposes.

What is NIC card?

A NIC (network interface controller) card, also known as a network adaptor or network
interface card, is a circuit board that is installed on a computer to connect to the
network. An NIC card works as an indispensable component for the network
connection of computers, helping to better communication between data
communication equipment (DCE). NIC cards are commonly found in most
computers and some network servers. They contain electrical circuitry in line with
data link and physical layer standards, including a port to connect to the local area
network's (LAN) medium.

Each communicating device (node) on a LAN must have at least one NIC card.

Table 1.1: Machine Details

Parameter Name Value
 Your machine IP address 172.16.22.14/16

Your machine MAC address d8:97:ba:86:b7:7e

Default gateway MAC address 172.16.1.100

Website URL https://www.united.ac.in/uit/

Website IP address 127.0.0.53

What is Wireshark?

Wireshark is a network protocol analyzer used for capturing and analyzing network
traffic in real-time. It allows users to examine data from a live network or from a
previously captured file.

Features of Wireshark:

 Packet Capturing: Wireshark can capture packets from a wide range of network interfaces.
 Protocol Support: It supports hundreds of protocols, allowing detailed analysis of various
types of network traffic.
 Filtering and Search: Wireshark provides powerful filtering and search capabilities to
isolate and analyse specific packets.
 Graphical Visualization: It offers graphical representations of network traffic, making it
easier to understand complex data.
 Protocol Decoding: Wireshark can decode and display the contents of packets, providing
insights into the communication between network devices.
 Exporting Data: Captured data can be exported in various formats for further analysis or
reporting.

Result:
Understanding IP addresses, MAC addresses, NIC card and Wireshark for analyzing
network traffic and capturing packets in real time.

Precaution:
1. Safe browsing of Internet while surfing through various websites.
2. Treating lab equipment kindly and not breaking anything.
3. Enabling firewall protection and updating antivirus software as a safety measure against
unexpected attacks.
 Experiment No.-2

Objective: Basic Packet Inspection: Capture network traffic using Wire shark and
analyze basic protocols like HTTP, DNS, and SMTP to understand how data is
transmitted and received.

Apparatus Required:

Hardware Required Software Required

 32-bit Pentium or alike  Wireshark

 128MB RAM system memory
 75MB available disk space
 Internet connectivity

Theory:
What is Wireshark?

Wireshark is a network protocol analyzer used for capturing and analyzing network
traffic in real-time. It allows users to examine data from a live network or from a
previously captured file.

What is HTTP (Hypertext Transfer Protocol)?

HTTP is the foundation of data communication on the World Wide Web. It is an

application layer protocol that defines how clients (such as web browsers) request
resources, such as HTML files, from servers, and how servers respond with the
requested resources. HTTP operates over the TCP/IP protocol suite and typically
uses port 80 for communication. It is a stateless protocol, meaning each request
from the client is independent of previous requests, although stateful behavior can
be implemented using cookies and other mechanisms.

What is DNS (Domain Name System)?

DNS is a decentralized naming system for computers, services, or other resources

connected to the Internet or a private network. It translates domain names, which
are easy-to-remember alphanumeric names (e.g., www.example.com), into IP
addresses, which are numerical identifiers used by computers to communicate over
a network. DNS operates through a hierarchical distributed database system and
uses a client-server architecture. It plays a crucial role in the functioning of the
Internet by enabling users to access websites and other resources using human-
readable domain names.
What is SMTP (Simple Mail Transfer Protocol)?

SMTP is a protocol used for sending and receiving email messages over a network. It is
an application layer protocol that works in conjunction with other email protocols,
such as POP3 (Post Office Protocol) and IMAP (Internet Message Access Protocol),
to deliver email to its intended recipients. SMTP operates on TCP port 25 and
follows a client-server architecture. When an email is sent, SMTP is used to transfer
the message from the sender's email client or server to the recipient's email server.
SMTP is a text-based protocol that defines the format and rules for message
transmission, including addressing, message transfer, and error handling.

Observations:

Table 1.1: Observation Table

S.No Questions Result

.
1. Count the total number of 1
HTTP GET requests.

2. The first HTTP GET request conf.f.360.cn

was sent by the client to
access the
____________webpage.

3. What server software is nginx

running on the server
side?

4. How much time elapsed 0.306382 sec

between the first HTTP
GET request from the
client and the HTTP
response (OK) from the
server?

5. Identify the source and Source port: 49933

destination ports used to
transfer the first HTTP
GET request?
Destination port: 80

6. Identify the client and server Client: 192.1681.9

IP address in the first
HTTP GET request?
 Server:
180.163.222.151

7. Identify the client and server Client:

MAC address in the cc:47:40:84:67:8f
first HTTP GET
request?
Server:
04:20:84:ad:c4:2f

List of Screenshots:

Fig 1.1
Fig 1.2

Fig 1.3
Fig 1.4

Fig 1.5
 Fig 1.6

Fig 1.7

Result:
Understanding IP addresses, MAC addresses, NIC card and Wireshark for analyzing
network traffic and capturing packets in real time.

Precaution:
4. Safe browsing of Internet while surfing through various websites.
5. Treating lab equipment kindly and not breaking anything.
6. Enabling firewall protection and updating antivirus software as a safety measure against
unexpected attacks.
 EXPERIMENT 5

OBJECTIVE: Cracking Passwords By Capturing Network Traffic using

Wireshark
For Cracking Passwords By Capturing Network Traffic Open Wireshark, and from the

Capture menu click on Options.

From the Interface Options select the network interface that you want to monitor and
click Start. On your laptop you would be using your WiFi adapter or ethernet on a
VM.
Open Chrome and go to Altoro Mutual (testfire.net). This is a website designed to help

with cybersecurity exercises. Make sure to type http:// and not https:// .

Click on the Sign In and type admin/admin for username/password and click Login.

Chrome usually tries to save your credentials for this site. Hello Admin User page

confirms that you have successfully logged in.

Sign out of Testfire.net so Chrome does not cache your login. We will be logging to
Testfire.net again later. This screens confirms that you have successfully logged out.
Next switch to Wireshark which has been capturing all network activity between your
computer and the testfire site and click stop to end capture mode

As you see there are a lot of data (packets) captured. You need to set a filter to zoom in
on data (packets) of interest.

Set a filter to only show traffic related to the HTTP protocol.

Scroll down till you see the packet that fetches the login screen.

Next go to the packet that shows the login data that you sent to the server. Look for

packets that perform an HTTP POST.

Expand the ‘HTML Form URL Encoded’ section to reveal the login information used to

login to the testfire site.

Congrats you have demonstrated how by capturing network traffic you can crack the

user’s login/password for this site.

Now repeat the same set of steps except this time go to https://demo.testfire.net instead

and using the captured packets show that the protocol is more secure and that you are

no longer able to sniff out the username and password. Hint: Because the

communication between your computer and web server is now encrypted it is not

possible to it down and decipher it.

Nothing shows because https is encrypted

only encrypted packets