CS Lab Manual

DEPARTMENT OF COMPUTER SCIENCE
ENGINEERING
LAB MANUAL
B.Tech. VII Semester
CYBER SECURITY LAB (7CS4-22)
Modern Institute of Technology & Research Centre,

Alwar, Rajasthan
Affiliated to Bikaner Technical University, Bikaner.
i
7CS4-22 CYBER SECURITY LAB
TABLE OF CONTENTS
PAGE
S NO NAME OF EXPERIMENT
NO
Vision and Mission of the Institute ii
Vision and Mission of the Department iii
Program Outcome (s) iv
Course Outcome (s) vi
Lab Instructions vii
BTU Syllabus viii

Implement the following Substitution & Transposition Techniques 1-3
1 concepts: a) Caesar Cipher b) Rail fence row & Column Transformation
Implement the Diffie-Hellman Key Exchange mechanism using HTML
and JavaScript. Consider the end user as one of the parties (Alice) and the 4–6
2 JavaScript application as other party (bob).
3 Implement the following Attack: 7–9

a) Dictionary Attack b) Brute Force Attack
Installation of Wire shark, tcpdump, etc and observe data transferred in
client server communication using UDP/TCP and identify the UDP/TCP 10 – 13
4
datagram.
5 Installation of rootkits and study about the variety of options. 14 -17
6 Perform an Experiment to Sniff Traffic using ARP Poisoning. 18 – 19
7 Demonstrate intrusion detection system using any tool (snort or any other 20 – 23
s/w).
8 Demonstrate how to provide secure data storage, secure data transmission 24 - 25
and for creating digital signatures.
Department of Computer Science Engineering, MITRC, Alwar i

Vision and Mission of the Institute
Vision
To produce well trained professionals and leaders for serving society
and world at large through excellence in academics, research,
development and innovations.
Mission
M1: To provide state of the art facility for academic excellence that
caters to regional, national and global challenges.
M2: To identify emerging areas of technology that can provide
innovative and sustainable solutions to global challenges.
M3: To provide an environment of industry oriented research and
development
M4: To inculcate core values of professional ethics, team-work, inter
personal skills and life-Long learning for sustainable development
of the society.
Department of Computer Science Engineering, MITRC, Alwar ii

Vision and Mission of the Department
Vision
To create competent software professionals and leaders for serving
society and world at large through excellence in academics, research,
development and innovations.
Mission
M1: Provide strong theoretical and practical computer based skills to
meet the global technological changes.
M2: Provide a learning environment to enhance complex problem
solving skills, research based projects/activities and innovation.
M3: Establish Industry Institute Interaction Program to enhance the
entrepreneurship skills, leadership qualities, team-spirit and
ethical responsibilities.
M4: Prepare students for lifelong learning through sustainable
development.
Department of Computer Science Engineering, MITRC, Alwar iii

Program Outcomes (POs)
1. Engineering Knowledge: Apply the knowledge of mathematics,

science, engineering fundamentals and an engineering specialization to
the solution of complex engineering problem.
2. Problem analysis: Identify, formulate, review research literature,
and analyze complex engineering problems reaching substantiated
conclusions using first principles of mathematics, natural sciences, and
engineering science.
3. Design/development of solutions: Design solutions for complex
engineering problems and design system components or processes that
meet the specified needs with appropriate consideration for the public
health and safety, and the cultural, societal, and environmental
considerations.
4. Conduct investigations of complex problems: Use research-based
knowledge and research methods including design of experiments,
analysis and interpretation of data, and synthesis of the information to
provide valid conclusions.
5. Modern tool usage: Create, select, and apply appropriate
techniques, resources, and modern engineering and IT tools including
prediction and modelling to complex engineering activities with an
understanding of the limitations.
6. The engineer and society: Apply reasoning informed by the
contextual knowledge to assess societal, health, safety, legal and
Department of Computer Science Engineering, MITRC, Alwar iv
cultural issues and the consequent responsibilities relevant to the

professional engineering practice.
7. Environment and sustainability: Understand the impact of the
professional engineering solutions in societal and environmental
contexts, and demonstrate the knowledge of, and need for sustainable
development.
8. Ethics: Apply ethical principles and commit to professional ethics
and responsibilities and norms of the engineering practice.
9. Individual and team work: Function effectively as an individual,
and as a member or leader in diverse teams, and in multidisciplinary
settings.
10. Communication: Communicate effectively on complex
engineering activities with the engineering community and with
society at large, such as, being able to comprehend and write effective
reports and design documentation, make effective presentations, and
give and receive clear instructions.
11. Project management and finance: Demonstrate knowledge and
understanding of the engineering and management principles and
apply these to one’s own work, as a member and leader in a team, to
manage projects and in multidisciplinary environments.
12. Life-long learning: Recognize the need for, and have the
preparation and ability to engage in independent and life-long learning
in the broadest context of technological change.
Department of Computer Science Engineering, MITRC, Alwar v

Course Outcomes (Cos)
Course Outcomes: Upon successful completion of the course/Lab the

Students will be able to
CO1: Be able to implement the Substitution & Transposition Techniques
CO2: Understand the concept of Attacks in Networks.
CO3: Be capable to identity the appropriate tool for given cyber security
problem.
CO4: Have practical knowledge on the applications of Cyber security.
Department of Computer Science Engineering, MITRC, Alwar vi

Lab Instructions
1. Keep Silence in the lab.
2. Sit on your own seat which is assigned by faculty or lab staff.
3. Always follow the instruction given by lab staff for to perform the assigned
experiment.
4. Every student is responsible for any damage to the computer or any

component which is assigned for lab work.
5. Do not go to any other seat to assist any student without permission of lab
staff, if so, may be punished for that.
6. Always come to lab with your file and file work should be completed.
7. Please keep your bag at right place inside the lab.
8. Always get checked and signed your file work in time (experiment which
was performed in previous lab positively to be checked) after that faculty
may not check your work.
9. After performing the experiment the computer should be turned off and
power supply should be OFF.
Department of Computer Science Engineering, MITRC, Alwar vii

