IMPLEMENTATIONOFSYMMETRICKEYALGORITHM (DES)

USER MESSAGE ENCRYPTION

PROGRAM:
[Link]
Import [Link];
Import [Link]; import [Link];import
[Link];
import [Link]; import [Link];
[Link]; import [Link];
public class DES
{
Public static void main(String[] args){
try
{
[Link]("Message EncryptionUsing DES Algorithm\n"); KeyGenerator keygenerator =
[Link]("DES"); SecretKey myDesKey = [Link]();

CipherdesCipher;

desCipher=[Link]("DES/ECB/PKCS5Padding");
[Link](Cipher.ENCRYPT_MODE, myDesKey);

byte[] text= "Secret Information ".getBytes(); [Link]("Message[ByteFormat]:"+text);

[Link]("Message : " + new String(text)); byte[] textEncrypted = [Link](text);

[Link]("Encrypted Message: "+ textEncrypted);

[Link](Cipher.DECRYPT_MODE, myDesKey); byte[] textDecrypted =
[Link](textEncrypted);

[Link]("DecryptedMessage:"+newString(textDecrypted));

}catch(NoSuchAlgorithmExceptione){[Link]();

}catch(NoSuchPaddingExceptione){[Link]();

}catch(InvalidKeyExceptione){[Link]();

}catch(IllegalBlockSizeExceptione){[Link]();

}catch(BadPaddingExceptione){[Link]();

}}}
OUTPUT:

MessageEncryptionUsingDESAlgorithm

Message[ByteFormat] :[B@4dcbadb4 Message : Secret Information Encrypted Message:

[B@504bae78 DecryptedMessage:Secret Information
 ADVANCED ENCRYPTION STANDARD(AES) ALGORITHM - URL ENCRYPTION

PROGRAM:

[Link]

import [Link]; import [Link];

import [Link]; import [Link];

import [Link].Base64; import [Link];

import [Link]; public class AES {

privatestaticSecretKeySpecsecretKey; private static byte[] key;

publicstaticvoidsetKey(StringmyKey){MessageDigestsha=null; try{

key=[Link]("UTF-8");

sha = [Link]("SHA-1"); key = [Link](key);

key=[Link](key, 16);

secretKey=newSecretKeySpec(key,"AES");

}catch(NoSuchAlgorithmExceptione){ [Link]();

}catch(UnsupportedEncodingExceptione){[Link]();

publicstaticStringencrypt(StringstrToEncrypt,Stringsecret){try{ setKey(secret);

Ciphercipher=[Link]("AES/ECB/PKCS5Padding");

[Link](Cipher.ENCRYPT_MODE,secretKey);

[Link]().encodeToString([Link]([Link]("UTF-8")));

}catch(Exceptione){

[Link]("Errorwhileencrypting:"+[Link]());

}
returnnull;

publicstaticStringdecrypt(StringstrToDecrypt,Stringsecret){try{ setKey(secret);

Cipher cipher = [Link]("AES/ECB/PKCS5PADDING");

[Link](Cipher.DECRYPT_MODE, secretKey);

returnnewString([Link]([Link]().decode(strToDecrypt)));

}catch(Exceptione){

[Link]("Errorwhiledecrypting:"+[Link]());

returnnull;

public static void main(String[] args) { finalStringsecretKey= "annaUniversity";

StringoriginalString="[Link]";

StringencryptedString=[Link](originalString,secretKey);StringdecryptedString=
[Link](encryptedString, secretKey);

[Link]("URL Encryption Using AES Algorithm\n ");

[Link]("OriginalURL:"+originalString);[Link]("EncryptedURL:"

+encryptedString);[Link]("DecryptedURL:"+decryptedString);

}
OUTPUT:

URLEncryptionUsingAESAlgorithm

OriginalURL:[Link]

Encrypted URL: vibpFJW6Cvs5Y+L7t4N6YWWe07+JzS1d3CU2h3mEvEg= Decrypted URL :

[Link]
 IMPLEMENTATION OFASYMMETRIC ALGORITHM-(RSA)

PROGRAM:
[Link]
<html>
<head>
<title>RSAEncryption</title>

<metaname="viewport"content="width=device-width,initial-scale=1.0">
</head>
<body>
<center>
<h1>RSAAlgorithm</h1>
<h2>ImplementedUsingHTML&Javascript</h2>

<hr>
<table>
<tr>
<td>EnterFirstPrimeNumber:</td>
<td><inputtype="number"value="53"id="p"></td>
</tr>

<tr>
<td>EnterSecondPrimeNumber:</td>
<td><inputtype="number"value="59"id="q"></p>
</td>
</tr>
<tr>

<td>EntertheMessage(ciphertext):<br>[A=1,B=2,...]</td>
<td><inputtype="number"value="89"id="msg"></p>
</td>
</tr>
<tr>
<td>PublicKey:</td>
<td>

<pid="publickey"></p></td>
</tr>
<tr>
<td>Exponent:</td>
<td>
<pid="exponent"></p>

</td>
</tr>
<tr>
<td>PrivateKey:</td>
<td>
<pid="privatekey"></p>

</td>
</tr>
<tr>
<td>CipherText:</td>
<td>
<pid="ciphertext"></p>

</td>
</tr>
<tr>
<td><buttononclick="RSA();">ApplyRSA</button></td>
</tr>
</table>
</center>
</body>
<script type="text/javascript">functionRSA() { var gcd, p, q, no, n, t, e, i, x;

gcd=function(a,b){return(!b)?a:gcd(b,a% b);
};
p=[Link]('p').value;
q=[Link]('q').value;
no = [Link]('msg').value; n = p * q;
t=(p - 1)*(q-1);

for(e=2;e<t;e++){if(gcd(e,t)==1){ break;
}
}

for(i=0;i<10;i++){x=1+i*t if(x %e==0){ d = x / e; break;

}

}
ctt=[Link](no,e).toFixed(0);ct=ctt%n; dtt=[Link](ct,d).toFixed(0);dt=dtt% n;
[Link]('publickey').innerHTML= n;
[Link]('exponent').innerHTML = e;
[Link]('privatekey').innerHTML = d;
[Link]('ciphertext').innerHTML=ct;

}
</script>
</html>
OUTPUT:
 DIFFIE-HELLMAN KEY EXCHANGE ALGORITHM

PROGRAM:

