LABORATORY MANUAL

Faculty Name : 1. Supriya Dubey Department: CSIT

2. Dr. Ashima Arya
Course Code: BCS-453

Course Name : Cyber Security Workshop Lab

Year/Sem : 2nd/4th Academic Year: 2024-25

Department of Computer Science &

Information Technology
 Cyber Security Workshop Lab (BCS-453)

Course Objective of Lab (BCS-453):

The Objective of this Lab is to make the students understands the Packet Analysis using
Wire shark and Web Application Security using DVWA..

Course Outcomes – Cyber Security Workshop Lab (BCS-453)

Cyber Security Workshop LAB (BCS-453)
Course Outcome ( COs) Blooms Level Knowledge Level
At the end of course, the student will be able to
Demonstrate various web application Proce
protocols used in data transmission by BL-3 dural
CO
capturing and analysing network
transmission.
Demponstrate principles of web security Procedural
monitoring and analyzing the nature of BL-3
CO
attacks through cyber/computer forensics
software/tools.

Recognize web application security Procedural

CO
vulnerabilities and demonstrate how to BL-3
determine if they are present in web
applications using cyber/computer forensics
software/tools.

Course Outcomes Mapping with PO

Programme Outcome (PO) PSO/ APO

CO No.
PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 PSO2

CO1 3 2 - 2 3 1 2 3 - - - 2 2 -

CO2 3 3 - 2 3 1 2 3 - - - 2 2 -

CO3 3 3 - 2 3 1 2 3 - - - 2 2 -

PO Target 3 3 - 2 3 1 2 3 - - - 2 2 -
 Department of Computer Science and Information Technology

LIST OF EXPERIMENTS

Expt. Description Corresponding

No. CO
1. Basic Packet Inspection: Capture network traffic using Wire
shark and analyze basic protocols like HTTP, DNS, and CO-1
SMTP to understand how data is transmitted and received.

2. Detecting Suspicious Activity: Analyze network traffic to

identify suspicious patterns, such as repeated connection CO-2
attempts or unusual communication between hosts.
Malware Traffic Analysis: Analyze captured traffic to
3.
identify signs of malware communication, such as CO-2
command-and-control traffic or data infiltration.
Password Sniffing: Simulate a scenario where a password is
4.
transmitted in plaintext. Use Wireshark to capture and
CO-2
analyze the packets to demonstrate the vulnerability and the
importance of encryption.
ARP Poisoning Attack: Set up an ARP poisoning attack
5. using tools like Ettercap. Analyze the captured packets to
CO-2
understand how the attack can lead to a Man-in-the-Middle
scenario.
SQL Injection: Use DVWA to practice SQL injection
6. CO-3
attacks. Demonstrate how an attacker can manipulate input
fields to extract, modify, or delete database information.
Cross-Site Scripting (XSS): Exploit XSS vulnerabilities in
7.
DVWA to inject malicious scripts into web pages. Show the
CO-3
potential impact of XSS attacks, such as stealing cookies or
defacing websites.
8. Cross-Site Request Forgery (CSRF): Set up a CSRF attack
in DVWA to demonstrate how attackers can manipulate CO-3
authenticated users into performing unintended actions.
File Inclusion Vulnerabilities: Explore remote and local file
9.
inclusion vulnerabilities in DVWA. Show how attackers
CO-3
can include malicious files on a server and execute arbitrary
code.
Brute-Force and Dictionary Attacks: Use DVWA to simulate
10.
login pages and demonstrate brute-force and dictionary
CO-3
attacks against weak passwords. Emphasize the importance
of strong password policies.
 Experiment Number < 1 >
1 Aim /
Objective / Basic Packet Inspection: Capture network traffic using Wire shark and analyze basic protocols like
problem HTTP, DNS, and SMTP to understand how data is transmitted and received
statement
expected
output
 Steps:

3 Procedure 1. Launch Wireshark and start packet capture, filtered on the traceroute source IP address
2. Run traceroute from the desired source host to the chosen destination IP
3. Stop the Wireshark capture after traceroute completes
4. Inspect and analyze the captured traceroute UDP probes and incoming ICMP responses

4 Viva 1. How would you setup wireshark to monitor packets passing through an internet router
questions
2. A user is unable to ping a system on the network. How can wireshark be used to solve the
problem.
3. Which wireshark filter can be used to monitor outgoing packets from a specific system on the
network.

5 External https://www.wireshark.org/
Link (if
any)
 Experiment Number < 2 >
1 Aim /
Objective / Detecting Suspicious Activity: Analyze network traffic to identify suspicious patterns,
problem such as repeated connection attempts or unusual communication between hosts.
statement
expected
output
 Steps:

3 Procedure Setting Up Wireshark:

1. Install Wireshark on your machine by visiting the official Wireshark website.

2. Choose the appropriate version for your operating system and follow the installation
instructions.

Capturing Network Traffic:

3. Launch Wireshark and select the network interface you want to capture traffic from.
4. Wireshark will display a live stream of network packets flowing through the selected
interface.
5. Remember to stop the capture when you’re done analyzing.

Filtering Network Traffic:

6. Wireshark provides powerful filtering capabilities. Use the pcap filter syntax to define
complex expressions.For example, to capture all HTTP traffic, use the filter: tcp.port == 80.

Analyzing Network Traffic:

7. Inspect every aspect of captured packets, including protocol headers and payload
contents.
8. Wireshark supports a wide range of protocols, each with its own dissectors for human-
readable information.
9. Look for patterns, anomalies, and signs of suspicious behavior.
 Detecting Suspicious Activity:

10. By analyzing packet payloads, communication protocols, and statistical indicators,

Wireshark can recognize patterns and trigger alerts when suspicious activity is detected.
11. Pay attention to command-and-control communications, unusual traffic patterns, and
unexpected connections.

4 Viva 1. How would you setup wireshark to monitor packets passing through an internet router
questions
2. A user is unable to ping a system on the network. How can wireshark be used to solve the
problem.
3. Which wireshark filter can be used to monitor outgoing packets from a specific system on the
network.

5 External https://www.wireshark.org/
Link (if
any)
 Experiment Number < 3 >
1 Aim /
Objective / Malware Traffic Analysis: Analyze captured traffic to identify signs of malware
problem communication, such as command-and-control traffic or data infiltration.
statement
expected
output
 1. Set up the environment

3 Procedure Before you start analyzing malware network traffic, you need to set up a safe and isolated
environment to run the malware sample. This can be done using a virtual machine, a
sandbox, or a dedicated device. You also need to configure your network settings to allow
Wireshark to capture the traffic from the malware host. You can use a bridged network, a
NAT network, or a proxy to do this.

2. Start Wireshark and capture traffic

Next, you need to launch Wireshark and start capturing the network traffic from the malware
host. You can choose the interface that corresponds to your network configuration, or use the
promiscuous mode to capture all traffic on the network. You can also apply filters to narrow
down the traffic to the malware host or the protocol you are interested in.

3Identify the malware traffic

Once you have captured some traffic, you need to identify the packets that belong to the
malware communication. This can be challenging, as malware often uses encryption,
obfuscation, or spoofing to evade detection. However, you can look for some clues, such as
unusual ports, domains, or patterns, that can indicate malicious activity. You can also
compare the traffic with a baseline of normal traffic from the same host or network.

4Analyze the malware protocol

After you have identified the malware traffic, you can analyze the malware protocol to
understand how the malware communicates with its servers, victims, or peers. You can use
Wireshark's built-in tools, such as dissectors, decoders, or statistics, to examine the structure,
content, and behavior of the protocol. You can also use external tools, such as hex editors,
encryption tools, or scripting languages, to decode, decrypt, or manipulate the protocol.

5. Extract the malware artifacts

Another useful step in analyzing malware network traffic is to extract the malware artifacts
from the captured packets. These can include files, commands, credentials, or indicators of
compromise, that can provide more information about the malware's functionality, purpose,
or origin. You can use Wireshark's export function, or other tools, such as NetworkMiner, to
extract the artifacts from the traffic.
4 Viva 1.Why is malware traffic analysis important in cybersecurity?
questions
2. What are some tools used for malware traffic analysis?

3. How can malware traffic analysis be used to improve antivirus protection?

5 External https://www.wireshark.org/
Link (if
any)
 Experiment Number < 1 >
1 Aim /
Objective / Basic Packet Inspection: Capture network traffic using Wire shark and analyze basic protocols like
problem HTTP, DNS, and SMTP to understand how data is transmitted and received
statement
expected
output
 Steps:

3 Procedure 6. Launch Wireshark and start packet capture, filtered on the traceroute source IP address
7. Run traceroute from the desired source host to the chosen destination IP
8. Stop the Wireshark capture after traceroute completes
9. Inspect and analyze the captured traceroute UDP probes and incoming ICMP responses

4 Viva 1. How would you setup wireshark to monitor packets passing through an internet router
questions
2. A user is unable to ping a system on the network. How can wireshark be used to solve the
problem.
3. Which wireshark filter can be used to monitor outgoing packets from a specific system on the
network.

5 External https://www.wireshark.org/
Link (if
any)
 Experiment Number < 2 >
1 Aim /
Objective / Detecting Suspicious Activity: Analyze network traffic to identify suspicious patterns,
problem such as repeated connection attempts or unusual communication between hosts.
statement
expected
output
 Steps:

3 Procedure Setting Up Wireshark:

12. Install Wireshark on your machine by visiting the official Wireshark website.
13. Choose the appropriate version for your operating system and follow the installation
instructions.

Capturing Network Traffic:

14. Launch Wireshark and select the network interface you want to capture traffic from.
15. Wireshark will display a live stream of network packets flowing through the selected
interface.
16. Remember to stop the capture when you’re done analyzing.

Filtering Network Traffic:

17. Wireshark provides powerful filtering capabilities. Use the pcap filter syntax to define
complex expressions.For example, to capture all HTTP traffic, use the filter: tcp.port == 80.

Analyzing Network Traffic:

18. Inspect every aspect of captured packets, including protocol headers and payload
contents.
19. Wireshark supports a wide range of protocols, each with its own dissectors for human-
readable information.
20. Look for patterns, anomalies, and signs of suspicious behavior.
 Detecting Suspicious Activity:

21. By analyzing packet payloads, communication protocols, and statistical indicators,

Wireshark can recognize patterns and trigger alerts when suspicious activity is detected.
22. Pay attention to command-and-control communications, unusual traffic patterns, and
unexpected connections.

4 Viva 1. How would you setup wireshark to monitor packets passing through an internet router
questions
2. A user is unable to ping a system on the network. How can wireshark be used to solve the
problem.
3. Which wireshark filter can be used to monitor outgoing packets from a specific system on the
network.

5 External https://www.wireshark.org/
Link (if
any)
 Experiment Number < 4 >
1 Aim /
Objective / Password Sniffing: Simulate a scenario where a password is transmitted in plaintext. Use
problem Wireshark to capture and analyze the packets to demonstrate the vulnerability and the
statement importance of encryption.
expected
output
 Step 1: Launch Wireshark on your preferred operating system; it comes preconfigured in
Linux OS but can be installed on Windows or macOS. Initiate the capturing process by
3 Procedure clicking on the start button in red.

Step 2: After clicking the start button to initiate capturing, open your preferred web browser
and attempt to log in

Step 3: After successfully logging in, return to Wireshark to view the captured data.

Step 4: Now, you need to apply a filter to search for your specific content. Input the desired
filter command into the search bar. For instance, in this case, we’ll use “http”.

Step 5: We employ the initial method and implement a filter for the GET method, as
illustrated below.http.request.method == “GET”

Step 7: Observe that there is a packet containing form data. Click on the packet with user
information and the application URL encoded.
4 Viva 1.Why is malware traffic analysis important in cybersecurity?
questions
2. What are some tools used for malware traffic analysis?
 3. How can malware traffic analysis be used to improve antivirus protection?

5 External https://www.wireshark.org/
Link (if
any)
 Department of Computer Science and Information Technology

Value Added Experiments (If applicable to the subject)

1. Installation of Wire shark, tcpdump, etc and observe data transferred in client
server communication using UDP/TCP and identify the UDP/TCP datagram.

2. Demonstrate intrusion detection system using any tool (snort or any other
s/w).

3. Demonstrate how to provide secure data storage, secure data transmission

and for creating digital signatures.
 Department of Computer Science and Information Technology

List of PBL

1. Keylogger

2. Break A Caesar Cipher

3. Packet Sniffing

4. Attempt Bug Bounties And Hackathons

5. Deepfake Detection Framework for Social Media

6. Ransomware Detection and Mitigation System

7. Steganography
 Department of Computer Science and Information Technology

Outcome of Lab

1. Students can design and simulate combinational circuits for encoders/decoders and
selection devices multiplexers/de-multiplexers using logic gates basic knowledge of SQL.

2. Students can design and simulate combinational circuits for binary arithmetic (such as
adders, subtractors, and multipliers ) and code converters

3. Students can design and simulate the basic building blocks of the sequential circuits
(i.e., SR and D FF) using logic gates.