BTU SYLLABUS
Credit: 2 Max. Marks: 100(IA: 60, ETE: 40)

0L+0T+4P End Term Exam: 2 Hours
S.No List of Experiments

1 Implement the following Substitution & Transposition Techniques
concepts:
a) Caesar Cipher b) Rail fence row & Column Transformation
2 Implement the Diffie-Hellman Key Exchange mechanism using

HTML and JavaScript. Consider the end user as one of the parties
(Alice) and the JavaScript application as other party (bob).
3 Implement the following Attack:
a) Dictionary Attack b) Brute Force Attack
4 Installation of Wire shark, tcpdump, etc and observe data transferred
in client server communication using UDP/TCP and identify the
UDP/TCP datagram.
5 Installation of rootkits and study about the variety of options.
6 Perform an Experiment to Sniff Traffic using ARP Poisoning.

7 Demonstrate intrusion detection system using any tool (snort or any
other s/w).
8 Demonstrate how to provide secure data storage, secure data

transmission and for creating digital signatures.
Department of Computer Science Engineering, MITRC, Alwar viii

PROJECT: In a small area location such as a house, office or in a

classroom, There is a small network called a Local Area Network
(LAN). The project aims to transfer a file peer-to-peer from one
computer to another computer in the same LAN. It provides the
necessary authentication for file transferring in the network
transmission. By implementing the Server-Client technology, use
a File transfer Protocol mechanism and through socket
programming, the end user is able to send and receive the
encrypted and decrypted file in the LAN. An additional aim of
the project is to transfer a file between computers securely in
LANs. Elements of security are needed in the project because
securing the files is an important task, which ensures files are not
captured or altered by anyone on the same network. Whenever you
transmit files over a network, there is a good chance your data will
be encrypted by encryption technique. Any algorithm like AES is
used to encrypt the file that needs to transfer to another
computer. The encrypted file is then sent to a receiver computer
and will need to be decrypted before the user can open the file.
Department of Computer Science Engineering, MITRC, Alwar ix

Experiment No. 01
OBJECT: To implement the simple substitution technique named Caesar cipher
using C language.
Description:
1. To encrypt a message with a Caesar cipher, each letter in the message is
changed using a simple rule:
2. Shift by three. Each letter is replaced by the letter three letters ahead in the
alphabet. A becomes D, B
3. Becomes E, and so on. For the last letters, we can think of the alphabet as a
circle and "wrap around". W
4. Becomes Z, X becomes A, Y becomes B, and Z becomes C. To change a
message back, each letter is
5. Replaced by the one three before it.
Algorithm:
1. Read the plain text from the user. STEP-2: Read the key value from the user.
2. If the key is positive then encrypt the text by adding the key with each
character in the plain text.
3. Else subtract the key from the plain text. STEP-5: Display the cipher text
obtained above.
Program:
#include <stdio.h>
#include <string.h>
#include<conio.h>
#include <ctype.h>
void main()
{
char plain[10], cipher[10]; int key,i,length;
int result;
Department of Computer Science Engineering, MITRC, Alwar 1
clrscr();
printf("\n Enter the plain text:");
scanf("%s", plain);
printf("\n Enter the key value:");
scanf("%d", &key);
printf("\n \n \t PLAIN TEXt: %s",plain);
printf("\n \n \t ENCRYPTED TEXT: ");
for(i = 0, length = strlen(plain); i < length; i++)
{
cipher[i]=plain[i] + key;
if (isupper(plain[i]) && (cipher[i] > 'Z'))
cipher[i] = cipher[i] - 26;
if (islower(plain[i]) && (cipher[i] > 'z'))
cipher[i]= cipher[i] - 26;
printf("%c", cipher[i]);
}
printf("\n \n \t AFTER DECRYPTION : ");
for(i=0;i<length;i++)
{
plain[i]=cipher[i]-key;
if(isupper(cipher[i])&&(plain[i]<'A'))
plain[i]=plain[i]+26;
if(islower(cipher[i])&&(plain[i]<'a'))
plain[i]=plain[i]+26; printf("%c",plain[i]);
}
}
getch();

Output fig 1.1
Viva Voce:
1) What is Cipher Text?
2) Where the substitution techniques can be applied?
3) In this method, Can the any key be used?
4) What is encrypted text?
References:
1) Leiserson, Rivest: Introduction to Cyber Security, Prentice Hall of India.
2) Horowitz and Sahani: Fundamental of Cyber Security, Fifth Edition, May2019.
3) Aho A.V , J.D Ulman: Concepts of Security, AddisonWesley, June 2018.

Experiment No. 02
OBJECT: Implementation of rail fence – row & column transformation technique
Description:
In the rail fence cipher, the plain text is written downwards and diagonally on
successive "rails" of an imaginary fence, then moving up when we reach the
bottom rail. When we reach the top rail, the message is written downwards again
until the whole plain text is written out. The message is then read off in rows.
Algorithm:
STEP-1: Read the Plain text.
STEP-2: Arrange the plain text in row columnar matrix format.
STEP-3: Now read the keyword depending on the number of columns of the plain
text.
STEP-4: Arrange the characters of the keyword in sorted order and the
corresponding columns of the plain text.
STEP-5: Read the characters row wise or column wise in the former order to get
the cipher text.
Program :
#include<stdio.h>
#include<conio.h>
#include<string.h>
void main()
{
int i,j,k,l;
char a[20],c[20],d[20]; clrscr();
printf("\n\t\t RAIL FENCE TECHNIQUE");
printf("\n\nEnter the input string : ");
gets(a);
l=strlen(a);
/*Ciphering*/
for(i=0,j=0;i<l;i++)
{
if(i%2==0) c[j++]=a[i];
}
for(i=0;i<l;i++)
{
if(i%2==1) c[j++]=a[i];
}
c[j]='\0';
printf("\nCipher text after applying rail fence :");
printf("\n%s",c);
/*Deciphering*/
if(l%2==0) k=l/2;
else k=(l/2)+1;
for(i=0,j=0;i<k;i++)
{
d[j]=c[i]; j=j+2;
}
for(i=k,j=1;i<l;i++)
{
d[j]=c[i]; j=j+2;
}
d[l]='\0';
printf("\nText after decryption : ");
printf("%s",d);
getch();
}

