Cybersecurity Lab Maual

lOMoARcPSD|36537134
Cybersecurity lab maual
cyber security lab (Rajasthan Technical University)
Studocu is not sponsored or endorsed by any college or university

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)
lOMoARcPSD|36537134
LAB MANUAL
Lab Name : CYBER SECURITY LAB
Lab Code : 7CS4-22
Branch : Computer Science and Engineering
Year : 4th Year
Jaipur Engineering College and Research Centre, Jaipur

Department of Computer Science& Engineering
(Rajasthan Technical University, KOTA)

lOMoARcPSD|36537134
INDEX
S.NO CONTENTS PAGE NO.
1 VISION AND MISION 4

2. PEOs 4
3. Pos 5
4. Cos 6
5. MAPPING OF COs & Pos 6
6. SYLLABUS 7
7. BOOKS 8
8. INSTRUCTIONAL METHODS 8
9. LEARNING MATERIALS 9
10. ASSESSMENT OF OUTCOMES 9
LIST OF EXPERIMENTS (RTU SYLLABUS)
Exp:- 1 Objectives: -1. Implement the following Substitution & 12

Transposition Techniques concepts: a) Caesar Cipherb) Rail
fence row & Column Transformation.
Exp:- 2 Objectives: -2. Implement the Diffie-Hellman Key Exchange 14

mechanism using HTML and JavaScript. Consider the end
user as one of the parties (Alice) and the JavaScript
application as other party (bob).
Exp:-3 Objectives:-3. Implement the following Attack: a) Dictionary 16
Attack b) Brute Force Attack.
Exp:-4 Objectives:-4.Installation of Wire shark, tcpdump, etc and
observe data transferred in client server communication using
UDP/TCP and identify the UDP/TCP datagram.
Exp:-5 Objectives:-5. Installation of rootkits and study about the

variety of options.
Exp:-6 Objectives:-6. Perform an Experiment to Sniff Traffic using

ARP Poisoning.
Exp:-7 Objectives:-7. Demonstrate intrusion detection system using
any tool (snort or any other s/w).
Exp:-8 Objectives:-8. Demonstrate how to provide secure data
storage, secure data transmission and for creating digital
signatures.

lOMoARcPSD|36537134
JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTER

Department of Computer Science and Engineering
Branch: Computer Science and Engineering Semester: 7th
Course Name: CYBER Security LAB Code: 7CS4-22
External Marks: 40 Practical hrs: 4hr/week
Internal Marks: 60 Total Marks: 100
Credit:2
1. VISION & MISSION

VISION: To become renowned Centre of excellence in computer science and engineering and make
competent engineers & professionals with high ethical values prepared for lifelong learning.
MISSION:
M1: To impart outcome based education for emerging technologies in the field of computer
science and engineering.
M2: To provide opportunities for interaction between academia and industry.
M3: To provide platform for lifelong learning by accepting the change in technologies
M4: To develop aptitude of fulfilling social responsibilities
2. PROGRAM EDUCATIONAL OBJECTIVES (PEOs)

PEO1: To provide students with the fundamentals of Engineering Sciences with more emphasis in
Computer Science & Engineering by way of analyzing and exploiting engineering challenges.
PEO2: To train students with good scientific and engineering knowledge so as to comprehend,
analyze, design, and create novel products and solutions for the real life problems in Computer
Science and Engineering
PEO3: To inculcate professional and ethical attitude, effective communication skills, teamwork
skills, multidisciplinary approach, entrepreneurial thinking and an ability to relate engineering issues
with social issues for Computer Science & Engineering.
PEO4: To provide students with an academic environment aware of excellence, leadership, written
ethical codes and guidelines, and the self-motivated life-long learning needed for a successful
professional career in Computer Science & Engineering.
PEO5: To prepare students to excel in Industry and Higher education by Educating Students along
with High moral values and Knowledge in Computer Science & Engineering.

lOMoARcPSD|36537134
3. PROGRAM OUTCOMES (POs)
1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering

fundamentals, and Computer Science & Engineering specialization to the solution of complex
Computer Science & Engineering problems.
2. Problem analysis: Identify, formulate, research literature, and analyze complex Computer Science
and Engineering problems reaching substantiated conclusions using first principles of mathematics,
natural sciences, and engineering sciences.
3. Design/development of solutions: Design solutions for complex Computer Science and
Engineering problems and design system components or processes that meet the specified needs with
appropriate consideration for the public health and safety, and the cultural, societal, and
environmental considerations.
4. Conduct investigations of complex problems: Use research-based knowledge and research
methods including design of Computer Science and Engineering experiments, analysis and
interpretation of data, and synthesis of the information to provide valid conclusions.
5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern
engineering and IT tools including prediction and modeling to complex Computer Science
Engineering activities with an understanding of the limitations.
6. The engineer and society: Apply reasoning informed by the contextual knowledge to assess
societal, health, safety, legal and cultural issues and the consequent responsibilities relevant to the
professional Computer Science and Engineering practice.
7. Environment and sustainability: Understand the impact of the professional Computer Science
and Engineering solutions in societal and environmental contexts, and demonstrate the knowledge of,
and need for sustainable development.
8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and norms
of the Computer Science and Engineering practice.
9. Individual and team work: Function effectively as an individual, and as a member or leader in
diverse teams, and in multidisciplinary settings in Computer Science and Engineering.
10. Communication: Communicate effectively on complex Computer Science and Engineering
activities with the engineering community and with society at large, such as, being able to
comprehend and write effective reports and design documentation, make effective presentations, and
give and receive clear instructions.
11. Project management and finance: Demonstrate knowledge and understanding of the Computer
Science and Engineering and management principles and apply these to one’s own work, as a member
and leader in a team, to manage projects and in multidisciplinary environments.
12. Life-long learning: Recognize the need for, and have the preparation and ability to engage in
independent and life-long learning in the broadest context of technological change in Computer
Science and Engineering.

lOMoARcPSD|36537134
4. COURSE OUTCOMES (COs)

Graduates would be able:
CO1: Understand the implementation of various techniques and security algorithms.
CO2: Apply different tools used for secure data transmission and for creating digital signature.
5. MAPPING OF COs & POs
Sem Subject Code L/T/P CO PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12
1.Understand
the
implementation
of various
techniques and
P security 3 3 2 2 3 3 2 2 3 2 2 3
algorithms.
Cyber 7CS4-
VII Security
Lab 22
2. Apply
different tools
used for secure
data
P
transmission
3 2 3 3 3 3 3 3 3 3 3 3
and for
creating digital
signature.

lOMoARcPSD|36537134
6. SYLLABUS

lOMoARcPSD|36537134
Outcomes:
At the end of the semester, the students should have clearly understood and implemented the
following:
• Implement the cipher techniques
• Develop the various security Algorithms
• Use different open source tools for network security and analysis
List of Hardware Requirements & Software Requirements
Software Requirements
 C
 C++
 Java or equivalent Compiler GnuPG
 Snort
Hardware Requirements
 Standalone Desktops (or) Server supporting 30 terminals or more
7. INSTRUCTIONAL METHODS
Direct Instructions:
• White board presentation
Interactive Instruction:
• coding
Indirect Instructions:
• Problem solving
8. LEARNING MATERIALS
Text/Lab Manual

lOMoARcPSD|36537134
9. ASSESSMENT OF OUTCOMES:-
1. End term Practical exam (Conducted by RTU, KOTA)

2. Daily Lab interaction.
OUTCOMES WILL BE ACHIEVED THROUGH FOLLOWING:-
1. Lab Teaching (through chalk and board).
2. Discussion on website.
INSTRUCTIONS OF LAB
DO’s
• Please switch off the Mobile/Cell phone before entering Lab.
• Enter the Lab with complete source code and data.
• Check whether all peripheral are available at your desktop before proceeding for
program.
• Intimate the Lab In Charge whenever you are incompatible in using the
system or in case software get corrupted/ infected by virus.
• Arrange all the peripheral and seats before leaving the lab.
• Properly shutdown the system before leaving the lab.
• Keep the bag outside in the racks.
• Enter the lab on time and leave at proper time.
• Maintain the decorum of the lab.
• Utilize lab hours in the corresponding experiment.
• Get your CD / Pen Drive checked by lab In charge before using it in the lab.
DON’TS
• Don’t mishandle the system.
• Don’t leave the system on standing for long
• Don’t bring any external material in the lab.
• Don’t make noise in the lab.
• Don’t bring the mobile in the lab. If extremely necessary then keep ringers off.
• Don’t enter in the lab without permission of lab Incharge.
• Don’t litter in the lab.
• Don’t delete or make any modification in system files.
• Don’t carry any lab equipments outside the lab.
We need your full support and cooperation for smooth functioning of the lab.

lOMoARcPSD|36537134
INSTRUCTIONS FOR STUDENTS
BEFORE ENTERING IN THE LAB
• All the students are supposed to prepare the theory regarding the next program.
• Students are supposed to bring the practical file and the lab copy.
• Previous programs should be written in the practical file.
• Any student not following these instructions will be denied entry in the lab.
WHILE WORKING IN THE LAB

• Adhere to experimental schedule as instructed by the lab incharge.
• Get the previously executed program signed by the instructor.
• Get the output of the current program checked by the instructor in the lab copy.
• Each student should work on his/her assigned computer at each turn of the lab.
• Take responsibility of valuable accessories.
• Concentrate on the assigned practical and do not play games.
• If anyone caught red handed carrying any equipment of the lab, then he will have to face
serious consequences.

lOMoARcPSD|36537134
LIST OF EXPERIMENTS
Experiment No.-1
1(a) Implement the following Substitution & Transposition Techniques concepts:
a) Caesar Cipher
b) Rail fence row & Column Transformation
AIM: To implement a program for encrypting a plain text and decrypting a cipher text using Caesar
Cipher (shift cipher) substitution technique
ALGORITHM DESCRIPTION:
It is a type of substitution cipher in which each letter in the plaintext is replaced by a
letter some fixed number of positions down the alphabet. For example, with a left shift
of 3, D would be replaced by A, E would become B, and so on.
The method is named after Julius Caesar, who used it in his private correspondence.
The transformation can be represented by aligning two alphabets; the cipher alphabet is
the plain alphabet rotated left or right by some number of positions.
The encryption can also be represented using modular arithmetic by first transforming
the letters into numbers, according to the scheme, A = 0, B = 1, Z = 25.
Encryption of a letter x by a shift n can be described mathematically
as, En(x) = (x + n) mod26
Decryption is performed
similarly, Dn (x)=(x - n)
mod26
PROGRAM:
import java.util.*;
class caesarCipher
{
public static String encode(String enc, int offset)
{
offset = offset % 26 + 26;
StringBuilder encoded = new
StringBuilder(); for (char i :
enc.toCharArray())
{
if (Character.isLetter(i))
{
if (Character.isUpperCase(i))
{
encoded.append((char) ('A' + (i - 'A' + offset) % 26 ));
}

lOMoARcPSD|36537134
else
{
encoded.append((char) ('a' + (i - 'a' + offset) % 26 ));
}
}
else
{
encoded.append(i);
}
}
return encoded.toString();
}
public static String decode(String enc, int offset)
{
return encode(enc, 26-offset);
}
public static void main (String[] args) throws java.lang.Exception
{
String msg = "Hello welcome to Security Laboratory";
System.out.println("simulation of Caesar Cipher");
System.out.println("input message : " + msg);
System.out.printf( "encoded message : ");
System.out.println(caesarCipher.encode(msg, 12));
System.out.printf( "decoded message : ");
System.out.println(caesarCipher.decode(caesarCipher.encode(msg, 12), 12));
}
}
stdin:
Standard input is empty
stdout:
simulation of Caesar Cipher
input message : Hello welcome to Security Laboratory
encoded message : Tqxxa iqxoayq fa Eqogdufk

Xmnadmfadk
decoded message : Hello welcome to Security

Laboratory
RESULT:
Thus the program was executed and verified successfully.

lOMoARcPSD|36537134
1(b) To implement a program for encryption and decryption using rail fence
transposition technique.
ALGORITHM DESCRIPTION:
In the rail fence cipher, the plaintext is written downwards and diagonally on
successive "rails" of an imaginary fence, then moving up when we reach the bottom
rail.
When we reach the top rail, the message is written downwards again until the whole
plaintext is written out.
The message is then read off in rows.
PROGRAM :
import java.util.*;
class railfenceCipherHelper
{
int depth;
String encode(String msg, int depth) throws Exception
{
int r = depth;
int l =
msg.lengt
h(); int c
= l/depth;
int k = 0;
char mat[][] = new char[r][c]; String enc = "";
for (int i=0; i<c; i++)
{
for (int j=0; j<r; j++)
{
if (k != l)
{
mat[j][i] = msg.charAt(k++);
}
Else
{
mat[j][i] = 'X';
}
}
}
for (int i=0; i<r; i++)
{
for (int j=0; j<c; j++)
{
enc += mat[i][j];
}
}
return enc;

lOMoARcPSD|36537134
}
String decode(String encmsg, int depth) throws Exception
{
int r = depth;
int l = encmsg.length(); int c = l/depth;
int k = 0;
char mat[][] = new char[r][c];
String dec = "";
for (int i=0; i<r; i++)
{
for (int j=0; j< c; j++)
{
mat[i][j] = encmsg.charAt(k++);
}
}
for (int i=0; i<c; i++)
{
for (int j=0; j< r; j++)
{
dec += mat[j][i];
}
}
return dec;
}
}
class railfenceCipher
{
public static void main (String[] args) throws java.lang.Exception
{
railfenceCipherHelper rf = new
railfenceCipherHelper(); String msg, enc, dec;
msg="hellorailfen
cipher"; int depth =
2;
enc =
rf.encode(msg,
depth); dec =
rf.decode(enc,
depth);
System.out.println(
"simulation of
Railfence
Cipher");
System.out.println(
"input message : "
+ msg);
System.out.println(
"encoded message
: " + enc);
System.out.printf(
"decoded message
: " + dec);
}

lOMoARcPSD|36537134
stdin:
Standard input is empty
stdout:
simulation of Railfence Cipher
Input message :
hellorailfencecipher
Encoded message :
hloaleccpeelrifneihr
Decoded message :
hellorailfencecipher
RESULT:
Thus the program was executed and verified successfully.

lOMoARcPSD|36537134
Experiment-2
Implementation of Diffie Hellman key Exchange Algorithm
DESCRIPTION:
Diffie–Hellman Key Exchange establishes a shared secret between two parties that can be used for
secret communication for exchanging data over a public network. It is primarily used as a method of
exchanging cryptography keys for use in symmetric encryption algorithms like AES. The algorithm in
itself is very simple. The process begins by having the two parties, Alice and Bob. Let's assume that
Alice wants to establish a shared secret with Bob.
EXAMPLE:
ALGORITHM:
STEP-1: Both Alice and Bob shares the same public keys g and p.
STEP-2: Alice selects a random public key a.
STEP-3: Alice computes his secret key A as ga mod p.
STEP-4: Then Alice sends A to Bob.
STEP-5: Similarly Bob also selects a public key b and computes his secret key as B and sends the
same back to Alice.
STEP-6: Now both of them compute their common secret key as the other one’s secret key power of a
mod p.
PROGRAM: (Diffie Hellman Key Exchange)
#include<stdio.h> #include<conio.h>

lOMoARcPSD|36537134
long long int power(int a, int b, int mod)

{
long long int t; if(b==1)
return a; t=power(a,b/2,mod); if(b%2==0)
return (t*t)%mod; else
return (((t*t)%mod)*a)%mod;
}
long int calculateKey(int a, int x, int n)
{
return power(a,x,n);
}
void main()
{
int n,g,x,a,y,b; clrscr();
printf("Enter the value of n and g : "); scanf("%d%d",&n,&g);
printf("Enter the value of x for the first person : "); scanf("%d",&x);
a=power(g,x,n);
printf("Enter the value of y for the second person : "); scanf("%d",&y);
b=power(g,y,n);
printf("key for the first person is :
%lld\n",power(b,x,n));
printf("key for the second person is :
%lld\n",power(a,y,n)); getch();
}
OUTPUT:

lOMoARcPSD|36537134
Experiment No.-3
Implement the following Attack: a) Dictionary Attack b) Brute Force Attack
The bruteforce attack is simple enough to understand. It is performed by entering in every possible password
that can be accepted by a system until the correct password is entered. However, actually writing one is a bit
more complex. There's a complex underlying logic involved simply entering in every password. This post will
cover the logic of programming a sequential bruteforcer and cap off with writing a sequential ascending
bruteforcer in C/C++. Lastly, I will show a quick trick to turn the sequential ascending bruteforcer into a
sequential descending bruteforcer.
A bruteforcer has three main logical components: A selection where the user inputs specific location of the
attack; Generating the passwords to test; Testing the password. Having the user input the specific location to
attack is arguably the easiest part of writing a bruteforcer. This part can actually be "hard-coded" (specified by
the programmer so no input is required) so I was thinking of not even mentioning it. But, I decided to bring it
up as any bruteforcer meant to be used by more then one person will include this. Let's say we've written a
bruteforcer that attacks Yahoo accounts. In this case, the bruteforcer will be programmed to attack Yahoo
accounts, but the user must input the Yahoo account to specifically attack. This first component of the
bruteforcer will handle thus handles obtianing this information.
Once the bruteforcer knows what it is going to attack, it must generate the password to try. In a sequential
bruteforcer, the password tried each time will be sequentially one step away from the last password tried. So, in
a sequential ascending bruteforcer, the bruteforcer will try the password 000001 followed by 000002. This
works in reverse in a sequential descending bruteforcer. The programming of this is generally handled by
writing a continuous loop which breaks only when the password generated is successful. Meanwhile, a handful
of variables constantly increment with each run through the loop. When all of the possible passwords are tried,
the variables are all reset as low as possible, the number of characters in the password is incremented or
decremented, and the process begins again with checking all of the passwords one character longer or shorter
then the last number of characters in a password. In practice, this is simpler then it sounds.
The last main component of a bruteforcer is the part in which a bruteforcer checks to see if it's generated the
correct password. In some cases, this can surprisingly be the hardest part of the bruteforcer to write. Using our
Yahoo example again, writing this part of the bruteforcer requires a knowledge of the Yahoo API. It's really
hard for me to write how to perform the password check as each check will be written differently. While all
checks are simple from a broad perspective, this is liable to get quite complex depending on what you're trying
to bruteforce. My recommendation is to look for a library to do the check for you so you can do the least
amount of work possible to perform what is really be a trivial step overall.
Here is the code I wrote to an ascending bruteforcer in C/C++. It's really rather small code and thus pretty self-
explanatory. (The comments should help explain things too):

lOMoARcPSD|36537134
/*Change "(" to "<" and change ")" to ">" */

#include (iostream)
#include (string)
using namespace std;
/*Prototypes*/
void checkPassword(string password);
void recurse(int width, int position, string baseString);
/*Global Variables*/
char
chars[]={'z','y','x','w','v','u','t','s','r','q','p','o','n','m','l','k','j','i','h','g','f','e','d','c','b','a','9','8','7','6','5','4','3','2','1','0'};
string t;
/*This function generates the password*/
void recurse(int width, int position, string baseString)
{
for(int i=0;i<35;i++)
{
if (position < width-1)
{
recurse(width, position + 1, baseString+chars[i]);
}
checkPassword(baseString+chars[i]);
}
}
/*This function checks to see if the generated password is correct*/
void checkPassword(string password)
{
cout << "Trying this password: " << password << endl;
if (password==t) {
cout << "match [" << password << "]" << endl;
int pause;
cin >> pause;
exit(1);
}
}
int main()
{
cout << "Enter a string (No more then 10 characters for demonstration purposes): " << endl;
cin >> t;
int maxChars = 10;
for(int i = maxChars; i >0; i++)
{
cout << "Checking passwords width [" << i << "]..." << endl;
recurse(i,0,"");
}
return 0;
}

lOMoARcPSD|36537134
Experiment No. -4
Installation of Wire shark, tcpdump, etc and observe data transferred in client
server communication using UDP/TCP and identify the UDP/TCP datagram.
Introduction
The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free open- source network
protocol analyzer. It is used for network troubleshooting and communication protocol analysis. Wireshark
captures network packets in real time and display them in human-readable format. It provides many
advanced features including live capture and offline analysis, three-pane packet browser, coloring rules
for analysis. This document uses Wireshark for the experiments, and it covers Wireshark installation,
packet capturing, and protocol analysis.
Figure 1: Wireshark in Kali Linux

lOMoARcPSD|36537134
Background
TCP/IP Network Stack
Figure 2: Encapsulation of Data in the TCP/IP Network Stack
In the CSC 4190 Introduction to Computer Networking (one of the perquisite courses), TCP/IP network
stack is introduced and studied. This background section briefly explains the concept of TCP/IP network
stack to help you better understand the experiments. TCP/IP is the most commonly used network model
for Internet services. Because its most important protocols, the Transmission Control Protocol (TCP) and
the Internet Protocol (IP) were the first networking protocols defined in this standard, it is named as
TCP/IP. However, it contains multiple layers including application layer, transport layer, network layer,
and data link layer.
- Application Layer: The application layer includes the protocols used by most applications
for providing user services. Examples of application layer protocols are Hypertext
Transfer Protocol (HTTP), Secure Shell (SSH), File Transfer Protocol (FTP), and Simple
Mail Transfer Protocol (SMTP).
- Transport Layer: The transport layer establishes process-to-process connectivity, and it
provides end-to-end services that are independent of underlying user data. To
implement the process-to-process communication, the protocol introduces a concept of
port. The examples of transport layer protocols are Transport Control Protocol (TCP) and
User Datagram Protocol (UDP). The TCP provides flow- control, connection
establishment, and reliable transmission of data, while the UDP is a connectionless
transmission model.

lOMoARcPSD|36537134
- Internet Layer: The Internet layer is responsible for sending packets to across networks.
It has two functions: 1) Host identification by using IP addressing system (IPv4 and IPv6);
and 2) packets routing from source to destination. The examples of Internet layer
protocols are Internet Protocol (IP), Internet Control Message Protocol (ICMP), and
Address Resolution Protocol (ARP).
- Link Layer: The link layer defines the networking methods within the scope of the local
network link. It is used to move the packets between two hosts on the same link. An
common example of link layer protocols is Ethernet.
Packet Sniffer
Packet sniffer is a basic tool for observing network packet exchanges in a computer. As the name
suggests, a packet sniffer captures (“sniffs”) packets being sent/received from/by your computer; it will
also typically store and/or display the contents of the various protocol fields in these captured packets. A
packet sniffer itself is passive. It observes messages being sent and received by applications and protocols
running on your computer, but never sends packets itself.
Figure 3 shows the structure of a packet sniffer. At the right of Figure 3 are the protocols (in this case,
Internet protocols) and applications (such as a web browser or ftp client) that normally run on your
computer. The packet sniffer, shown within the dashed rectangle in Figure 3 is an addition to the usual
software in your computer, and consists of two parts. The packet capture library receives a copy of every
link-layer frame that is sent from or received by your computer. Messages exchanged by higher layer
protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually encapsulated in link-layer frames
that are transmitted over physical media such as an Ethernet cable. In Figure 1, the assumed physical
media is an Ethernet, and so all upper-layer protocols are eventually encapsulated within an Ethernet
frame. Capturing all link-layer frames thus gives you access to all messages sent/received from/by all
protocols and applications executing in your computer.
The second component of a packet sniffer is the packet analyzer, which displays the contents of all fields
within a protocol message. In order to do so, the packet analyzer
Figure 3: Packet Sniffer Structure
must “understand” the structure of all messages exchanged by protocols. For example, suppose we are
interested in displaying the various fields in messages exchanged by the HTTP protocol in Figure 3. The
packet analyzer understands the format of Ethernet frames, and so can identify the IP datagram within an
Ethernet frame. It also understands the IP datagram format, so that it can extract the TCP segment within

lOMoARcPSD|36537134
the IP datagram. Finally, it understands the TCP segment structure, so it can extract the HTTP message
contained in the TCP segment. Finally, it understands the HTTP protocol and so, for example, knows that
the first bytes of an HTTP message will contain the string “GET,” “POST,” or “HEAD”.
We will be using the Wireshark packet sniffer [http://www.wireshark.org/] for these labs, allowing us to
display the contents of messages being sent/received from/by protocols at different levels of the protocol
stack. (Technically speaking, Wireshark is a packet analyzer that uses a packet capture library in your
computer). Wireshark is a free network protocol analyzer that runs on Windows, Linux/Unix, and Mac
computers.
Getting Wireshark
The Kai Linux has Wireshark installed. You can just launch the Kali Linux VM and open Wireshark there.
Wireshark can also be downloaded from here:
https://www.wireshark.org/download.html
Figure 4: Download Page of Wireshark
Starting Wireshark
When you run the Wireshark program, the Wireshark graphic user interface will be shown as Figure 5.
Currently, the program is not capturing the packets.

lOMoARcPSD|36537134
Figure 5: Initial Graphic User Interface of Wireshark

Then, you need to choose an interface. If you are running the Wireshark on your laptop, you need to
select WiFi interface. If you are at a desktop, you need to select the Ethernet interface being used. Note
that there could be multiple interfaces. In general, you can select any interface but that does not mean that
traffic will flow through that interface. The network interfaces (i.e., the physical connections) that your
computer has to the network are shown. The attached Figure 6 was taken from my computer.
After you select the interface, you can click start to capture the packets as shown in Figure 7.
Figure 6: Capture Interfaces in Wireshark

lOMoARcPSD|36537134
Figure 7: Capturing Packets in Wireshark
Figure 8: Wireshark Graphical User Interface on Microsoft Windows

lOMoARcPSD|36537134
The Wireshark interface has five major components:

The command menus are standard pulldown menus located at the top of the window. Of interest to us
now is the File and Capture menus. The File menu allows you to save captured packet data or open a file
containing previously captured packet data, and exit the Wireshark application. The Capture menu allows
you to begin packet capture.
The packet-listing window displays a one-line summary for each packet captured, including the packet
number (assigned by Wireshark; this is not a packet number contained in any protocol’s header), the time
at which the packet was captured, the packet’s source and destination addresses, the protocol type, and
protocol-specific information contained in the packet. The packet listing can be sorted according to any of
these categories by clicking on a column name. The protocol type field lists the highest- level protocol
that sent or received this packet, i.e., the protocol that is the source or ultimate sink for this packet.
The packet-header details window provides details about the packet selected (highlighted) in the packet-
listing window. (To select a packet in the packet-listing window, place the cursor over the packet’s one-
line summary in the packet-listing window and click with the left mouse button.). These details include
information about the Ethernet frame and IP datagram that contains this packet. The amount of Ethernet
and IP-layer detail displayed can be expanded or minimized by clicking on the right- pointing or down-
pointing arrowhead to the left of the Ethernet frame or IP datagram line in the packet details window. If
the packet has been carried over TCP or UDP, TCP or UDP details will also be displayed, which can
similarly be expanded or minimized. Finally, details about the highest-level protocol that sent or received
this packet are also provided.
The packet-contents window displays the entire contents of the captured frame, in both ASCII and
hexadecimal format.
Towards the top of the Wireshark graphical user interface, is the packet display filter field, into which a
protocol name or other information can be entered in order to filter the information displayed in the
packet-listing window (and hence the packet-header and packet-contents windows). In the example
below, we’ll use the packet-display filter field to have Wireshark hide (not display) packets except those
that correspond to HTTP messages.
Capturing Packets
After downloading and installing Wireshark, you can launch it and click the name of an interface under
Interface List to start capturing packets on that interface. For example, if you want to capture traffic on
the wireless network, click your wireless interface.
Test Run
Do the following steps:
1. Start up the Wireshark program (select an interface and press start to capture packets).
2. Start up your favorite browser (ceweasel in Kali Linux).
3. In your browser, go to Wayne State homepage by typing www.wayne.edu.
4. After your browser has displayed the http://www.wayne.edu page, stop Wireshark
packet capture by selecting stop in the Wireshark capture window. This will cause the
Wireshark capture window to disappear and the main Wireshark window to display all

lOMoARcPSD|36537134
packets captured since you began packet capture see image below:
5. Color Coding: You’ll probably see packets highlighted in green, blue, and black.
Wireshark uses colors to help you identify the types of traffic at a glance. By default,
green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black identifies
TCP packets with problems — for example, they could have been delivered out-of-order.
6. You now have live packet data that contains all protocol messages exchanged between
your computer and other network entities! However, as you will notice the HTTP
messages are not clearly shown because there are many other packets included in the
packet capture. Even though the only action you took was to open your browser, there
are many other programs in your computer that communicate via the network in the
background. To filter the connections to the ones we want to focus on, we have to use
the filtering functionality of Wireshark by typing “http” in the filtering field as shown
below:

lOMoARcPSD|36537134
Notice that we now view only the packets that are of protocol HTTP. However, we also still do not have
the exact communication we want to focus on because using HTTP as a filter is not descriptive enough to
allow us to find our connection to http://www.wayne.edu. We need to be more precise if we want to
capture the correct set of packets.
7. To further filter packets in Wireshark, we need to use a more precise filter. By setting
the http.host==www.wayne.edu, we are restricting the view to packets that have as an
http host the www.wayne.edu website. Notice that we need two equal signs to perform
the match “==” not just one. See the screenshot below:
8. Now, we can try another protocol. Let’s use Domain Name System (DNS) protocol as an
example here.

lOMoARcPSD|36537134
9. Let’s try now to find out what are those packets contain by following one of the
conversations (also called network flows), select one of the packets and press the right
mouse button (if you are on a Mac use the command button and click), you should see
something similar to the screen below:
Click on Follow UDP Stream, and then you will see following screen.

lOMoARcPSD|36537134
10. If we close this window and change the filter back to “http.host==www.wayne.edu”
and then follow a packet from the list of packets that match that filter, we should get
the something similar to the following screens. Note that we click on Follow TCP
Stream this time.

lOMoARcPSD|36537134
Experiment No.-5
Installation of rootkits and study about the variety of options.
AIM:
Rootkit is a stealth type of malicious software designed to hide the existence of certain process
from normal methods of detection and enables continued privileged access to a computer.
INTRODUCTION:
Breaking the term rootkit into the two component words, root and kit, is a useful way to define it.
Root is a UNIX/Linux term that's the equivalent ofAdministrator in Windows. The word kit
denotes programs that allow someone to obtain root/admin-level access to the computer by executing
the programs in the kit — all of which is done without end-user consent or knowledge.
A rootkit is a type of malicious software that is activated each time your system boots up. Rootkits
are difficult to detect because they are activated before your system's Operating System has
completely booted up. A rootkit often allows the installation of hidden files, processes, hidden user
accounts, and more in the systems OS. Rootkits are able to intercept data from terminals,network
connections, and the keyboard.
Rootkits have two primary functions: remote command/control (back door) and software
eavesdropping. Rootkits allow someone, legitimate or otherwise, to administratively control a
computer. This means executing files, accessing logs, monitoring user activity, and even changing
the computer's configuration. Therefore, in the strictest sense, even versions of VNC are rootkits.
This surprises most people, as they consider rootkits to be solely malware, but in of themselves they
aren't malicious at all.
The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun
and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today,
rootkits are available for a number of operating systems, including Windows, and are increasingly
difficult to detect on any network.
PROCEDURE:
STEP-1: Download Rootkit Tool from GMER website www.gmer.net.

STEP-2: This displays the Processes, Modules, Services, Files, Registry, RootKit / Malwares,
Autostart, CMD of local host.
STEP-3: Select Processes menu and kill any unwanted process if any.
STEP-4: Modules menu displays the various system files like .sys, .dll
STEP-5: Services menu displays the complete services running with Autostart, Enable, Disable,
System, Boot.
STEP-6: Files menu displays full files on Hard-Disk volumes.
STEP-7: Registry displays Hkey_Current_user and Hkey_Local_Machine.
STEP-8: Rootkits / Malwares scans the local drives selected.
STEP-9: Autostart displays the registry base Autostart applications.
STEP-10:CMD allows the user to interact with command line utilities or Registry
SCREENSHOTS:

lOMoARcPSD|36537134

lOMoARcPSD|36537134

lOMoARcPSD|36537134
Experiment No.- 6
Perform an Experiment to Sniff Traffic using ARP Poisoning.
AIM
Description:
ARP is the acronym for Address Resolution Protocol. It is used to convert IP address to physical
addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and the
recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC
address is then used to communicate. ARP poisoning is sending fake MAC addresses to the
switch so that it can associate the fake MAC addresses with the IP address of a genuine
computer on a network and hijack the traffic.
ARP Poisoning Countermeasures
Static ARP entries: these can be defined in the local ARP cache and the switch configured to ignore
all auto ARP reply packets. The disadvantage of this method is, it’s difficult to maintain on large
networks. IP/MAC address mapping has to be distributed to all the computers on the network.
ARP poisoning detection software: these systems can be used to cross check the IP/MAC address
resolution and certify them if they are authenticated. Uncertified IP/MAC address resolutions can
then be blocked.
Operating System Security: this measure is dependent on the operating system been used. The
following are the basic techniques used by various operating systems.
 Linux based: these work by ignoring unsolicited ARP reply packets.

 Microsoft Windows: the ARP cache behavior can be configured via the registry. The
following list includes some of the software that can be used to protect networks against
sniffing;
 AntiARP– provides protection against both passive and active sniffing

 Agnitum Outpost Firewall–provides protection against passive sniffing
 XArp– provides protection against both passive and active sniffing
 Mac OS: ArpGuard can be used to provide protection. It protects against both active and
passive sniffing.
 Computers communicate using networks. These networks could be on a local area network
LAN or exposed to the internet. Network Sniffers are programs that capture low-level
package data that is transmitted over a network. An attacker can analyze this information
to discover valuable information such as user ids and passwords.
 In this article, we will introduce you to common network sniffing techniques and tools used
to sniff networks.
What is network sniffing?
Computers communicate by broadcasting messages on a network using IP addresses. Once a

message has been sent on a network, the recipient computer with the matching IP address responds
with its MAC address.

lOMoARcPSD|36537134
Network sniffing is the process of intercepting data packets sent over a network. This can be
done by the specialized software program or hardware equipment. Sniffing can be used to;
 Capture sensitive data such as login credentials

 Eavesdrop on chat messages
 Capture files have been transmitted over a network
The following are protocols that are vulnerable to sniffing
 Telnet
 Rlogin
 HTTP
 SMTP
 NNTP
 POP
 FTP
 IMAP
The above protocols are vulnerable if login details are sent in plain text
Passive and Active Sniffing
Before we look at passive and active sniffing, let’s look at two major devices used to network
computers; hubs and switches.
A hub works by sending broadcast messages to all output ports on it except the one that has
sent the broadcast. The recipient computer responds to the broadcast message if the IP address
matches. This means when using a hub, all the computers on a network can see the broadcast
message. It operates at the physical layer (layer 1) of the OSI Model.

lOMoARcPSD|36537134
The diagram below illustrates how the hub works.
A switch works differently; it maps IP/MAC addresses to physical ports on it. Broadcast
messages are sent to the physical ports that match the IP/MAC address configurations for the
recipient computer. This means broadcast messages are only seen by the recipient computer.
Switches operate at the data link layer (layer 2) and network layer (layer 3).
The diagram below illustrates how the switch works.
Passive sniffing is intercepting packages transmitted over a network that uses a hub. It is called
passive sniffing because it is difficult to detect. It is also easy to perform as the hub sends broadcast
messages to all the computers on the network.
Active sniffing is intercepting packages transmitted over a network that uses a switch. There
are two main methods used to sniff switch linked networks, ARP Poisoning, and MAC flooding.

lOMoARcPSD|36537134
Sniffing the network using Wireshark
The illustration below shows you the steps that you will carry out to complete this exercise without
confusion
Download Wireshark from this link http://www.wireshark.org/download.html
 Open Wireshark
 You will get the following screen
 Select the network interface you want to sniff. Note for this demonstration, we are using a
wireless network connection. If you are on a local area network, then you should select the
local area network interface.
 Click on start button as shown above
 Open your web browser and type in http://www.techpanda.org/

lOMoARcPSD|36537134
 The login email is admin@google.com and the password is Password2010

 Click on submit button
 A successful logon should give you the following dashboard
 Go back to Wireshark and stop the live capture
 Filter for HTTP protocol results only using the filter textbox

lOMoARcPSD|36537134
 Locate the Info column and look for entries with the HTTP verb POST and click on it
 Just below the log entries, there is a panel with a summary of captured data. Look for the
summary that says Line-based text data: application/x-www-form-urlencoded
 You should be able to view the plaintext values of all the POST variables submitted to the
server via HTTP protocol.

lOMoARcPSD|36537134
Experiment No.- 7
Demonstrate intrusion detection system using any tool (snort or any other s/w).
AIM:
Snort is an open source network intrusion detection system (NIDS) and it is a packet sniffer that
monitors network traffic in real time.
INTRODUCTION:
INTRUSION DETECTION SYSTEM :Intrusion detection is a set of techniques and methods that
are used to detect suspicious activity both at the network and host level. Intrusion detection
systems fall into two basic categories:
Signature-based intrusion detection systems
Anomaly detection systems.
Intruders have signatures, like computer viruses, that can be detected using software. You try to find
data packets that contain any known intrusion-related signatures or anomalies related to Internet
protocols. Based upon a set of signatures and rules, the detection system is able to find and log
suspicious activity and generate alerts.
Anomaly-based intrusion detection usually depends on packet anomalies present in protocol header
parts. In some cases these methods produce better results compared to signature-based IDS. Usually
an intrusion detection system captures data from the network and applies its rules to that data or
detects anomalies in it. Snort is primarily a rule-based IDS, however input plug-ins are present to
detect anomalies in protocol headers.
SNORT TOOL:
Snort is based on libpcap (for library packet capture), a tool that is widely used in TCP/IPtraffic
sniffers and analyzers. Through protocolanalysis and content searching and matching, Snort detects
attack methods, including denial of service, buffer overflow, CGI attacks, stealthport scans, and
SMB probes. When suspicious behavior is detected, Snort sends a real-time alert to syslog, a
separate 'alerts' file, or to apop-up window.
Snort is currently the most popular free network intrusion detection software. The advantages of
Snort are numerous. According to the snort web site, “It can perform protocol analysis, content
searching/matching, and can be used to detect a variety of attacks and probes, such as buffer
overflow, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more”
(Caswell).

lOMoARcPSD|36537134
One of the advantages of Snort is its ease of configuration. