Ex.

No : 1(a) Data Encryption Standard (DES) Algorithm (User

Date : Message Encryption )

AIM:
To use Data Encryption Standard (DES) Algorithm for a practical application like User Message
Encryption.

ALGORITHM:
1. Create a DES Key.
2. Create a Cipher instance from Cipher class, specify the following information and separated by a
slash (/).
a. Algorithm name
b. Mode (optional)
c. Padding scheme (optional)
3. Convert String into Byte[] array format.
4. Make Cipher in encrypt mode, and encrypt it with Cipher.doFinal() method.
5. Make Cipher in decrypt mode, and decrypt it with Cipher.doFinal() method.

PROGRAM:

DES.java
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;

public class DES

{
public static void main(String[] argv) {

try{
System.out.println("Message Encryption Using DES Algorithm\n ------- ");
KeyGenerator keygenerator = KeyGenerator.getInstance("DES");
SecretKey myDesKey = keygenerator.generateKey();
Cipher desCipher;
desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
desCipher.init(Cipher.ENCRYPT_MODE, myDesKey);
byte[] text = "Secret Information ".getBytes();
System.out.println("Message [Byte Format] : " + text);
System.out.println("Message : " + new String(text));
byte[] textEncrypted = desCipher.doFinal(text);
System.out.println("Encrypted Message: " + textEncrypted);
desCipher.init(Cipher.DECRYPT_MODE, myDesKey);
byte[] textDecrypted = desCipher.doFinal(textEncrypted);

System.out.println("Decrypted Message: " + new String(textDecrypted));

211521205151 1 SOWMIYA B
 }catch(NoSuchAlgorithmException e){
e.printStackTrace();
}catch(NoSuchPaddingException e){
e.printStackTrace();
}catch(InvalidKeyException e){
e.printStackTrace();
}catch(IllegalBlockSizeException e){
e.printStackTrace();
}catch(BadPaddingException e){
e.printStackTrace();
}

}
}

OUTPUT:
Message Encryption Using DES Algorithm
Message [Byte Format] : [B@4dcbadb4
Message : Secret Information
Encrypted Message: [B@504bae78
Decrypted Message: Secret Information

RESULT:
Thus the java program for DES Algorithm has been implemented and the output verified successfully.

211521205151 2 SOWMIYA B
 Ex. No : 1(b) Advanced Encryption Standard (AES)
Date : Algorithm (URL Encryption)

AIM:
To use Advanced Encryption Standard (AES) Algorithm for a practical application like
URL Encryption.

ALGORITHM:
1. AES is based on a design principle known as a substitution–permutation.
2. AES does not use a Feistel network like DES, it uses variant of Rijndael.
3. It has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits.
4. AES operates on a 4 × 4 column-major order array of bytes, termed the state

PROGRAM:
AES.java
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

public class AES {

private static SecretKeySpec secretKey;

private static byte[] key;

public static void setKey(String myKey) {

MessageDigest sha = null;
try {
key = myKey.getBytes("UTF-8");
sha = MessageDigest.getInstance("SHA-1");
key = sha.digest(key);
key = Arrays.copyOf(key, 16);
secretKey = new SecretKeySpec(key, "AES");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
}

public static String encrypt(String strToEncrypt, String secret) {

try {
setKey(secret);
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");

211521205151 3 SOWMIYA B
 cipher.init(Cipher.ENCRYPT_MODE, secretKey);
return Base64.getEncoder().encodeToString(cipher.doFinal(strToEncrypt.getBytes("UTF-8")));
} catch (Exception e) {
System.out.println("Error while encrypting: " + e.toString());
}
return null;
}

public static String decrypt(String strToDecrypt, String secret) {

try {
setKey(secret);
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
return new String(cipher.doFinal(Base64.getDecoder().decode(strToDecrypt)));
} catch (Exception e) {
System.out.println("Error while decrypting: " + e.toString());
}
return null;
}

public static void main(String[] args) {

final String secretKey = "annaUniversity";

String originalString = "www.annauniv.edu";

String encryptedString = AES.encrypt(originalString, secretKey);
String decryptedString = AES.decrypt(encryptedString, secretKey);

System.out.println("URL Encryption Using AES Algorithm\n ------------");

System.out.println("Original URL : " + originalString);
System.out.println("Encrypted URL : " + encryptedString);
System.out.println("Decrypted URL : " + decryptedString);
}
}

OUTPUT:
URL Encryption Using AES Algorithm
Original URL : www.annauniv.edu
Encrypted URL : vibpFJW6Cvs5Y+L7t4N6YWWe07+JzS1d3CU2h3mEvEg=
Decrypted URL : www.annauniv.edu

RESULT:
Thus the java program for AES Algorithm has been implemented for URL Encryption and the output
verified successfully.

211521205151 4 SOWMIYA B
 Ex. No : 2(a) RSA Algorithm
Date :

AIM:
To implement RSA (Rivest–Shamir–Adleman) algorithm by using HTML and Javascript.

ALGORITHM:
1. Choose two prime number p and q
2. Compute the value of n and p
3. Find the value of e (public key)
4. Compute the value of d (private key) using gcd()
5. Do the encryption and decryption
a. Encryption is given as,
c = te mod n
b.Decryption is given as,
t = cd mod n

PROGRAM:
rsa.html
<html>

<head>
<title>RSA Encryption</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>

<body>
<center>
<h1>RSA Algorithm</h1>
<h2>Implemented Using HTML & Javascript</h2>
<hr>
<table>
<tr>
<td>Enter First Prime Number:</td>
<td><input type="number" value="53" id="p"></td>
</tr>
<tr>
<td>Enter Second Prime Number:</td>
<td><input type="number" value="59" id="q"></p>
</td>
</tr>
<tr>
<td>Enter the Message(cipher text):<br>[A=1, B=2,...]</td>
<td><input type="number" value="89" id="msg"></p>
</td>
</tr>
<tr>
<td>Public Key:</td>
<td>
<p id="publickey"></p>
</td>
211521205151 5 SOWMIYA B
 </tr>
<tr>
<td>Exponent:</td>
<td>
<p id="exponent"></p>
</td>
</tr>
<tr>
<td>Private Key:</td>
<td>
<p id="privatekey"></p>
</td>
</tr>
<tr>
<td>Cipher Text:</td>
<td>
<p id="ciphertext"></p>
</td>
</tr>
<tr>
<td><button onclick="RSA();">Apply RSA</button></td>
</tr>
</table>
</center>
</body>
<script type="text/javascript">
function RSA() {
var gcd, p, q, no, n, t, e, i, x;
gcd = function (a, b) { return (!b) ? a : gcd(b, a % b); };
p = document.getElementById('p').value;
q = document.getElementById('q').value;
no = document.getElementById('msg').value;
n = p * q;
t = (p - 1) * (q - 1);

for (e = 2; e < t; e++) {

if (gcd(e, t) == 1) {
break;
}
}

for (i = 0; i < 10; i++) {

x=1+i*t
if (x % e == 0) {
d = x / e;
break;
}
}

ctt = Math.pow(no, e).toFixed(0);

ct = ctt % n;

211521205151 6 SOWMIYA B
 dtt = Math.pow(ct, d).toFixed(0);
dt = dtt % n;

document.getElementById('publickey').innerHTML = n;
document.getElementById('exponent').innerHTML = e;
document.getElementById('privatekey').innerHTML = d;
document.getElementById('ciphertext').innerHTML = ct;
}
</script>
</html>

OUTPUT:

RESULT:
Thus the RSA algorithm has been implemented using HTML & CSS and the output has been verified
successfully.

211521205151 7 SOWMIYA B
 Ex. No : 2(b) Diffie-Hellman key exchange algorithm
Date :

AIM:
To implement the Diffie-Hellman Key Exchange algorithm for a given problem .

ALGORITHM:
1. Alice and Bob publicly agree to use a modulus p = 23 and base g = 5

(which is a primitive root modulo 23).

2. Alice chooses a secret integer a = 4, then sends Bob A = ga mod p

o A = 54 mod 23 = 4
3. Bob chooses a secret integer b = 3, then sends Alice B = gb mod p
o B = 53 mod 23 = 10
4. Alice computes s = Ba mod p
o s = 104 mod 23 = 18
5. Bob computes s = Ab mod p
o s = 43 mod 23 = 18
6. Alice and Bob now share a secret (the number 18).

PROGRAM:
DiffieHellman.java
class DiffieHellman {
public static void main(String args[]) {
int p = 23; /* publicly known (prime number) */
int g = 5; /* publicly known (primitive root) */
int x = 4; /* only Alice knows this secret */
int y = 3; /* only Bob knows this secret */
double aliceSends = (Math.pow(g, x)) % p;
double bobComputes = (Math.pow(aliceSends, y)) % p;
double bobSends = (Math.pow(g, y)) % p;
double aliceComputes = (Math.pow(bobSends, x)) % p;
double sharedSecret = (Math.pow(g, (x * y))) % p;
System.out.println("simulation of Diffie-Hellman key exchange algorithm\n-------------------------
");
System.out.println("Alice Sends : " + aliceSends);
System.out.println("Bob Computes : " + bobComputes);
System.out.println("Bob Sends : " + bobSends);
System.out.println("Alice Computes : " + aliceComputes);

System.out.println("Shared Secret : " + sharedSecret);

211521205151 8 SOWMIYA B
 /* shared secrets should match and equality is transitive */
if ((aliceComputes == sharedSecret) && (aliceComputes == bobComputes))
System.out.println("Success: Shared Secrets Matches! " + sharedSecret);
else
System.out.println("Error: Shared Secrets does not Match");
}
}

OUTPUT:
simulation of Diffie-Hellman key exchange algorithm
Alice Sends : 4.0
Bob Computes : 18.0
Bob Sends : 10.0
Alice Computes : 18.0
Shared Secret : 18.0
Success: Shared Secrets Matches! 18.0

RESULT:
Thus the Diffie-Hellman key exchange algorithm has been implemented using Java Program and the
output has been verified successfully.