Output Fig 2.1:
Viva Voce:
1) What is Rail Fence method?
2) Where the Rail Fence method can be used?
3) What do you mean by transformation method?
4) What is the process of conversion from encryption to decryption?
References:

Experiment No. 03
OBJECT: To implement the Diffie-Hellman Key Exchange algorithm using C
language.
Description:
Diffie–Hellman Key Exchange establishes a shared secret between two parties
that can be used for secret communication for exchanging data over a public
network. It is primarily used as a method of exchanging cryptography keys for use
in symmetric encryption algorithms like AES. The algorithm in itself is very
simple. The process begins by having the two parties, Alice and Bob. Let's
assume that Alice wants to establish a shared secret with Bob.
Fig 3.1: Diffie Hellman process
Algorithm:
STEP-1: Both Alice and Bob shares the same public keys g and p.
STEP-2: Alice selects a random public key a.
STEP-3: Alice computes his secret key A as g a mod p.
STEP-4: Then Alice sends A to Bob.
STEP-5: Similarly Bob also selects a public key b and computes his secret key as
B and sends the same back to Alice.

STEP-6: Now both of them compute their common secret key as the other one’s
secret key power of a mod p.
Program : (Diffie Hellman Key Exchange)
#include<stdio.h>
#include<conio.h>
long int power(int a, int b, int mod)
{
long long int t;
if (b==1)
return a;
t=power (a,b/2,mod);
if (b%2==0)
return (t*t)%mod;
else
return (((t*t)%mod)*a)%mod;
}
long int calculate
Key (int a, int x, int n)
{
return power(a,x,n);
}
void main()
{
int n,g,x,a,y,b;
clrscr();
printf ("Enter the value of n and g : ");
scanf ("%d%d",&n,&g);
printf ("Enter the value of x for the first person : ");
scanf ("%d",&x);
a=power (g,x,n);
printf ("Enter the value of y for the second person : ");

scanf ("%d",&y);
b=power (g,y,n);
printf ("key for the first person is :%lld\n",power(b,x,n));
printf ("key for the second person is :%lld\n",power(a,y,n));
getch ();
}
Output:
Viva Voce :
1) What is Diffie hellman method?
2) Where the Diffie hellman method can be used?
References :

Experiment No. 04
OBJECT: Installing Root Kit in a system.
Description:
Breaking the term rootkit into the two component words, root and kit, is a useful
way to define it. Root is a UNIX/Linux term that's the equivalent of Administrator
in Windows. The word kit denotes programs that allow someone to obtain
root/admin-level access to the computer by executing the programs in the kit —
all of which is done without end- user consent or knowledge. A rootkit is a type of
malicious software that is activated each time your system boots up. Rootkits are
difficult to detect because they are activated before your system's Operating
System has completely booted up. A rootkit often allows the installation of hidden
files, processes, hidden user accounts, and more in the systems OS. Rootkits are
able to intercept data from terminals, network connections, and the keyboard.
Rootkits have two primary functions: remote command/control (back door) and
software eavesdropping. Rootkits allow someone, legitimate or otherwise to
administratively control a computer. This means executing files, accessing logs,
monitoring user activity, and even changing the computer's configuration
Therefore, in the strictest sense, even versions of VNC are rootkits. This surprises
most people, as they consider rootkits to be solely malware, but in of themselves
they aren't malicious at all. The presence of a rootkit on a network was first
documented in the early 1990s. At that time, Sun and Linux operating systems
were the primary targets for a hacker looking to install a rootkit. Today, rootkits
are available for a number of operating systems, including Windows, and are
increasingly difficult to detect on any network.
Procedure:
STEP-1: Download Rootkit Tool from GMER website www.gmer.net.
STEP-2: This displays the Processes, Modules, Services, Files, Registry, RootKit
/ Malwares, Auto start, CMD of local host.
STEP-3: Select Processes menu and kill any unwanted process if any.
STEP-4: Modules menu displays the various system files like .sys, .dll
STEP-5: Services menu displays the complete services running with Autostart,
Enable, Disable, System, Boot.
STEP-6: Files menu displays full files on Hard-Disk volumes.
STEP-7: Registry displays Hkey_Current_user and Hkey_Local_Machine.
STEP-8: Rootkits / Malwares scans the local drives selected.
STEP-9: Auto start displays the registry base Auto start applications.
STEP-10: CMD allows the user to interact with command line utilities or Registry
Fig 4.1:

Fig 4.2:

Viva Voce :
1) What is Root Kit?
2) What are the procedures and methods which are used?
3) What is the process to install rootkit?
References :

Experiment No. 05
Object: Installation of Wire shark, tcpdump, etc and observe data transferred in
client server communication using UDP/TCP and identify the UDP/TCP
datagram.
Introduction: The first part of the lab introduces packet sniffer, Wireshark.
Wireshark is a free open- source network protocol analyzer. It is used for network
troubleshooting and communication protocol analysis. Wireshark captures
network packets in real time and display them in human-readable format. It
provides many advanced features including live capture and offline analysis,
three-pane packet browser, coloring rules for analysis. This document uses
Wireshark for the experiments, and it covers Wireshark installation, packet
capturing, and protocol analysis
Background TCP/IP Network Stack
Background
TCP/IP Network Stack