[Link]

class DiffieHellman{

publicstatic voidmain(Stringargs[]){

intp=23;/*publiclyknown(primenumber)*/ int g=5;/*publiclyknown(primitiveroot)*/ int x = 4; /* only

Alice knows this secret */

inty=3;/*onlyBobknowsthissecret*/doublealiceSends =([Link](g,x))%p;

doublebobComputes=([Link](aliceSends,y))%p;doublebobSends=([Link](g,y))

%p;

doublealiceComputes=([Link](bobSends,x))%p;doublesharedSecret =([Link](g, (x

*y)))%p;

[Link]("simulationofDiffie-Hellmankeyexchangealgorithm\n ");

[Link]("Alice Sends : " + aliceSends);

[Link]("BobComputes:"+bobComputes); [Link]("Bob Sends : " + bobSends);

[Link]("AliceComputes:"+aliceComputes);[Link]("SharedSecret: " +
sharedSecret);

/*sharedsecretsshouldmatchandequalityistransitive*/

if((aliceComputes==sharedSecret)&&(aliceComputes==bobComputes)) [Link]("Success:
Shared Secrets Matches! " + sharedSecret); else

[Link]("Error:SharedSecretsdoesnotMatch");

}
OUTPUT:

Simulation of Diffie-Hellman key exchange algorithm

Alice Sends : 4.0 BobComputes:18.0 Bob Sends : 10.0

AliceComputes:18.0 Shared Secret : 18.0

Success:SharedSecretsMatches!18.0
 SHA-1ALGORITHM

PROGRAM

[Link]

import [Link].*;
public class sha1 {
publicstaticvoidmain(String[] a)
{ try
{MessageDigest md = [Link]("SHA1"); [Link]("Message digest
object info:\n"); [Link]("Algorithm=" + [Link]());
[Link]("Provider=" + [Link]()); [Link]("ToString=" + [Link]());

Stringinput="";[Link]([Link]());byte[]output=[Link]();
[Link]();[Link]("SHA1(\""+input+"\")="+bytesToHex(output));input="abc";
[Link]([Link]());output=[Link]();
[Link]();[Link]("SHA1(\""+input+"\")="+
bytesToHex(output)); input = "abcdefghijklmnopqrstuvwxyz"; [Link]([Link]()); output =
[Link](); [Link]();

[Link]("SHA1(\""+input+"\")="+bytesToHex(output));[Link]();

}catch(Exceptione) {[Link]("Exception:"+e);

}}

privatestaticStringbytesToHex(byte[]b){

charhexDigit[]={'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};

StringBufferbuf=newStringBuffer();

for(byteaB:b){

[Link](hexDigit[(aB>>4)&0x0f]);[Link](hexDigit[aB&0x0f]);

[Link]();

}}
OUTPUT:

Message digest object info:

Algorithm=SHA1 Provider=SUNversion12

ToString=SHA1 Message Digest from SUN,

<initialized>SHA1("")=DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA1("abc")=A9993E364706816ABA3E25717850C26C9CD0D89D

SHA1("abcdefghijklmnopqrstuvwxyz")=32D10C7B8CF96570CA04CE37F2A19D84240D3A9
 IMPLEMENTATION OF SIGNATURE SCHEME- DIGITAL SIGNATURE STANDARD

PROGRAM:

Import [Link];
[Link]; import [Link]; import
[Link];
[Link];

publicclassCreatingDigitalSignature{

publicstaticvoidmain(Stringargs[])throwsException{

Scanner sc= newScanner([Link]); [Link]("Enter sometext"); String msg =

[Link]();

KeyPairGenerator keyPairGen = [Link]("DSA"); [Link](2048);

KeyPairpair=[Link]();PrivateKeyprivKey=[Link](); Signature sign =

[Link]("SHA256withDSA"); [Link](privKey); byte[] bytes = "msg".getBytes();
[Link](bytes);

byte[]signature=[Link]();

[Link]("Digitalsignatureforgiventext:"+newString(signature,"UTF8"));

}
OUTPUT:

Enter some text Hi how are you

Digitalsignatureforgiventext:0=@gRD???-?.????/yGL?i??a!?
 INSTALLATION OF WIRE SHARK

INTRODUCTION:

The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free open-source
network protocol analyzer. It is used for network troubleshooting and communication protocol
analysis. Wireshark captures network packets in real time and display the min human-readable format.
It provides many advanced features including live capture and offline analysis, three- pane packet
browser, coloring rules for analysis. This document uses Wireshark for the experiments, and it covers
Wireshark installation, packet capturing, and protocol analysis.

Figure1: Wire shark in KaliLinux

 BACKGROUND:

TCP/IP Network Stack:

Figure2: Encapsulation of Data in theTCP/IP Network Stack

Introduction to Computer Networking(one of the perquisite courses),TCP/IP network

stack is introduced and studied. This background section briefly explains the concept of TCP/IP
network stack to help you better understand the experiments. TCP/IP is the most commonly used
network model for Internet services. Because its most important protocols, the Transmission Control
Protocol(TCP) and the Internet Protocol(IP) were the first networking protocols defined in this
standard, it is named as TCP/[Link], it contains multiple layers including application layer,
transport layer, network layer, and data link layer.
 Application Layer: The application layer includes the protocols used by most applications
for providing user services. Examples of application layer protocols are
HypertextTransferProtocol(HTTP),SecureShell(SSH),FileTransferProtocol(FTP), and Simple Mail
Transfer Protocol (SMTP).

TransportLayer: The transport layer establishes process-to-process connectivity, and it provides end-
to-end services that are independent of underlying user data. To implement the process-to-process
communication, the protocol introduces a concept of port. The examples of transport layer protocols
are Transport Control Protocol (TCP) and User Datagram Protocol (UDP). The TCP provides flow-
control, connection establishment, and reliable transmission of data, while the UDP is a connectionless
transmission model.

Internet Layer: The Internet layer is responsible for sending packets to across networks. It
hastwofunctions:1)Host identification by using IP addressing system (IPv4andIPv6);and2)packets
routing from source to destination. The examples of Internet layer protocols are Internet
Protocol(IP),Internet Control Message Protocol (ICMP), and Address Resolution Protocol (ARP).

Link Layer: The link layer defines the networking methods within the scope of the local
network link. It is used to move the packets between two hosts on the same link. An common example
of link layer protocols is Ethernet.

Packet Sniffer :Packet sniffer is a basic tool for observing network packet exchanges in a
computer. As the name suggests, a packet sniffer captures (“sniffs”) packets being sent/received
from/by your computer; it willalsotypicallystoreand/ordisplaythecontentsofthevariousprotocolfieldsin
these captured packets. A packet sniffer itself is passive. It observes messages being sent and received
by applications and protocols running on your computer, but never sends packets itself.

Figure 3 shows the structure of a packet sniffer. At the right of Figure 3 are the protocols
(in this case, Internet protocols) and applications (such as a web browser or ftp client) that normally
run on your computer. The packet sniffer, shown within the dashed rectangle in Figure 3 is an addition
to the usual software in your computer, and consists of two parts. The packet capture library receives a
copy of every link-layer frame that is sent from or received by your computer. Messages exchanged by
higher layer protocols such as HTTP,FTP,TCP,UDP, DNS, or IP all are eventually encapsulated in
link-layer frames that are transmitted over physical media such as an Ethernet cable. In Figure 1, the
assumed physical media is an Ethernet, and so all upper-layer protocols are eventually encapsulate d
within an Ethernet frame. Capturing all link-layer frames thus gives you access to all messages
sent/received from/by all protocols and applications executing in your computer.

The second component of a packet sniffer is the packet analyzer, which displays the contents of all
fields within a protocol message. In order to do so, the packet analyzer must “understand” the structure
of all messages exchanged by protocols. For example, suppose we are interested in displaying the
various fields in messages exchanged by the HTTP protocol in Figure3. The packet analyzer
understands the format of Ethernet frames, and so can identify the IP datagram within an Ethernet
frame. It also understands the IP datagram format, so that it can extract the TCP segment within the IP
datagram. Finally, it understands the TCP segment structure, so it can extract the HTTP message
contained in the TCP segment. Finally, it understands the HTTP protocol and so, for example, knows
that the first bytes of an HTTP message will contain the string “GET,” “POST,” or “HEAD”.

We will be using the Wireshark packet sniffer [[Link] for these labs, allowing us
to display the contents of messages being sent/received from/by protocols at
differentlevelsoftheprotocolstack.(Technicallyspeaking,Wiresharkisapacketanalyzerthat uses a packet
capture library in your computer). Wireshark is a free network protocol analyzer that runs on
Windows, Linux/Unix, and Mac computers. Getting Wireshark

The KaiLinux has Wireshark installed. You can just launch the KaliLinuxVM and open Wireshark
there. Wireshark can also be downloaded from here: [Link]
 Figure 3: Packet Sniffer Structure

Figure 4: Download Page of Wireshark

StartingWireshark:

When you run the Wireshark program, theWireshark graphic user interface will be shown as
[Link], the program is not capturing the packets.
 Figure 5:Initial Graphic User Interface of Wireshark

Then, you need to choose an interface. If you are running the Wireshark on your laptop, you need to select
WiFi interface. If you are at a desktop, you need to select the Ethernet interface being used. Note that there
could be multiple interfaces. In general, you can select any interface but that does not mean that traffic will
flow through that interface. The network interfaces(i.e., the physical connections) that your computer has to
the network are shown. The attached Figure 6 was taken from my computer.

After you select the interface,you can click start to capture the packets as shown in Figure7.
 Figure 6: Capture Interfaces in Wireshark

Figure7: Capturing Packets in Wireshark

Figure 8: Wireshark Graphical User Interface on Microsoft Windows

The Wireshark interface has five major components:

The command menus are standard pull down menus located at the top of the window. Of
interest to us now is the File and Capture menus. The File menu allows you to save captured packet data or
open a file containing previously captured packet data, and exit the Wireshark application. The Capture
menu allows you to begin packet capture.

The packet-listing window displays a one-line summary for each packet captured, including the
packet number(assigned by Wireshark ;this is not a packet number contained in any protocol’s header), the
time at which the packet was captured, the packet’s source and destination addresses, the protocol type, and
protocol-specific information contained in the packet. The packet listing can be sorted according to any of
these categories by clicking on a column name. The protocol typefield lists the highest-level protocol that
sent or received this packet, i.e., the protocol that is the source or ultimate sink for this packet.

The packet-header details window provides details about the packet selected (highlighted) in
the packet-listing window. (To select a packet in the packet-listing window, place the cursor over the
packet’s one-line summary in the packet-listing window and click with the left mouse button.). These details
include information about the Ethernet frame and IP datagram that contains this packet. The amount of
Ethernet and IP-layer detail displayed can be expanded or minimized by clicking on the right- pointing or
down- pointing arrowhead to the left of the Ethernet frame or IP datagram line in the packet details window.
If the packet has been carried overTCPorUDP,TCPor UDPdetails will also be displayed, which can
similarly be expanded or minimized. Finally, details about the highest-level protocol that sent or received
this packet are also provided.

The packet-contents window displays the entire contents of the captured frame, in both ASCII and
hexadecimal format.

Towards the top of the Wireshark graphical user interface, is the packet display filter field, into which a
protocol name or other information can be entered in order to filter the information displayed in the packet-
listing window (and hence the packet-header and packet-contents windows). In the example below, we’ll
use the packet-display filter field to have Wireshark hide (not display) packets except those that correspond
to HTTP messages.

Capturing Packets

After downloading and installing Wireshark, you can launch it and click the name of an interface under
Interface List to start capturing packets on that interface. For example, if you want to capture traffic on the
wireless network, click your wireless interface.

Test Run: Do the following steps:

1. Start up the Wireshark program(select an interface and press start to capture packets).

2. Start up your favorite browser(ceweaselinKaliLinux).

3. In your browser, go to WayneState homepage by typing [Link].

4. Afteryourbrowserhasdisplayedthe[Link] stop Wiresharkpacket capture by
selecting stops in the Wireshark capture window. This will cause the Wireshark capture window to
disappear and the mainWireshark window to display all packets captured since you began packet capture
see image below:
5. Color Coding: You’ll probably see packets highlighted in green, blue, and black. Wireshark uses
colors to help you identify the types of traffic at a glance. By default, green is TCP traffic, dark blue is DNS
traffic, light blue is UDP traffic, and black identifies TCP packets with problems — for example, they could
have been delivered out-of-order.

6. You now have live packet data that contains all protocol messages exchanged between your computer
and other network entities! However, as you will notice the HTTP messages are not clearly shown because
there are many other packets included in the packet capture. Even though the only action you took was to
open your browser, there are many other programs in your computer that communicate via the network in
the background. To filter the connections to the ones we want to focus on, we have to use the filtering
functionality of Wireshark by typing “http” in the filtering field as shown below:

Notice that we now view only the packets that are of protocol HTTP. However, we also still do not have
the exact communication we want to focus on because using HTTP as a filter is not
descriptiveenoughtoallowustofindourconnectionto[Link] We need to be more precise if we
want to capture the correct set of packets.

7. To further filter packets in Wireshark, we need to use a more precise filter. By setting the
[Link], we are restricting the view to packets that have a san http host the
[Link] website. Notice that we need two equal signs to perform the match not just one. See the
screenshot below:
8. Now, we can try another protocol. Let’s use Domain Name System(DNS) protocol as and example
here.

9. Let’s try now to find out what are those packets contain by following of the conversations (also
called network flows), select one of the packets and press the right mouse button(if you are on Mac use the
command button and click), you should see something similar to the screen below:

10. If we close this window and change the filter back to“[Link]”and then follow a packet
from the list of packets that match that filter, we should get the something similar to the following screens.
Note that we click on Follow TCP Stream this time.
 CHECK MESSAGE INTEGRITY AND CONFIDENTIALITY USING SSL

PROGRAM:

[Link].*;
import [Link].*;
[Link].*;

publicclassSSLServer{
publicstaticvoidmain(String[]args)throwsException{ int port = 12345;
char[]passphrase="password".toCharArray();

//Loadserverkeystore
KeyStorekeystore=[Link]("JKS");
[Link](newFileInputStream("server_keystore.jks"),passphrase);

// Initialize KeyManagerFactory KeyManagerFactory keyManagerFactory =

[Link]("SunX509"); [Link](keystore, passphrase);

//CreateSSLContext
SSLContextcontext=[Link]("TLS");
KeyManager[] keyManagers = [Link](); [Link](keyManagers, null,
null);

//CreateSSLServerSocketFactory

SSLServerSocketFactorysslServerSocketFactory=[Link]();

//CreateSSLServerSocket
SSLServerSocket serverSocket = (SSLServerSocket) [Link](port);
[Link]("[Link]...");

//Accept incomingconnections
SSLSocketclientSocket=(SSLSocket)[Link](); [Link]("Client connected.");

//Setupcommunicationstreams
BufferedReaderreader=newBufferedReader(new InputStreamReader([Link]()));
PrintWriterwriter=newPrintWriter([Link](),true);

//Processincomingmessages String message;

while ((message = [Link]()) != null) { [Link]("Received: " + message);
[Link]("Server acknowledges: "+ message);
}

//Closestreamsandsockets [Link](); [Link](); [Link](); [Link]();

}}
Client:

[Link].*;
import [Link].*;
[Link].*;

publicclassSSLClient{
publicstaticvoidmain(String[]args)throwsException{ String serverHost = "localhost";
intserverPort=12345;
char[]passphrase="password".toCharArray();

//Loadclienttruststore
KeyStoretruststore=[Link]("JKS");
[Link](newFileInputStream("client_truststore.jks"),passphrase);

// Initialize TrustManagerFactory TrustManagerFactory trustManagerFactory =

[Link]("SunX509"); [Link](truststore);

//CreateSSLContext
SSLContextcontext=[Link]("TLS");

//InitializeTrustManager[]
TrustManager[]trustManagers=[Link]();

//InitializeSSLContext withTrustManagers [Link](null, trustManagers, null);

//CreateSSLSocketFactory
SSLSocketFactorysslSocketFactory=[Link]();

//CreateSSLSocket
SSLSocketsocket=(SSLSocket)[Link](serverHost,serverPort);

//Setupcommunicationstreams
BufferedReader reader =newBufferedReader(new InputStreamReader([Link]()));
PrintWriterwriter=newPrintWriter([Link](),true);

// Send message to server [Link]("Hello,server!");

// Receive response from server Stringresponse=[Link]();

[Link]("Serverresponse:"+response);

//Closestreamsandsocket [Link](); [Link](); [Link]();

}
}
OUTPUT:
 EXPERIMENTING EAVESDROPPING, DICTIONARY ATTACKS, MITM ATTACKS

Visual Objective:

Introduction:
Password cracking is a term used to describe the penetration of a network, system, or resource
with or without the use of tools to unlock a resource that has been secured with a password. Password
cracking tools may seem like powerful decryptors, but in reality are little more than fast, sophisticated
guessing machines.
Types of password breaking:
Dictionary attack
A simple dictionary attack is usually the fastest way to break into a machine. A dictionary file (a text file
full of dictionary words) is loaded into a cracking application, which is run against user accounts located by
the application.
Bruteforce attack
A brute force attack is a very powerful form of attack, though it may often take a long time to work
depending on the complexity of the password. The program will begin trying any and every combination of
numbers and letters and running them against the hashed passwords.
Passwords that are composed of random letters numbers and characters are most vulnerable to this type of
attack.
Hybrid attack
Another well-known form of attack is the hybrid attack. A hybrid attack will add numbers or symbols to the
search words to successfully crack a password. Many people change their passwords by simply adding a
number to the end of their current password. Therefore, this type of attack is the most versatile, while it
takes longer then a standard dictionary attack it does not take as long as a brute force attack.

Cracking Process
Since a bruteforce attack is the most time consuming and is not likely to break any passwords that are not
composed of random characters, the best plan is to use techniques that are
[Link] is known about
how users select passwords, an intruder can tremendously increase the odds in their favor of finding
passwords. With the right techniques, some poor passwords can be cracked in under a second.

The real power of dictionary attackscome from understanding theways in which mostpeople varies names
and dictionary words when attempting to create a password. By applying all the common transformations to
everyword in the electronic list and encrypting each result the number tested passwords multiplies
[Link] tools can often detect “clever” ways of manipulating words to hide their origin. For
example, such cracking programs often subject each word to a list of rules. A rule could be anything, any
manner in which a word might appear. Typical rules might include Alternate upper-and lower case lettering.
Spell the word forward and then backward, and then fuse the tworesults(forexample:cannac). Add the
number 1 to the beginning and/or end of each word.
Naturally,the more rules one applies to the words,the longer the cracking process takes. However, more
rules also guarantee a higher likelihood of success.