211521205151 9 SOWMIYA B
 Ex. No : 3 Implement digital signature schemes
Date :

AIM:
To implement digital signature schemes.

ALGORITHM:
1. Create a KeyPairGenerator object.
2. Initialize the KeyPairGenerator object.
3. Generate the KeyPairGenerator. ...
4. Get the private key from the pair.
5. Create a signature object.
6. Initialize the Signature object.
7. Add data to the Signature object
8. Calculate the Signature

PROGRAM:

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Signature;
import java.util.Scanner;

public class CreatingDigitalSignature {

public static void main(String args[]) throws Exception {

Scanner sc = new Scanner(System.in);

System.out.println("Enter some text");
String msg = sc.nextLine();

KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("DSA");

keyPairGen.initialize(2048);

KeyPair pair = keyPairGen.generateKeyPair();

PrivateKey privKey = pair.getPrivate();

Signature sign = Signature.getInstance("SHA256withDSA");

sign.initSign(privKey);
byte[] bytes = "msg".getBytes();

sign.update(bytes);

byte[] signature = sign.sign();

System.out.println("Digital signature for given text: "+new String(signature, "UTF8"));

}
}
211521205151 10 SOWMIYA B
 OUTPUT:
Enter some text
Hi how are you
Digital signature for given text: 0=@gRD???-?.???? /yGL?i??a!?

RESULT:
Thus the Digital Signature Standard Signature Scheme has been implemented and the output has
been verified successfully.

211521205151 11 SOWMIYA B
 Ex. No : 4 Installation of Wire shark, tcpdump and observe data
Date : transferred in client-server

AIM:
To installation of Wire shark, tcpdump and observe data transferred in client-server communication using
UDP/TCP and identify the UDP/TCP datagram.
Installation of Wireshark:
Wireshark is an open-source packet analyzer, which is used for education, analysis,
software development, communication protocol development, and network
troubleshooting.
It is used to track the packets so that each one is filtered to meet our specific needs. It is
commonly called as a sniffer, network protocol analyzer, and network analyser.

(Download Page of Wireshark)

211521205151 12 SOWMIYA B
 Starting Wireshark:
Then, you need to choose an interface. If you are running the Wireshark on your laptop, you need to select WiFi
interface. If you are at a desktop, you need to select the Ethernet interface being used. Note that there could be
multiple interfaces. In general, you can select any interface but that does not mean that traffic will flow
through that interface.

Capture Interfaces in Wireshark

Capturing Packets in Wireshark

211521205151 13 SOWMIYA B
 (Wireshark Graphical User Interface on Microsoft Windows)

Do the following steps:

1. Start up the Wireshark program (select an interface and press start to capture packets).
2. Start up your favorite browser (ceweasel in Kali Linux).
3. In your browser, go to Wayne State homepage by typing www.wayne.edu.
4. After your browser has displayed the http://www.wayne.edu page, stop Wireshark packet
capture by selecting stop in the Wireshark capture window. This will cause the Wireshark
capture window to disappear and the main Wireshark window to display all

packets captured since you began packet capture see image below:

211521205151 14 SOWMIYA B
 5. Color Coding: You‘ll probably see packets highlighted in green, blue, and black.
Wireshark uses colors to help you identify the types of traffic at a glance. By default,
green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black
identifies TCP packets with problems — for example, they could have been delivered
out-of-order.
6. You now have live packet data that contains all protocol messages exchanged between
your computer and other network entities! However, as you will notice the HTTP
messages are not clearly shown because there are many other packets included in the
packet capture. Even though the only action you took was to open your browser, there are
many other programs in your computer that communicate via the network in thebackground.
To filter the connections to the ones we want to focus on, we have to use the filtering
functionality of Wireshark by typing ―http‖ in the filtering field as shown below:
Notice that we now view only the packets that are of protocol HTTP. However, we also still do
not have the exact communication we want to focus on because using HTTP as a filter is not
descriptive enough to allow us to find our connection to http://www.wayne.edu. We need to be
more precise if we want to capture the correct set of packets.
7. To further filter packets in Wireshark, we need to use a more precise filter. By setting the http.host
www.wayne.edu, we are restricting the view to packets that have as an http host the
www.wayne.edu website.
Notice that we need two equal signs to perform the match not just one. See the screenshot below:

211521205151 15 SOWMIYA B
 8. Now, we can try another protocol. Let‘s use Domain Name System (DNS) protocol as an
example here.