In the CSC 4190 Introduction to Computer Networking (one of the perquisite

courses), TCP/IP network stack is introduced and studied. This background
section briefly explains the concept of TCP/IP network stack to help you better
understand the experiments. TCP/IP is the most commonly used network model
for Internet services. Because its most important protocols, the Transmission
Control Protocol (TCP) and the Internet Protocol (IP) were the first
networking protocols defined in this standard, it is named as TCP/IP.
However, it contains multiple layers including application layer, transport layer,
network layer, and data link layer.
- Application Layer: The application layer includes the protocols used by most
applications for providing user services. Examples of application layer protocols
are Hypertext Transfer Protocol (HTTP), Secure Shell (SSH), File Transfer
Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).
- Transport Layer: The transport layer establishes process-to-process
connectivity, and it
provides end-to-end services that are independent of underlying user data.
To implement the process-to-process communication, the protocol introduces a

concept of port. The examples of transport layer protocols are Transport Control
Protocol (TCP) and User Datagram Protocol (UDP). The TCP provides flow-
control, connection establishment, and reliable transmission of data, while the
UDP is a connectionless transmission model
In the CSC 4190 Introduction to Computer Networking (one of the perquisite
courses), TCP/IP network stack is introduced and studied. This background
section briefly explains the concept of TCP/IP network stack to help you better
understand the experiments. TCP/IP is the most commonly used network model
for Internet services. Because its most important protocols, the Transmission
Control Protocol (TCP) and the Internet Protocol (IP) were the first networking
protocols defined in this standard, it is named as TCP/IP. However, it
contains multiple layers including application layer, transport layer, network
layer, and data link layer. Application Layer: The application layer includes the
protocols used by most applications for providing user services. Examples of
application layer protocols are Hypertext Transfer Protocol (HTTP), Secure
Shell (SSH), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol
(SMTP). - Transport Layer: The transport layer establishes process-to-process
connectivity, and it provides end-to-end services that are independent of
underlying user data. To implement the process-to-process communication, the
protocol introduces a concept of port. The examples of transport layer protocols
are Transport Control Protocol (TCP) and User Datagram Protocol (UDP). The
TCP provides flow- control, connection establishment, and reliable
transmission of data, while the UDP is a connectionless transmission model.
- Internet Layer: The Internet layer is responsible for sending packets to across
networks. It has two functions: 1) Host identification by using IP addressing
system (IPv4 and IPv6); and 2) packets routing from source to destination.
The examples of Internet layer protocols are Internet Protocol (IP), Internet
Control Message Protocol (ICMP), and Address Resolution Protocol (ARP).

- Link Layer: The link layer defines the networking methods within the scope of
the local network link. It is used to move the packets between two hosts on
the same link. An common example of link layer protocols is Ethernet.
- Internet Layer: The Internet layer is responsible for sending packets to across
networks. It has two functions: 1) Host identification by using IP addressing
system (IPv4 and IPv6); and 2) packets routing from source to destination. The
examples of Internet layer protocols are Internet Protocol (IP), Internet Control
Message Protocol (ICMP), and Address Resolution Protocol (ARP). Link
Layer: The link layer defines the networking methods within the scope of the
local network link. It is used to move the packets between two hosts on the
same link. An common example of link layer protocols is Ethernet.
Packet Sniffer Packet sniffer is a basic tool for observing network packet
exchanges in a computer. As the name suggests, a packet sniffer captures
(“sniffs”) packets being sent/received from/by your computer; it will also
typically store and/or display the contents of the various protocol fields in these
captured packets. A packet sniffer itself is passive. It observes messages being
sent and received by applications and protocols running on your computer, but
never sends packets itself. Figure 3 shows the structure of a packet sniffer. At the
right of Figure 3 are the protocols (in this case, Internet protocols) and
applications (such as a web browser or ftp client) that normally run on
your computer. The packet sniffer, shown within the dashed rectangle in Figure 3
is an addition to the usual software in your computer, and consists of two parts.
The packet capture library receives a copy of every link-layer frame that is sent
from or received by your computer. Messages exchanged by higher layer
protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually
encapsulated in link-layer frames that are transmitted over physical media
such as an Ethernet cable. In Figure 1, the assumed physical media is an
Ethernet, and so all upper-layer protocols are eventually encapsulated within
an Ethernet frame. Capturing all link-layer frames thus gives you access to
all messages sent/received from/by all protocols and applications executing in
your computer. The second component of a packet sniffer is the packet analyzer,
which displays the contents of all fields within a protocol message. In order to do
so, the packet analyzer.
must “understand” the structure of all messages exchanged by protocols. For

example, suppose we are interested in displaying the various fields in messages
exchanged by the HTTP protocol in Figure 3. The packet analyzer understands
the format of Ethernet frames, and so can identify the IP datagram within an
Ethernet frame. It also understands the IP datagram format, so that it can extract
the TCP segment within must “understand” the structure of all messages
exchanged by protocols. For example, suppose we are interested in displaying the
various fields in messages exchanged by the HTTP protocol in Figure 3. The
packet analyzer understands the format of Ethernet frames, and so can identify the
IP datagram within an Ethernet frame. It also understands the IP datagram format,
so that it can extract the TCP segment within the IP datagram. Finally, it
understands the TCP segment structure, so it can extract the HTTP message
contained in the TCP segment. Finally, it understands the HTTP protocol and so,
for example, knows that the first bytes of an HTTP message will contain the
string “GET,” “POST,” or “HEAD”. We will be using the Wireshark packet
sniffer [http://www.wireshark.org/] for these labs, allowing us to display the
contents of messages being sent/received from/by protocols at different levels of
the protocol stack. (Technically speaking, Wireshark is a packet analyzer that
uses a packet capture library in your computer). Wireshark is a free network
protocol analyzer that runs on Windows, Linux/Unix, and Mac computers.