Task1–Microsoft Office Password Recovery

Many applications require you to establish an ID and password that may be saved and automatically
substituted for future authentication. The password will usually appear on the screen as a series of asterisks.
This is fine as long as your system remembers the password for you but what I fit "forgets"or you need it for
use on an other system. Fortunately, many utilities have been written or recover such passwords. In this
task, you will use Office Key to recover the password for a MS word document.
Step1:Find the folder“Lab1”onyourdesktop,andopenit
You will find OfficeKey and a MSdocument in the folder.
Step2:Open the OfficeKey–Password Recovery tool
Step3:Press the “Recover” button in the upper left corner,or select FileRecover.

Step4: Choose the password protected MSOffice File you have saved to the Desktop.
Step 5: After running the first password auditing session, check to see if Office key has cracked the
password. If the password has not been cracked press the Settings button on the upper tool bar.
Step6: Once in the Settings menu you will be able to modify the search parameters and customize a more
targeted search.
Step7: Repeat steps3 and 4 until the password has been cracked and opens the MSOffice File.
Step8: Write down the contents of the MS word document and the password into your lab report and submit
it to your TA.
Task2–Password Auditing (Windows platform):
The purpose of this task is to familiarize you with act of password cracking/recovery. Password cracking
software uses a variety of approaches, including intelligent guessing, dictionary attacks and automation that
tries every possible combination of characters. Given enough time the automated method can crack any
password, but more effective passwords will last months before breaking.
When a password is entered and saved on a computer it is encrypted, the encrypted password becomes a
string of characters called a “hash” and is saved to a password file. A password cannot bereverse-
[Link] it (wordlist or randomly generated
strings of characters) and compares the results with hashed passwords .If the hashes match then the
passwordhas successfully been guessed or “cracked”. This process is usually performed offline against a
captured password files that being locked out of the account is not an issue, and guessing can go on
continuously. Thus, revealing the passwords is simply a matter of CPU time and dictionary size
1. You obtain a dictionaryfile, which is no more than a flat file(plaintext)list of words (commonly
referred to as wordlists).
2. These words are fed through any number of programs that encrypt each [Link] encryption
conforms to the DES standard.
3. Each resulting encrypted word is compared with the target password. If a match occurs, there is
better than a 90 percent chance that the password was cracked.
Step 1: Go to Lab1 folder, and open LC4 to audit the passwords on your Windows system.
SelectFile>NewSession>Select Import>Import from PWDUMPFile(inthesamefolder)> Select the
“Passwords” file that has been provided to you.
Objectives:
This password file has been retrieved from system that we must gain access to. To do this you must crack as
many passwords as possible as quickly as possible. We have captured the user names and encrypted
passwords for ten users. The user names follow a standard pattern of first initial and last name, but the
passwords have no set standards. We do know that users of this system are encouraged to add numbers and
other characters to the words they chose for passwords.
To aid you in cracking these passwords we have managed to collect some basic information about the users.
This personal information may help you target your searches as to what the user’s password may be.

Kmiller KenMillerisanavidflyfisherandhisrecord
number of catches is just under 30

Smacman StevenMacManhasafiancéwho’snameis4
letters long and starts with a “K”

Gkoch Gina Koch grew up with her German

grandmother,whousedtocallher‘Little
precious’ *

Mjones Matt Jones was born in 1979. He compares

himselftoaShakespeareancharacterwhowas
born via C section

Tgriffin TimGriffinlovesfunky‘70’sand‘80s
[Link] songs about ‘Love’
 Rklatt RyanKlattisabigStarTrekfanandhasmost
likely chosen an obscure reference for his
password *

Nboyle NancyBoyleisanafanofthebooksof British

writer Douglas Adams

Esmith Edward Smith was very close to his

grandfather who died in 1968. We know his
grandfather’s name was a less common name
starting with ‘L’

Jcollins JimCollinskeepsacopyofthebook“The
Prince” *
Hharris Alan Harris has a wife named Sue and a
daughter named Megan lan was married on
May3rd.HisdaughterwasbornonAugust6th

Step2: Select Session SessionOptions

Use this menu to customize your password search. Here you can add different word list for
Dictionary attacks, change Hybrid attack features. Keep in mind you are working with a short dead line and
more in depth searches will take longer then you have. You must use the information given to you to target
your search most specifically at more likely passwords.
 Step3: Select Session Begin “Audit” or Press the blue play button on the upper toolbar to start
the password search.

Step 4: After the first search has run check your progress. Have some of the passwords been
cracked all the way though or have some only been partially cracked. Use what you’ve learned from this
first search to target your next few searches. You will need to search the internet and use the information
you have been given about each user to find words they may have used as their password.

Note: The question marks in the partially cracked passwords do not necessarily represent the
number of remaining undiscovered characters.

Step5: Add words to your wordlist Session>Session Options

Press the ‘Dictionary List’ button in the Dictionary crack section. Here you can edit your
current word list and add words by selecting the‘EDIT’ button and entering each word on a new line. You
can also add multiple dictionaries and wordlist.

Step6: You may chose to conduct dictionary attacks with other word [Link] can find
additional wordlist to use here: [Link]

Step7: Continue searching for possible passwords during the remainder of the lab. Repeating
steps 3 and 4 each time you modify your search.

Step8: Once you have cracked all the passwords in the file, write them down in your lab report
or once the lab time has ended, submit the passwords you were able to crack.
 EXPERIMENTING WITH SNIFF TRAFFIC USING ARP POISONING

Description:

ARP is the acronym for Address Resolution Protocol. It is used to convert IP address to
physical addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and
the recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC
address is then used to communicate. ARP poisoning is sending fake MAC addresses to the switch so
that it can associate the fake MAC addresses with the IPaddress of a genuine computer on a network
and hijack the traffic.

ARP Poisoning Counter measures

Static ARP entries: these can be defined in the local ARP cache and the switch configured to
ignore all auto ARP reply packets. The disadvantage of this method is, it’s difficult to maintain on large
networks. IP/MAC address mapping has to be distributed to all the computers on the network. ARP
poisoning detection software: these systems can be used to cross check the IP/MAC address resolution and
certify them if they are authenticated. Uncertified IP/MAC address resolutions can then be blocked.

Operating System Security: this measure is dependent on the operating system been used. The
following are the basic techniques used by various operating systems.

• Linux based: these work by ignoring unsolicited ARP reply packets.