211521205151 16 SOWMIYA B
 9. Let‘s try now to find out what are those packets contain by following of the
conversations (also called network flows), select one of the packets and press the right
mouse button (if you are on a Mac use the command button and click), you should see
something similar to the screen below:

Click on Follow UDP Stream, and then you will see following screen.

211521205151 17 SOWMIYA B
 10. If we close this window and change the filter back to ―http.hos ww.wayne.edu‖ and then follow a
packetfrom the list of packets that match that filter, we should get the something similar to the following
screens. Note that we click on Follow TCP Stream this time

Result:

Installation of Wire shark, tcpdump and observe data transferred in client-server communication using
UDP/TCP and identify the UDP/TCP datagram.

211521205151 18 SOWMIYA B
 Ex. No : 5 Check message integrity and confidentiality using SSL
Date :

Aim:

To SSL Session in Details

Handshaking - Ciphersuit Negotiation

Client sends a plaintext Client_Hello message and suggests some cryptographic parameters

(collectively called ciphersuit) to be used for their communication session. The Client_Hello

message also contains a 32-byte random number denoted as client_random. For example,

Client_Hello:

Protocol Version: TLSv1 if you can, else SSLv3.

Key Exchange: RSA if you can, else Diffe-Hellman.

Secret Key Cipher Method: 3DES if you can, else DES.

Message Digest: SHA-1 if you can, else MD5.

Data Compression Method: PKZip if you can, else gzip.

Client Random Number: 32 bytes.

Server responds with a plaintext Server_Helllo to state the ciphersuit of choice (server

decides on

the ciphersuit). The message also contains a 32-byte random number denoted as

server_random.

For example,

Server_Hello:

Protocol Version: TLSv1.

Key Exchange: RSA.

Secret Key Cipher Method: DES.

Message Digest: SHA-1.

211521205151 19 SOWMIYA B
 Data Compression Method: PKZip.

Server Random Number: 32 bytes.

Step 1: Using wireshark first capture the data using local area connection filter.Step 2: Use

tlsv1.3 filter to get the encaps listed in tcp.

Result:

Thus the confidentiality and Integrity using SSL was verified.

211521205151 20 SOWMIYA B
 Ex. No : 6 Experiment Eavesdropping, Dictionary
Date : attacks, MITM attacks

Aim :
To experiment eavesdropping, Dictionary attacks, MIMT attacks

Types of password breaking

Dictionary attack

A simple dictionary attack is usually the fastest way to break into a machine. A dictionary
file (a text file full of dictionary words) is loaded into a cracking application, which is run
against user accounts located by the application .

Brute force attack

A brute force attack is a very powerful form of attack, though it may often take a long time to
work depending on the complexity of the password. The program will begin trying any and
every combination of numbers and letters and running them against the hashed passwords

Passwords that are composed of random letters numbers and characters are most vulnerableto
this type of attack.

Hybrid attack
Another well-known form of attack is the hybrid attack. A hybrid attack will add numbers or
symbols to the search words to successfully crack a password. Many people change their
passwords by simply adding a number to the end of their current password. Therefore, this
type of attack is the most versatile, while it takes longer then a standard dictionary attack it
does not take as long as a brute force attack

211521205151 21 SOWMIYA B
 Task 1 – Microsoft Office Password Recovery
Many applications require you to establish an ID and password that may be saved and
automatically substituted for future authentication. The password will usually appear on the
screen as a series of asterisks. This is fine as long as your system remembers the password for
you but what if it "forgets" or you need it for use on another system. Fortunately, many utilities
have been written to recover such passwords. In this task, you will use OfficeKey to recover the
password for a MS word document.

Step 1: Find the folder ―Lab1‖ on your desktop, and open it.

You will find OfficeKey and a MS document in the folder.

Step 2: Open the Office Key – Password Recovery tool

Step 3: Press the ―Recover‖ button in the upper left corner, or select File Recover

Step 4: Choose the password protected MS Office File you have saved to the Desktop.

Step 5: After running the first password auditing session, check to see if Office key has cracked
the password. If the password has not been cracked press the Settings button on the
upper tool bar.

211521205151 22 SOWMIYA B
 Step 6: Once in the Settings menu you will be able to modify the search parameters and
customize a more targeted search

Step 7: Repeat steps 3 and 4 until the password has been cracked and opens the MS Office File.

Step 8:Write down the contents of the MS word document and the password into your lab report
and submit it to your TA.

211521205151 23 SOWMIYA B
 Task 2 – Password Auditing (Windows platform):
revealing the passwords is simply a mater of CPU time and dictionary size

1. You obtain a dictionary file, which is no more than a flat file (plain text) list of words
(commonly referred to as wordlists).
2. These words are fed through any number of programs that encrypt each word. Such
encryption conforms to the DES standard.
3. Each resulting encrypted word is compared with the target password. If a match
occurs, there is better than a 90 percent chance that the password was cracked.

Step 1: Go to Lab1 folder, and open LC4 to audit the passwords on your Windows system.

Select File New Session

Select Import Import from PWDUMP File (in the same folder)
Select the ―Passwords‖ file that has been provided to you.

211521205151 24 SOWMIYA B
 Kmiller Ken Miller is an avid fly fisher and his record number of catches is
just under 30
Smacman Steven MacMan has a fiancé who‘s name is 4 letters long and starts
with a ―K‖
Gkoch Gina Koch grew up with her German grandmother, who used to call

her ‗Little Precious‘ *

Mjones Matt Jones was born in 1979. He compares himself to a

Shakespearean character who was born via C section
Tgriffin Tim Griffin loves funky ‗70‘s and ‗80s music. And songs about
‗Love‘
Rklatt Ryan Klatt is a big Star Trek fan and has most likely chosen an
obscure reference for his password *
Nboyle Nancy Boyle is an a fan of the books of British writer Douglas Adams
Esmith Edward Smith was very close to his grandfather who died in 1968.
We know his grandfather‘s name was a less common name starting
with ‗L‘
Jcollins Jim Collins keeps a copy of the book ―The Prince‖ *
Hharris Alan Harris has a wife named Sue and a daughter named Megan
Alan was married on May 3rd. His daughter was born on August 6th

Step 2: Select Session Session Options

Use this menu to customize your password search. Here you can add different word list
for Dictionary attacks, change Hybrid attack features. Keep in mind you are working
with a short dead line and more in depth searches will take longer then you have. You
must use the information given to you to target your search most specifically at more
likely passwords.

211521205151 25 SOWMIYA B
 Step 3: Select Session Begin ―Audit‖ or Press the blue play button on the upper toolbar to start
the password search.

Step 4: After the first search has run check your progress. Have some of the passwords been cracked
all the way though or have some only been partially cracked. Use what you‘ve learned from
this first search to target your next few searches. You will need to search the internet and
use the information you have been given about each user to find words they may have used
as their password.

Note: The question marks in the partially cracked passwords do not necessarily represent the
number of remaining undiscovered characters.

Step 5: Add words to your wordlist

Session Session Options

Press the ‗Dictionary List‘ button in the Dictionary crack section. Here you can edit your
current word list and add words by selecting the ‗EDIT‘ button and entering each wordon
a new line. You can also add multiple dictionaries and wordlist.

211521205151 26 SOWMIYA B
 Step 6: You may chose to conduct dictionary attacks with other wordlists. You can find
additional wordlist to use here: ftp://ftp.cerias.purdue.edu/pub/dict

Step 7: Continue searching for possible passwords during the remainder of the lab. Repeatingsteps 3
and 4 each time you modify your search.

Step 8: Once you have cracked all the passwords in the file, write them down in your lab reportor
once the lab time has ended, submit the passwords you were able to crack.

Result :
Thus the experiment for Eavesdropping, Dictionary attacks, MITM attacks was done succefully.

211521205151 27 SOWMIYA B
 Ex. No : 7 Experiment with Sniff Traffic using ARP
Date : Poisoning

AIM:

To Perform an Experiment to Sniff Traffic using ARP Poisoning.

Computers communicate by broadcasting messages on a network using IP addresses. Once a

message has been sent on a network, the recipient computer with the matching IP address

responds with its MAC address.

Network sniffing is the process of intercepting data packets sent over a network. This can be

done by the specialized software program or hardware equipment. Sniffing can be used to;

• Capture sensitive data such as login credentials

• Eavesdrop on chat messages

• Capture files have been transmitted over a networkThe following are protocols that

are vulnerable to sniffing

• Telnet

• Rlogin

• HTTP

• SMTP

• NNTP

• POP

• FTP

• IMAP

211521205151 28 SOWMIYA B
 Passive and Active Sniffing

Before we look at passive and active sniffing, let‘s look at two major devices used to network

computers; hubs and switches.

A hub works by sending broadcast messages to all output ports on it except the one that has

sent the broadcast. The recipient computer responds to the broadcast message if the IP address

matches. This means when using a hub, all the computers on a network can see the broadcast message.

It operates at the physical layer (layer 1) of the OSI Model.

Passive sniffing is intercepting packages transmitted over a network that uses a hub. It is

Called passive sniffing because it is difficult to detect. It is also easy to perform as the hub sends

Download Wireshark from this link http://www.wireshark.org/download.html

• Open Wireshark

• You will get the following screen

211521205151 29 SOWMIYA B
 Select the network interface you want to sniff. Note for this demonstration, we are using a
wireless network connection. If you are on a local area network, then you should select the
local area network interface.

• Click on start button as shown above

Open your web browser and type in http://www.techpanda.org/

• The login email is admin@google.com and the password is Password2010

• Click on submit button

• A successful logon should give you the following dashboard

211521205151 30 SOWMIYA B
 • Go back to Wireshark and stop the live capture

• Filter for HTTP protocol results only using the filter textbox

211521205151 31 SOWMIYA B
 • Locate the Info column and look for entries with the HTTP verb POST and click on it

• Just below the log entries, there is a panel with a summary of captured data. Look for

the summary that says Line-based text data: application/x-www-form-url encoded

• You should be able to view the plaintext values of all the POST variables submitted to

the server via HTTP protocol.

Result:

Thus the experiment to Sniff Traffic using ARP Poisoning was performed.

211521205151 32 SOWMIYA B
 Ex. No : 8 Demonstrate intrusion detection system
Date : using any tool

AIM:

To demonstrate Intrusion Detection System (IDS) using Snort software tool.

STEPS ON CONFIGURING AND INTRUSION DETECTION:

1. Download Snort from the Snort.org website. (http://www.snort.org/snort-downloads)

2. Download Rules(https://www.snort.org/snort-rules). You must register to get the rules. (You should
download these often)
3. Double click on the .exe to install snort. This will install snort in the ―C:\Snort‖ folder.It is
important to have WinPcap (https://www.winpcap.org/install/) installed
4. Extract the Rules file. You will need WinRAR for the .gz file.
5. Copy all files from the ―rules‖ folder of the extracted folder. Now paste the rules into
“C:\Snort\rules” folder.
6. Copy ―snort.conf‖ file from the ―etc‖ folder of the extracted folder. You must paste it into ―C:\
Snort\etc‖ folder. Overwrite any existing file. Remember if you modify your snort.conf file
and download a new file, you must modify it for Snort to work.
7. Open a command prompt (cmd.exe) and navigate to folder ―C:\Snort\bin‖ folder. ( at the Prompt,
type cd\snort\bin)
8. To start (execute) snort in sniffer mode use following command:
snort -dev -i 3
-i indicates the interface number. You must pick the correct interface number. In my case, it is 3.
-dev is used to run snort to capture packets on your network.

To check the interface list, use following command:

snort -W

211521205151 33 SOWMIYA B
 Finding an interface

Example:

example snort
Change the RULE_PATH variable to the path of rules folder.
var RULE_PATH c:\snort\rules

path to rules
Change the path of all library files with the name and path on your system. and you must change the
path of snort_dynamicpreprocessorvariable.
C:\Snort\lib\snort_dynamiccpreprocessor
You need to do this to all library files in the ―C:\Snort\lib‖ folder. The old path might be:
―/usr/local/lib/…‖. you will need to replace that path with your system path. Using C:\Snort\lib
Change the path of the ―dynamicengine‖ variable value in the ―snort.conf‖ file..

211521205151 34 SOWMIYA B
 Example:
dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll

Add the paths for ―include classification.config‖ and ―include reference.config‖ files.
include c:\snort\etc\classification.config
include c:\snort\etc\reference.config
Remove the comment (#) on the line to allow ICMP rules, if it is commented with a #.
include $RULE_PATH/icmp.rules
You can also remove the comment of ICMP-info rules comment, if it is
commented. include $RULE_PATH/icmp-info.rules
To add log files to store alerts generated by snort, search for the ―output log‖ test in snort.conf and
add the following line:
output alert_fast: snort-alerts.ids
Comment (add a #) the whitelist $WHITE_LIST_PATH/white_list.rules and the blacklist

Change the nested_ip inner , \ to nested_ip inner #, \

Comment out (#) following lines:
#preprocessor normalize_ip4
#preprocessor normalize_tcp: ips ecn stream
#preprocessor normalize_icmp4
#preprocessor normalize_ip6
#preprocessor normalize_icmp6

Save the ―snort.conf‖ file.

To start snort in IDS mode, run the following command:

snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 3

(Note: 3 is used for my interface card)

Snort monitoring traffic –

211521205151 35 SOWMIYA B
 RESULT:

Thus the Intrusion Detection System(IDS) has been demonstrated by using the Open Source Snort Intrusion
Detection Tool.

211521205151 36 SOWMIYA B
 Ex. No : 9 Explore network monitoring tools
Date :

AIM:
To download the N-Stalker Vulnerability Assessment Tool and exploring the
features.

EXPLORING N-STALKER:

• N-Stalker Web Application Security Scanner is a Web security assessment tool.

• It incorporates with a well-known N-Stealth HTTP Security Scanner and 35,000 Web attack signature
database.
• This tool also comes in both free and paid version.
• Before scanning the target, go to “License Manager” tab, perform the update.
• Once update, you will note the status as up to date.
• You need to download and install N-Stalker from www.nstalker.com.

1. Start N-Stalker from a Windows computer. The program is installed under Start ➪ Programs ➪ N-
Stalker ➪ N-Stalker Free Edition.
2. Enter a host address or a range of addresses to scan.
3. Click Start Scan.
4. After the scan completes, the N-Stalker Report Manager will prompt
5. you to select a format for the resulting report as choose Generate HTML.
6. Reviewthe HTML report for vvulnerabilities.

211521205151 37 SOWMIYA B
 7. Now goto “Scan Session”, enter the target URL.
8. In scan policy, you can select from the four options,
9. Manual test which will crawl the website and will be waiting for manual attacks.
10. full xss assessment
11. owasp policy
12. Web server infrastructure analysis.
13.
14. Once, the option has been selected, next step is “Optimize settings” which will crawl the whole website for
further analysis.

15. In review option, you can get all the information like host information, technologies used, policy name, etc.

211521205151 38 SOWMIYA B
 Once done, start the session and start the scan.

The scanner will crawl the whole website and will show the scripts, broken pages,hidden fields, information
leakage, web forms related information which helps to analyze further.

211521205151 39 SOWMIYA B
 RESULT:

Thus the N-Stalker Vulnerability Assessment tool has been downloaded, installed
and the features has been explored by using a vulnerable website

211521205151 40 SOWMIYA B
 Study to configure Firewall, VPN
Ex. No : 10
Date :

AIM:

To study the features of firewall in providing network security and to set Firewall
Security in windows.
There are three different network profiles available:

• Public
• Home/Work - private network
• Domain - used within a domain

Configuring Windows Firewall

To open Windows Firewall we can go to Start > Control Panel > Windows

211521205151 41 SOWMIYA B
 Firewall.
By default, Windows Firewall is enabled for both private (home or work)and public networks. It
is also configured to block all connections to programs that are not on the list of allowed programs.
To configure exceptions we can go to the menu on the left and select "Allow a program or feature
trough Windows Firewall" option.

To change settings in this window we have to click the "Change settings" button. As you can see, here we have a list of
predefined programs and features that can be allowed to communicate on private or public networks. For example,
notice that the Core Networking feature is allowed on both private and public networks, while the File and Printer
Sharing is only allowed on private networks. We can also see the details of the items in the list by selecting it and then
clicking the Details button

211521205151 42 SOWMIYA B
 Details

If we have a program on our computer that is not in this list, we can manually add it by clicking
on the "Allow another program" button.

Add a Program
Here we have to browse to the executable of our program and then click the Add button. Notice that
we can also choose location types on which this program will be allowed to communicate by
clicking on the "Network location types" button.
Firewall Service

In our case the service is running. If we stop it, we will get a warning thatwe
should turn on our Windows Firewall.

211521205151 43 SOWMIYA B
 Warning

Remember that with Windows Firewall we can only configure basic firewall settings, and this is
enough for most day-to-day users. However, we can't configure exceptions based on ports in
Windows Firewall any more. For that we have to use Windows Firewall with Advanced Security.

How to Start & Use the Windows Firewall with Advanced Security
The Windows Firewall with Advanced Security is a tool which gives you detailed control over the
rules that are applied by the Windows Firewall. You can view all the rules that are used by the
Windows Firewall, change their properties, create new rules or disable existing ones. In this tutorial
we will share how to open the Windows Firewall with Advanced Security, how to find your way
around it and talk about the types of rules that are available and what kind of traffic they filter.

How to Access the Windows Firewall with Advanced Security

You have several alternatives to opening the Windows Firewall with Advanced Security:

One is to open the standard Windows Firewall window, by going to "Control Panel -> System and
Security -> Windows Firewall". Then, click or tap Advanced settings.

211521205151 44 SOWMIYA B
 In Windows 7, another method is to search for the word firewall in the Start Menu search box and
click the "Windows Firewall with Advanced Security" result.

In Windows 8.1, Windows Firewall with Advanced Security is not returned in search
results and you need to use the first method shared above foropening it.

The Windows Firewall with Advanced Security looks and works the same both in
Windows 7 and Windows 8.1. To continue our tutorial, we will use screenshots that were
made in Windows 8.1.

In the Windows Firewall with Advanced Security, you can access all rulesand edit their
properties. All you have to do is click or tap the appropriate unit in the left-side panel.

211521205151 45 SOWMIYA B
211521205151 46 SOWMIYA B
 Configuring Windows Firewall
To open Windows Firewall we can go to Start > Control Panel > Windows

211521205151 47 SOWMIYA B
 Firewall.

By default, Windows Firewall is enabled for both private (home or work) and public networks. It is
also configured to block all connections to programs that are not on the list of allowed programs.
To configure exceptions we can go to the menu on the left and select "Allow a program or feature
trough Windows Firewall" option.

Exceptions

To change settings in this window we have to click the "Change settings" button. As you can see,
here we have a list of predefined programs and features that can be allowed to communicate on
private or public networks. For example, notice that the Core Networking feature is allowed on
both private and public networks, while the File and Printer Sharing is only allowed on private
networks. We can also see the details of the items in the list by selecting it and then clicking the
Details button.

211521205151 48 SOWMIYA B
 If we have a program on our computer that is not in this list, we can

manually add it by clicking on the "Allow another program" button.

Add a Program
Here we have to browse to the executable of our program and then click the Add button. Notice
that we can also choose location types on which this program will be allowed to communicate by
clicking on the "Network location types" button.

211521205151 49 SOWMIYA B
 Network Locations
Many applications will automatically configure proper exceptions
in Windows Firewall when we run them. For example, if we
enable streaming from Media Player, it will automatically
configure firewall settings to allow streaming. The same thing is
if we enable Remote Desktop feature from the system properties
window. By enabling Remote Desktop feature we actually create
an exception in Windows Firewall.

Windows Firewall can be turned off completely. To do that we

can select the "Turn Windows Firewall on or off" option from the
menu on the left.

Firewall Customization

Note that we can modify settings for each type of network location
(private or public). Interesting thing here is that we can block all
incoming connections, including those in the list of allowed
programs.

Windows Firewall is actually a Windows service. As you know,

services can be stopped and started. If the Windows Firewall
service is stopped, the Windows Firewall will not work.

211521205151 50 SOWMIYA B
 Firewall Service

In our case the service is running. If we stop it, we will get a warning thatwe
shouldturn on our Windows Firewall.

You have several alternatives to opening the Windows Firewall with Advanced

211521205151 51 SOWMIYA B
 Security:

One is to open the standard Windows Firewall window, by going to

"Control Panel -> System and Security -> Windows Firewall".Then, click or tap
Advanced settings.

In Windows 7, another method is to search for the word

firewall in the Start Menu search box and click the "Windows

Firewall with Advanced Security" result.

In Windows 8.1, Windows Firewall with Advanced Security is not returned in

search results and you need to use the first method shared above foropening it.

The Windows Firewall with Advanced Security looks and works the same both in
Windows 7 and Windows 8.1. To continue our tutorial, we will use screenshots
that were made in Windows 8.1.

211521205151 52 SOWMIYA B
 Inbound & Outbound Rules

In order to provide the security you need, the Windows Firewall has a standard
set of inbound and outbound rules, which are enabled depending on the location
of the network you are connected to.
Inbound rules are applied to the traffic that is coming from the network and the
Internet to your computer or device. Outbound rules apply to the traffic from
your computer to the network or the Internet.
These rules can be configured so that they are specific to: computers, users,
programs, services, ports or protocols. You can also specify to which type of
network adapter (e.g. wireless, cable, virtual private network) or user profileit is
applied to.
In the Windows Firewall with Advanced Security, you can access all rules and
edit their properties. All you have to do is click or tap the appropriate unit in
the left-side panel.

211521205151 53 SOWMIYA B
 The rules used by the Windows Firewall can be enabled or disabled.
The ones which are enabled or active are marked with a green
check- box in the Name column. The ones that are disabled are
marked with agray check-box.If you want to know more about a
specific rule and learn its properties, right click on it and select
Properties or select it

and press Properties in the column on right, which lists the actions
that are available for your selection.
The Connection Security Rules
Connection security rules are used to secure traffic between two computers
while it crosses the network. One example would be a rule which defines that
connections between two specific computers must be encrypted.
Unlike the inbound or outbound rules, which are applied only to one computer,
connection security rules require that both computers have thesame rules
defined and enabled. If you want to see if there are any such rules on your
computer, click or tap "Connection Security Rules" on the panel on the left. By
default, there are no such rules defined on Windows computers and devices.
They are generally used in business environments and such rules are set by
the network administrator.

211521205151 54 SOWMIYA B
 The Windows Firewall with Advanced Security Monitor

The Windows Firewall with Advanced Security includes some monitoring

features as well. In the Monitoring section you can find the following
information: the firewall rules that are active (both inbound and outbound), the
connection security rules that are active and whether there are any active security
associations.

211521205151 55 SOWMIYA B
 Result:
Thus the study of the features of firewall in providing network security and to set
FirewallSecurity in windows.

211521205151 56 SOWMIYA B