Getting Wireshark The Kai Linux has Wireshark installed. You can just launch
the Kali Linux VM and open Wireshark there. Wireshark can also be downloaded
from here:
Starting Wireshark When you run the Wireshark program, the Wireshark graphic
user interface will be shown as Figure 5. Currently, the program is not capturing
the packets.

Then, you need to choose an interface. If you are running the Wireshark on your
laptop, you need to select WiFi interface. If you are at a desktop, you need to
select the Ethernet interface being used. Note that there could be multiple
interfaces. In general, you can select any interface but that does not mean that
traffic will flow through that interface. The network interfaces (i.e., the physical
connections) that your computer has to the network are shown. The attached
Figure 6 was taken from my computer. After you select the interface, you can
click start to capture the packets as shown in Figure 7 must “understand” the
structure of all messages exchanged by protocols. For example, suppose we are
interested in displaying the various fields in messages exchanged by the HTTP
protocol in Figure 3. The packet analyzer understands the format of Ethernet
frames, and so can identify the IP datagram within an Ethernet frame. It also
understands the IP datagram format, so that it can extract the TCP segment within
Then, you need to choose an interface. If you are running the Wireshark
on your laptop, you need to select WiFi interface. If you are at a desktop, you
need to select the Ethernet interface being used. Note that there could be multiple
interfaces. In general, you can select any interface but that does not mean that
traffic will flow through that interface. The network interfaces (i.e., the physical
connections) that your computer has to the network are shown. The attached
Figure 6 was taken from my computer. After you select the interface, you can
click start to capture the packets as shown in Figure 7.

The Wireshark interface has five major components: The command menus are
standard pulldown menus located at the top of the window. Of interest to us now
is the File and Capture menus. The File menu allows you to save captured packet
data or open a file containing previously captured packet data, and exit the
Wireshark application. The Capture menu allows you to begin packet capture.
The packet-listing window displays a one-line summary for each packet captured,
including the packet number (assigned by Wireshark; this is not a packet number
contained in any protocol’s header), the time at which the packet was captured,
the packet’s source and destination addresses, the protocol type, and protocol-
specific information contained in the packet. The packet listing can be sorted
according to any of these categories by clicking on a column name. The protocol
type field lists the highest- level protocol that sent or received this packet, i.e., the
protocol that is the source or ultimate sink for this packet. The packet-header
details window provides details about the packet selected (highlighted) in the
packet-listing window. (To select a packet in the packet-listing window, place the
cursor over the packet’s one-line summary in the packet-listing window and click
with the left mouse button.). These details include information about the Ethernet
frame and IP datagram that contains this packet. The amount of Ethernet and IP-
layer detail displayed can be expanded or minimized by clicking on the right-
pointing or down-pointing arrowhead to the left of the Ethernet frame or IP
datagram line in the packet details window. If the packet has been carried over
TCP or UDP, TCP or UDP details will also be displayed, which can
similarly be expanded or minimized. Finally, details about the highest-level
protocol that sent or received this packet are also provided. The packet-contents
window displays the entire contents of the captured frame, in both ASCII
and hexadecimal format. Towards the top of the Wireshark graphical user
interface, is the packet display filter field, into which a protocol name or other
information can be entered in order to filter the information displayed in
the packet-listing window (and hence the packet-header and packet-contents
windows). In the example below, we’ll use the packet-display filter field to have
Wireshark hide (not display) packets except those that correspond to HTTP
messages.
Capturing Packets After downloading and installing Wireshark, you can launch it
and click the name of an interface under Interface List to start capturing packets
on that interface. For example, if you want to capture traffic on the wireless
network, click your wireless interface.
Test Run Do the following steps:
1. Start up the Wireshark program (select an interface and press start to capture
packets).
2. Start up your favorite browser (ceweasel in Kali Linux).
3. In your browser, go to Wayne State homepage by typing www.wayne.edu.
4. After your browser has displayed the http://www.wayne.edu page, stop
Wireshark packet capture by selecting stop in the Wireshark capture window.
This will cause the Wireshark capture window to disappear and the main
Wireshark window to display all.
5. Color Coding: You’ll probably see packets highlighted in green, blue,

and black. Wireshark uses colors to help you identify the types of traffic at
a glance. By default, green is TCP traffic, dark blue is DNS traffic, light blue is
UDP traffic, and black identifies TCP packets with problems — for example, they
could have been delivered out-of-order.
6. You now have live packet data that contains all protocol messages exchanged
between your computer and other network entities! However, as you will
notice the HTTP messages are not clearly shown because there are many other
packets included in the packet capture. Even though the only action you took was
to open your browser, there are many other programs in your computer that
communicate via the network in the background. To filter the connections to
the ones we want to focus on, we have to use the filtering functionality of
Wireshark by typing “http” in the filtering field as shown below:
Notice that we now view only the packets that are of protocol HTTP. However,
we also still do not have the exact communication we want to focus on because
using HTTP as a filter is not descriptive enough to allow us to find our
connection to http://www.wayne.edu. We need to be more precise if we
want to capture the correct set of packets.
7. To further filter packets in Wireshark, we need to use a more precise filter.
By setting the http.host==www.wayne.edu, we are restricting the view to packets
that have as an http host the www.wayne.edu website. Notice that we need two
equal signs to perform the match “==” not just one. See the screenshot below:

8. Now, we can try another protocol. Let’s use Domain Name System (DNS)
protocol as an example here.
9. Let’s try now to find out what are those packets contain by following
one of the conversations (also called network flows), select one of the packets
and press the right mouse button (if you are on a Mac use the command button
and click), you should see something similar to the screen below

Click on Follow UDP Stream, and then you will see following screen
10. If we close this window and change the filter back to

“http.host==www.wayne.edu” and then follow a packet from the list of packets
that match that filter, we should get the something similar to the following
screens. Note that we click on Follow TCP Stream this time.

Viva Voce:
1) What is the concept of wire shark?
2) What is the type of tcp connection?
3) What is the type of udp connection?
4) What is the difference between tcp and udp?
References:

Experiment No. 06
Object: Perform an Experiment to Sniff Traffic using ARP Poisoning.
ARP is the acronym for Address Resolution Protocol. It is used to convert IP
address to physical addresses [MAC address] on a switch. The host sends an
ARP broadcast on the network, and the recipient computer responds with its
physical address [MAC Address]. The resolved IP/MAC address is then
used to communicate. ARP poisoning is sending fake MAC addresses to the
switch so that it can associate the fake MAC addresses with the IP address
of a genuine computer on a network and hijack the traffic. ARP Poisoning
Countermeasures Static ARP entries: these can be defined in the local ARP cache
and the switch configured to ignore all auto ARP reply packets. The
disadvantage of this method is, it’s difficult to maintain on large networks.
IP/MAC address mapping has to be distributed to all the computers on the
network. ARP poisoning detection software: these systems can be used to cross
check the IP/MAC address resolution and certify them if they are
authenticated. Uncertified IP/MAC address resolutions can then be blocked.
Operating System Security: this measure is dependent on the operating
system been used. The following are the basic techniques used by various
via the registry. The following list includes some of the software that can be
– provides protection
–provides
protection against passive s – provides protection against both
communicate using networks. These networks could be on a local area network

LAN or exposed to the internet. Network Sniffers are programs that capture low-
level package data that is transmitted over a network. An attacker can analyze this
information to discover valuable information such as user ids and passwords.
this article, we will introduce you to common network sniffing techniques and
tools used to sniff networks.
What is network sniffing?
Computers communicate by broadcasting messages on a network using IP
addresses. Once a message has been sent on a network, the recipient computer
with the matching IP address responds with its MAC address.
Network sniffing is the process of intercepting data packets sent over a network.
This can be done by the specialized software program or hardware equipment.
Sniffing can be used to;
 Capture sensitive data such as login credentials
 Eavesdrop on chat messages
 Capture files have been transmitted over a network
The following are protocols that are vulnerable to sniffing
 Telnet
 Rlogin
 HTTP
 SMTP
 NNTP
 POP
 FTP
 IMAP
The above protocols are vulnerable if login details are sent in plain text
Passive and Active Sniffing
Before we look at passive and active sniffing, let’s look at two major devices used
to network computers; hubs and switches.

A hub works by sending broadcast messages to all output ports on it except the
one that has sent the broadcast. The recipient computer responds to the
broadcast message if the IP address matches. This means when using a
hub, all the computers on a network can see the broadcast message. It
operates at the physical layer (layer 1) of the OSI Model.
The diagram below illustrates how the hub works.
A switch works differently; it maps IP/MAC addresses to physical ports on it.

Broadcast messages are sent to the physical ports that match the IP/MAC address
configurations for the recipient computer. This means broadcast messages are
only seen by the recipient computer. Switches operate at the data link layer (layer
2) and network layer (layer 3). The diagram below illustrates how the switch
works.

Passive sniffing is intercepting packages transmitted over a network that uses a

hub. It is called passive sniffing because it is difficult to detect. It is also easy to
perform as the hub sends broadcast messages to all the computers on the network.
Active sniffing is intercepting packages transmitted over a network that uses a
switch. There are two main methods used to sniff switch linked networks, ARP
Poisoning, and MAC flooding.
Sniffing the network using Wireshark The illustration below shows you the steps
that you will carry out to complete this exercise without confusion.
Download Wireshark from this link http://www.wireshark.org/download.html

Open Wireshark You will get the following screen

Select the network interface you want to sniff. Note for this demonstration, we are
using a wireless network connection. If you are on a local area network, then you
should select the local area network interface.
 Click on start button as shown above
Select the network interface you want to sniff. Note for this demonstration, we are
using a wireless network connection. If you are on a local area network, then you
should select the local area network interface.
Click on start button as shown above
Open your web browser and type in http://www.techpanda.org/

Open your web browser and type in http://www.techpanda.org/
The login email is admin@google.com and the password is Password2010

 Click on submit button
 A successful logon should give you the following dashboard
The login email is admin@google.com and the password is Password2010
 Click on submit button
 A successful logon should give you the following dashboard
Go back to Wireshark and stop the live capture

Filter for HTTP protocol results only using the filter textbox
Locate the Info column and look for entries with the HTTP verb POST and click
on it
Just below the log entries, there is a panel with a summary of captured data. Look
for the summary that says Line-based text data: application/x-www-form-
urlencoded. Just below the log entries, there is a panel with a summary of
captured data. Look for the summary that says Line-based text data: application/x-
www-form-urlencoded

You should be able to view the plaintext values of all the POST variables
submitted to the server via HTTP protocol.
You should be able to view the plaintext values of all the POST variables
submitted to the server via HTTP protocol.

Experiment No. 07
Object: Working with snort tool to demonstrate intrusion detection system

Introduction:
Intrusion Detection System :
Intrusion detection is a set of techniques and methods that are used to detect
suspicious activity both at the network and host level. Intrusion detection systems
fall into two basic categories:
 Signature-based intrusion detection systems
 Anomaly detection systems.
Intruders have signatures, like computer viruses, that can be detected using
software. You try to find data packets that contain any known intrusion-related
signatures or anomalies related to Internet protocols. Based upon a set of
signatures and rules, the detection system is able to find and log suspicious
activity and generate alerts.
Anomaly-based intrusion detection usually depends on packet anomalies
present in protocol header parts. In some cases these methods produce better
results compared to signature-based IDS. Usually an intrusion detection system
captures data from the network and applies its rules to that data or detects
anomalies in it. Snort is primarily a rule-based IDS, however input plug-ins are
present to detect anomalies in protocol headers.
SNORT TOOL:
Snort is based on libpcap (for library packet capture), a tool that is widely used in
TCP/IP traffic sniffers and analyzers. Through protocol analysis and content
searching and matching, Snort detects attack methods, including denial of service,
buffer overflow, CGI attacks, stealth port scans, and SMB probes. When
suspicious behavior is detected, Snort sends a real-time alert to syslog, a separate
'alerts' file, or to apop-up window. Snort is currently the most popular free
network intrusion detection software. The advantages of Snort are numerous.
According to the snort web site, “It can perform protocol analysis, content
searching/matching, and can be used to detect a variety of attacks and probes,

such as buffer overflow, stealth port scans, CGI attacks, SMB probes, OS
fingerprinting attempts, and much more” (Caswell). One of the advantages of
Snort is its ease of configuration. Rules are very flexible, easily written, and easily
inserted into the rule base. If a new exploit or attack is found a rule for the attack
can be added to the rule base in a matter of seconds. Another advantage of snort is
that it allows for raw packet data analysis.
SNORT can be configured to run in three modes:
1. Sniffer mode
2. Packet Logger mode
3. Network Intrusion Detection System mode
1. Sniffer mode
# Snort –v Print out the TCP/IP packets header on the screen
# Snort –vd show the TCP/IP ICMP header with application data in transmit
2. Packet Logger mode
# snort –dev –l c:\log [create this directory in the C drive] and snort will
automatically know to go into packet logger mode, it collects every packet it sees
and places it in log directory.
# snort –dev –l c:\log –h ipaddress/24:This rule tells snort that you want to print
out the data link and TCP/IP headers as well as application data into the log
directory. snort –l c:\log –b This is binary mode logs everything into a single file.
3. Network Intrusion Detection System mode
# snort –d c:\log –h ipaddress/24 –c snort.conf This is a configuration file applies
rule to each packet to decide it an action based upon the rule type in the file.
# Snort –d –h ipaddress/24 –l c:\log –c snort.conf This will cnfigure snort to run
in its most basic NIDS form, logging packets that trigger rules specifies in the
snort.conf.

PROCEDURE:
STEP-1: Sniffer mode# snort –v # Print out the TCP/IP packets header on the
screen.
STEP-2: Snort –vd # Show the TCP/IP ICMP header with application data in
transit.
STEP-3: Packet Logger mode # snort –dev –l c:\log [create this directory in the C
drive] and snort will automatically know to go into packet logger mode, it collects
every packet it sees and places it in log directory.
STEP-4: snort –dev –l c:\log –h ipaddress/24 # This rule tells snort that you want
to print out the data link and TCP/IP headers as well as application data into the
log directory.
STEP-5: snort –l c:\log –b # this binary mode logs everything into a single file.
STEP-6: Network Intrusion Detection System mode # snort –d c:\log –h
ipaddress/24 –c snort.conf # This is a configuration file that applies rule to each
packet to decide it an action based upon the rule type in the file.
STEP-7: snort –d –h ip address/24 –l c:\log –c snort.conf # This will configure
snort to run in its most basic NIDS form, logging packets that trigger rules
specifies in the snort.conf.
STEP-8: Download SNORT from snort.org. Install snort with or without database
support.
STEP-9: Select all the components and Click Next. Install and Close.
STEP-10: Skip the WinPcap driver installation.
STEP-11: Add the path variable in windows environment variable by selecting
new classpath.
STEP-12: Create a path variable and point it at snort.exe variable name # path and
variable value # c:\ snort\bin.
STEP-13: Click OK button and then close all dialog boxes. Open command
prompt and type the following commands.

INSTALLATION PROCESS:

Fig 5.1 SNOT Installation process

Viva Voce:
1) What is Snort method?
2) Where the Snort method can be used?
References:

Experiment No. 08
Object: Demonstrate how to provide secure data storage, secure data
transmission and for creating digital signatures.
INTRODUCTION:
# Here’s the final guide in my PGP basics series, this time focusing on Windows
# The OS in question will be Windows 7, but it should work for Win8 and Win8.1
as well
# Obviously it’s not recommended to be using Windows to access the DNM, but I
won’t go into the reasons here.
Tool: GPG4WIN
Installing the software:
1. Visit www.gpg4win.org www.gpg4win.org. Click on the “Gpg4win 2.3.0”
button
2. On the following screen, click the “Download Gpg4win” button.
3. When the “Welcome” screen is displayed, click the “Next” button
4. When the “License Agreement” page is displayed, click the “Next” button
5. Set the check box values as specified below, then click the “Next” button
6. Set the location where you want the software to be installed. The default
location is fine. Then, click the “Next” button.
7. Specify where you want shortcuts to the software placed, then click the “Next”
button.
8. If you selected to have a GPG shortcut in your Start Menu, specify the folder in
which it will be placed.
9. The default “Gpg4win” is OK. Click the “Install” button to continue
10. A warning will be displayed if you have Outlook or Explorer opened. If this
occurs, click the “OK” button.
11. The installation process will tell you when it is complete. Click the “Next”
button

12. Once the Gpg4win setup wizard is complete, the following screen will be
displayed. Click the “Finish” button
13. If you do not uncheck the “Show the README file” check box, the
README file will be displayed. The window can be closed after you’ve
reviewed it.
CREATING YOUR PUBLIC AND PRIVATE KEYS

GPG encryption and decryption is based upon the keys of the person who will be
receiving the encrypted file or message. Any individual who wants to send the
person an encrypted file or message must possess the recipient’s public key
certificate to encrypt the message. The recipient must have the associated private
key, which is different than the public key, to be able to decrypt the file. The
public and private key pair for an individual is usually generated by the individual
on his or her computer using the installed GPG program, called “Kleopatra” and
the following procedure.
The following screen will be displayed From the “File” dropdown, click on the
“New Certificate” Option

The following screen will be displayed. Click on “Create a personal OpenGPG

key pair” and the “Next” button

Enter your name and e-mail address. You may also enter an optional comment.
Then, click the “Next” button

Review your entered values. If OK, click the “Create Key” button
You will be asked to enter a passphrase

The passphrase should follow strong password standards. After you’ve entered
your passphrase, click the “OK” button.
You will be asked to re-enter the passphrase Re-enter the passphrase value. Then
click the “OK” button. If the passphrases match, the certificate will be created.

Once the certificate is created, the following screen will be displayed. You can
save a backup of your public and private keys by clicking the “Make a backup Of
Your Key Pair” button. This backup can be used to copy certificates onto other
authorized computers.

If you choose to backup your key pair, you will be presented with the following
screen:
Specify the folder and name the file. Then click the “OK” button.
After the key is exported, the following will be displayed. Click the “OK” button

You will be returned to the “Key Pair Successfully Created” screen. Click the
“Finish” button.
Before the program closes, you will need to confirm that you want to close the
program by clicking on the “Quit Kleopatra” button.

DECRYPTING AN ENCRYPTED E-MAIL THAT HAS BEEN SENT TO YOU:

Open the e-mail message
Select the GpgOL tab

Click the “Decrypt” button
A command window will open along with a window that asks for the Passphrase
to your private key that will be used to decrypt the incoming message.

Enter your passphrase and click the “OK” button
The results window will tell you if the decryption succeeded. Click the “Finish”
button top close the window
Your unencrypted e-mail message body will be displayed.

When you close the e-mail you will be asked if you want to save the e-mail
message in its unencrypted form. For maximum security, click the “No” button.
This will keep the message encrypted within the e-mail system and will require
you to enter your passphrase each time you reopen the e-mail message.
Result:
Thus the secure data storage, secure data transmission and for creating digital
signatures (GnuPG) was developed successfully.
Viva Voce :
1) What is Rail Fence method?
2) Where the Rail Fence method can be used?
References :

CS Lab Manual

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CS Lab Manual

Uploaded by

Copyright:

Available Formats

DEPARTMENT OF COMPUTER SCIENCE

CYBER SECURITY LAB (7CS4-22)

Modern Institute of Technology & Research Centre,

Vision and Mission of the Institute ii

Vision and Mission of the Department iii

Program Outcome (s) iv

Course Outcome (s) vi

Lab Instructions vii

BTU Syllabus viii

3 Implement the following Attack: 7–9

Department of Computer Science Engineering, MITRC, Alwar i

Vision and Mission of the Institute

Department of Computer Science Engineering, MITRC, Alwar ii

Vision and Mission of the Department

Department of Computer Science Engineering, MITRC, Alwar iii

Program Outcomes (POs)

1. Engineering Knowledge: Apply the knowledge of mathematics,

cultural issues and the consequent responsibilities relevant to the

Department of Computer Science Engineering, MITRC, Alwar v

Course Outcomes (Cos)

Course Outcomes: Upon successful completion of the course/Lab the

CO1: Be able to implement the Substitution & Transposition Techniques

CO2: Understand the concept of Attacks in Networks.

CO4: Have practical knowledge on the applications of Cyber security.

Department of Computer Science Engineering, MITRC, Alwar vi

1. Keep Silence in the lab.

2. Sit on your own seat which is assigned by faculty or lab staff.

4. Every student is responsible for any damage to the computer or any

7. Please keep your bag at right place inside the lab.

Department of Computer Science Engineering, MITRC, Alwar vii

Credit: 2 Max. Marks: 100(IA: 60, ETE: 40)

S.No List of Experiments

2 Implement the Diffie-Hellman Key Exchange mechanism using

5 Installation of rootkits and study about the variety of options.

6 Perform an Experiment to Sniff Traffic using ARP Poisoning.

8 Demonstrate how to provide secure data storage, secure data

Department of Computer Science Engineering, MITRC, Alwar viii

PROJECT: In a small area location such as a house, office or in a

Department of Computer Science Engineering, MITRC, Alwar ix

OBJECT: To implement the simple substitution technique named Caesar cipher

Department of Computer Science Engineering, MITRC, Alwar 2

Output fig 1.1

Department of Computer Science Engineering, MITRC, Alwar 3

OBJECT: Implementation of rail fence – row & column transformation technique

Department of Computer Science Engineering, MITRC, Alwar 5

Output Fig 2.1:

Department of Computer Science Engineering, MITRC, Alwar 6

OBJECT: To implement the Diffie-Hellman Key Exchange algorithm using C

Department of Computer Science Engineering, MITRC, Alwar 7

printf ("Enter the value of y for the second person : ");

Department of Computer Science Engineering, MITRC, Alwar 9

OBJECT: Installing Root Kit in a system.

Department of Computer Science Engineering, MITRC, Alwar 11

Department of Computer Science Engineering, MITRC, Alwar 12

Department of Computer Science Engineering, MITRC, Alwar 13

Background TCP/IP Network Stack

Department of Computer Science Engineering, MITRC, Alwar 14

In the CSC 4190 Introduction to Computer Networking (one of the perquisite

Department of Computer Science Engineering, MITRC, Alwar 15

Department of Computer Science Engineering, MITRC, Alwar 16

must “understand” the structure of all messages exchanged by protocols. For

Department of Computer Science Engineering, MITRC, Alwar 18

Department of Computer Science Engineering, MITRC, Alwar 19

Department of Computer Science Engineering, MITRC, Alwar 20