• Microsoft Windows: the ARP cache behavior can be configured via the registry.

• Anti ARP–provides protection against both passive and active sniffing

• Agnitum Outpost Firewall–provides protection against passive sniffing

• XArp–provides protection against both passive and active sniffing

• MacOS:Arp Guard can be used to provide protection.

• Computers communicate using networks.

 What is Network Sniffing?

Computers communicate by broadcasting messages on a network using IP addresses. Once a

message has been sent on a network, the recipient computer with the matching IP address responds with its
MAC address.

Network sniffing is the process of intercepting data packets sent over a network. Thiscanbe
done by the specialized software program or hardware equipment. Sniffing can be used to;

• Capture sensitive data such as login credentials

• Eaves drop on chat messages

• Capture files have been transmitted over a network

The following are protocols that are vulnerable to sniffing:

• Telnet

• Rlogin

• HTTP

• SMTP

• POP

• FTP

• IMAP

The above protocols are vulnerable if login details are sent in plaintext.
Passive and Active Sniffing:

Before we look at passive and active sniffing, let’s look at two major devices used to network
computers; hubs and switches. A hub works by sending broadcast messages to all out put ports on it except
the one that has sent the broadcast. The recipient computer responds to the broadcast message if the IP
address matches. This means when using a hub, all the computers on a network can see the broadcast
message. It operates at the physical layer (layer 1) of the OSI Model.
 A switch works differently; it maps IP/MAC addresses to physical ports on it. Broadcast
messages are sent to the physical ports that match the IP/MAC address configurations for the recipient
computer. This means broadcast messages are only seen by the recipient computer. Switches operate at the
data link layer (layer 2) and network layer (layer 3).

The diagram below illustrates how the switch works.

Passive sniffing is intercepting packages transmitted over a network that uses a hub. It is called
passive sniffing because it is difficult to detect. It is also easy to perform as the hub sends broadcast
messages to all the computers on the network.

Active sniffing is intercepting packages transmitted over a network that uses a switch. There
are two main methods used to sniffs with linked networks, ARP Poisoning, and MAC flooding.

Download Wireshark from this link [Link]

• Open Wireshark

• You will get the following screen

• Select the network interface you want to sniff. Note for this demonstration,we are using
a wireless network connection. If you are on a local area network, then you should select the local area
network interface.
• Click on start button as shown above

• Openyourwebbrowserandtypein[Link]

• Theloginemailisadmin@[Link] Password2010

• Click on submit button

• A successful logon should give you the following dashboard

• Open your web browser and type in [Link]

• The login email is admin@google. comand the password is Password2010

• Click on submit button

• A successful logon should give you the following dashboard

• Go back to Wireshark and stop the live capture

• Filter for HTTP protocol results only using the filter text box

• Locate the Info column and look for entries with the HTTP ver bPOST and click on it
 • Just below the log entries,there is apanel with a summary of captured data. Look for the
summary that says Line-based text data: application/x-www-form-url encoded

• You should be able to view the plaintext values of all the POST variables submitted to
the server via HTTP protocol.
 DEMONSTRATION OF INTRUSION DETECTION SYSTEM (IDS)

STEPS ON CONFIGURING AND INTRUSION DETECTION:

1. Download Snort from the [Link].([Link]

2. Download Rules([Link] You must register to get the rules. (You should
download these often)

3. Double click on [Link] to install snort. This will install snort in the“C:\Snort”folder. It is important to
have WinPcap ([Link] installed.

4. Extract the Rules file. You will need WinRAR for the .gzfile.

5. Copy all files from the“rules” folder of the extractedfolder. Now paste the rules into “C:\Snort\rules”
folder.

6. Copy “[Link]” file from the “etc” folder of the extracted folder. You must paste it into “C:\ Snort\etc”
folder. Overwrite any existing file. Remember if you modify your [Link] file and download a new
file, you must modify it for Snort to work.

7. Open a command prompt([Link]) and navigate to folder“C:\Snort\bin”folder.(at the Prompt, type

cd\snort\bin)

8. To start(execute) snort in sniffer mode use following command: snort -dev -i 3

-I indicates the interface [Link] must pick the correc tinterface [Link] my case, it is 3.

-dev is used to run snort to capture packets on your network.

To check the interface list, use following command: snort –W

Finding an interface:

You can tell which interface to use by looking at the Index number and finding Microsoft. As you can see in
the above example, the other interfaces are for VMWare.

To run snort in IDSmode, you will need to configure the file “[Link]” according to your network
environment.

To specify the network address that you want to protect in [Link] file,look for the following line. var
HOME_NET [Link]/24 (You will normally see any here)

You may also want to set the addresses ofDNS_SERVERS, if you have some on your network.

Example:

Example snort

Change theRULE_PATH variable to the path of rules folder.varRULE_PATHc:\snort\rules

Path to rules

Change the path of all library files with the name and path on your system and you must change the path of
snort_dynamic preprocessor variable.
C:\Snort\lib\snort_dynamicc preprocessor

You need to do this to all library files in the “C:\Snort\lib” folder. The old path might be:
“/usr/local/lib/…”.you will need to replace that path with your [Link]:\Snort\lib Change the
path of the “dynamic engine” variable value in the “[Link]” file.

Example:

Dynamic engine C:\Snort\lib\snort_dynamicengine\sf_engine.dll

Addthepathsfor“[Link]”and“[Link]”[Link]
c:\snort\etc\[Link]

includec:\snort\etc\[Link]

Remove the comment(#)on the line to allow ICMP rules, if it is commented witha#.include

$RULE_PATH/[Link]

You can also remove the comment of ICMP-info rules comment, if it is [Link]

$RULE_PATH/[Link]

Toaddlogfilestostorealertsgeneratedbysnort,searchforthe“output log”[Link] and add the following

line:

outputalert_fast:[Link]

Comment(adda#)thewhitelist$WHITE_LIST_PATH/white_list.rulesandtheblacklist

Change the nested_ipinner, \tonested_ipinner#,\Commentout(#)followinglines: #preprocessor normalize_ip4

#preprocessornormalize_tcp:ipsecnstream#preprocessornormalize_icmp4#preprocessor normalize_ip6

#preprocessornormalize_icmp6

Save the“[Link]”file.

To start snortinIDSmode, run the following command:

snort-cc:\snort\etc\[Link]-lc:\snort\log-i3(Note:3 is used for my interface card)

If a log is created, select the appropriate program to open [Link] can useWordPardor NotePad++ to read the
file.

To generate LogfilesinASCIImode, you can use following command while runningsnortin IDS mode:

snort-Aconsole-i3-cc:\Snort\etc\[Link]-lc:\Snort\log-Kascii

ScanthecomputerthatisrunningsnortfromanothercomputerbyusingPINGorNMap (ZenMap).

Afterscanningorduringthescan [Link] insure it is logging

properly. You will see IP address folders appear.

Snortmonitoringtraffic–
 NETWORK MONITORING TOOLS

Network monitoring is an essential part of network management. It involves using various tools to monitor a
system network and determine slowness and weak connections, among other issues. Knowing more about
these tools can help you understand them better and use the right ones that suit your requirements. In this
article, we define what network monitoring tools are, provide details about various tools and discuss about
some tips that can help you choose the right tool for your requirements.

What are Network Monitoring Tools?

Network monitoring tools are software that you can use to evaluate network connections. These software
programs can help you monitor a network connection and identify network issues, which may include
failing network components, slow connection speed, network outage or unidentifiable connections. Network
management and monitoring tools can also help you resolve these issues or establish solutions that prevent
specific issues from occurring in the future.

Network Monitoring Tools

Here are eight monitoring tools along with their descriptions and features:

1. Solar Winds Network Performance Monitor:

Solar Winds Network Performance Monitor is a multi-vendor monitoring tool. It allows users
to monitor multiple vendors networks at the same time. It also provides network insights for thorough
visibility into the health of the networks. Some prominent features include network availability monitoring,
intelligent network mapping, critical path visualization, perform an analysis and advanced alerting. Solar
Winds also allows users to track VPN tunnel status. It prompts when a VPN tunnel is available to help users
ensure a stable connection between sites. Solar Winds provides a seven- day free trial, after which users can
choose a preferred subscription plan.

2. Auvik:

Auvik is a network monitoring and management tool. It offers a quick implementation process
that helps users to set up the tool easily. It also has a clean user interface that makes it easy to navigate and
use. The tool provides in-depth network visibility that enables faster trouble shooting for network issues.
Users can automate network visibility using Auvik. It provides real-time updates on network issues and
configuration changes.

3. Datadog Network Monitoring:

Datadog Network Monitoring offers services for on-premises devices and cloud networks. A
highlighting feature of this tool is the visualisations. It offers various graphical representations of all the
network connections on a system. It also allows users to track key metrics like network latency, connection
churn and transmission control protocol (TCP) retransmits. Users can monitor the health of a network
connection at different endpoints at the application, IP address, port or process ID layers. Other prominent
features include automated log collection and user interface monitoring.

4. Paessler PRTG Network Monitor:

Paessler's network connection monitoring tool provides a clean user interface and network
visibility on multiple devices. Users can track the health of different connection types like local area
networks(LAN), wide area network(WAN), servers, websites, applications and services. The tools also
integrate with various technologies, which makes it easier to use it for different types of applications. It
provides distribute monitoring, allowing users to track network connections on devices in different
locations. The tool also provides apps for mobile platforms that can help users to track network health on
mobile phones.

5. Manage EngineOp Manager:

Manage EngineOp Manager is a good network monitoring and managing tool for users that
prefer in- depth view of network health and issues. This tool provides over 2000 network performance
monitors that allow users to track and monitor their connections and perform detailed analyses on issues. It
also provides over 200 dashboard widgets that can help users customise their dashboard to their own
suitability. Other features include CPU, memory and disk utilization monitoring on local and virtual
machines. It also allows setting network performance threshold and notifies the user in case of a violation.
6. Domotz:

Domotz is an expansive tool that provides a list of features for monitoring network
connections. It allows users to customize their network monitoring preferences. Users can write scripts the
retrieve the data they wish to evaluate. It also allows connection to open ports on remote devices while
ensuring network security. Users can also scan and monitor network connections globally. Domotz also
allows to backup and restore network configuration for switches, firewalls and access points and alerts when
thereis a change in the configuration.

7. Checkmk:

Checkmk is a tool that allows users to automate it completely. You can customize its
operations and enable it to perform tasks automatically. It also identifies network and security components
without the user requiring manual setup. Forexample,the tool can identify a firewall even if the user has not
set it up. Its Agent Bakery feature enables users to manage agents and automate agent updating. This
reduces manual effort to monitor network [Link] tool also includes over2000plug-ins for
enhancing network monitoring.

8. Progress Whatsup Gold:

Progress Whatsup Gold is a basic network monitoring software. It provides a minimal user
interface with essential features like device monitoring, application monitoring, analysing network traffic
and managing configurations. The tool allows users to monitor cloud devices, inspect suspicious
connections, automate configuration backups and identify, and resolve bandwidth issues.

Other Tools For Network Monitoring Tools:

•Fortra Intermapper: This tool enables users to monitor network connections using network maps,
allowing them to get a holistic view of all the connections. It also provides various colour codes for different
network status, along with real-time notifications through text, email and sound.

•Nagios Core: NagiosCore is a monitoring engine that works as the primary application for all Nagios
projects, including the Nagios Network Analyser. It integrates with other Nagios applications and provides
users with features like a visual dashboard, custom application monitoring, automated alert system,
advanced user management and network security monitoring.
•Zabbix: Zabbix provides a thorough network monitoring solution with features like server monitoring,
cloud monitoring, application monitoring and service monitoring. The tool also includes features like metric
collection, business monitoring and root cause analyses of network issues, and allows users to establish a
threshold for connection anomalies.

Tips To Choose A Network Monitoring And Management Tool

Understand the requirements

Understanding why you require network monitoring software is important in the process.
Define what feature you want and for what purpose. This can help you identify the right tool for your use. It
may also help you choose the correct subscription plan on paid tools.

Browse multiple tools

Once you identify the requirements, consider browsing multiple [Link] the websites of the
tools and look for the features you require. Spend time studying the features and understand how they can
be useful to your requirements. You can also identify a few tools and compare their features to each other.

Consider the budget

Some tools may be free to use, while some may require you to purchase a subscription plan.
Paid tools typically offer a free trial period of upto 30days. Once you identify which
tool you may like to use, see if it is free or requires payment. Ifit is a paid tool, try exploring its
features and efficiency during the trial period. Consider keeping a backup tool incase the tool that you
choose does not fit your usage.
 STUDY TO CONFIGURE FIREWALL, VPN

FIREWALL IN WINDOWS7:

Windows7 comes with two firewalls that work together. One is the Windows Firewall, and the
other is Windows Firewall with Advanced Security (WFAS). The main difference between them is the
complexity of the rules configuration. Windows Firewall uses simple rules that directly relate to a program
or a service. The rules in WFAS can be configured based on protocols, ports, addresses and authentication.
By default, both firewalls come with predefined set of rules that allow us to utilize network resources. This
includes things like browsing the web, receiving e-mails, etc. Other standard firewall exceptions are File and
Printer Sharing, Network Discovery, Performance Logs and Alerts, Remote Administration, Windows
Remote Management, Remote Assistance, Remote Desktop, Windows Media Player, Windows Media
Player Network Sharing Service

With firewall in Windows7 we can configure inbound and outbound rules. By default, all
outbound traffic is allowed, and inbound responses to that traffic are [Link] traffic initiated
from external sources is automatically blocked.

When we first connect to some network, we are prompted to select a network location. This
feature is known as Network Location Awareness (NLA). This feature enables us to assign a network
profile to the connection based on the location. Different network profiles contain different collections of
firewall rules. In Windows 7, different network profiles can be configured on different interfaces. For
example, our wired interface can have different profile than our wireless interface. There are three different
network profiles available:

• Public
• Home/Work-privatenetwork
• Domain-usedwithinadomain

Configuring Windows Firewall:

To open Windows Firewall we can go to Start>ControlPanel>Windowsfirewall.
By default, Windows Firewall is enabled for both private(home or work) and public networks. It is also
configured to block all connections to programs that are not on the list of allowed programs. To configure
exceptions we can go to the menu on the left and select "Allow a program or feature trough Windows
Firewall" option.
 Exceptions

To change settings in this window we have to click the "Change settings" button. As you can
see, here we have a list of predefined programs and features that can be allowed to communicate on private
or public networks. For example, notice that the Core Networking feature is allowed on both private and
public networks, while the File and Printer Sharing is only allowed on private networks. We can also see the
details of the items in the list by selecting it and then clicking the Details button.

Details

If we have a program on our computer that is not in this list,we can manually add it by clicking
on the "Allow another program" button.

Add a Program

Here we have to browse to the executable of our program and then click the [Link]
that we can also choose location types on which this program will be allowed to communicate by clicking
on the "Network location types" button.

Network Locations

Many applications will automatically configure proper exceptions in Windows Firewall when
we run them. For example, if we enable streaming from Media Player, it will automatically configure
firewall settings to allow streaming. The samething is if we enable Remote Desktop feature from the system
properties window. By enabling Remote Desktop feature we actually create an exception in Windows
Firewall.

Windows Firewall can be turned off completely. To do that we can select the "Turn Windows
Firewall on or off" option from the menu on the left.

Firewall Customization:

Note that we can modify settings for each type of network location (private or public).
Interesting thing here is that we can block all in coming connections, including those in the list of allowed
programs. Windows Firewall is actually a Windows service. As you know, services can be stopped and
started. If the Windows Firewall service is stopped, the Windows Firewall will not work.

Firewall Service:

In our case the service is running. If we stop it, we will get a warning that we should turn on
our Windows Firewall.

Warning:

Remember that with Windows Firewall we can only configure basic firewall settings, and this
is enough for most day-to-day users. However, we can't configure exceptions based on ports in Windows
Firewall any more. For that we have to use Windows Firewall with Advanced Security.
 How to Start & Use the Windows Firewall with Advanced Security

The Windows Firewall with Advanced Security is a tool which gives you detailed control over
the rules that are applied by the Windows Firewall. You can view all the rules that are used by the Windows
Firewall, change their properties, create new rules or disable existing ones. In this tutorial we will share how
to open the Windows Firewall with Advanced Security, how to find your way around it and talk about the
types of rules that are available and what kind of traffic they filter.

How to Access the Windows Firewall with Advanced Security

You have several alternatives to opening the Windows Firewal lwith Advanced Security:

One is to open the standard Windows Firewall window,by going to

"ControlPanel->System and Security->WindowsFirewall".

Then, click or tap Advancedsettings.

In Windows7, another method is to search for the word firewall in the Start Menu search box and click
the "Windows Firewall with Advanced Security" result.

InWindows8.1,Windows Firewall with Advanced Security is not returned in search results and you
need to use the first method shared above for opening it.

The Windows Firewall with Advanced Security looks and works the same both in Windows7 and
Windows 8.1. To continue our tutorial, we will use screenshots that were made in Windows 8.1.
What are the Inbound & Outbound Rules?

In order to provide the security you need, the Windows Firewall has a standard set of inbound
and outbound rules, which are enabled depending on the location of the network you are connected to.

In bound rules are applied to the traffic that is coming from the network and the Internet to
your computer or device. Outbound rules apply to the traffic from your computer to the network or the
Internet.
 These rules can be configured so that they are specific to: computers, users, programs, services,
ports or protocols. You can also specify to which type of network adapter (e.g. wireless, cable, virtual
private network) or user profile it is applied to.

In the Windows Firewall with Advanced Security, you can access all rules and edit their
properties. All you have to do is click or tap the appropriate unit in the left-side panel.

The rules used by the Windows Firewall can be enabled or disabled. The ones which are
enabled or active are marked with a green check-box in the Name column. The ones that are disabled are
marked with a gray check-box. If you want to know more about a specific rule and learn its properties, right
click on it and select Properties or select it and press Properties in the column on right, which lists the
actions that are available for your selection.
What are the Connection Security Rules?

Connection security rules are used to secure traffic between two computers while it crosses the
network. One example would be a rule which defines that connections between two specific computers
must be encrypted.

Unlike the inbound or outbound rules, which are applied only to one computer, connection
security rules require that both computers have the same rules defined and enabled.

If you want to see if there are any such rules on your computer, click or tap "Connection
Security Rules" on the panel on the left. By default, there are no such rules defined on Windows
computers and devices. They are generally used in business environments and such rules are set by the
network administrator.
What does the Windows Firewall with Advanced Security Monitor?

The Windows Firewall with Advanced Security includes some monitoring features as well. In
the Monitoring section you can find the following information: the firewall rules that are active (both
inbound and outbound), the connection security rules that are active and whether there are any active
security associations.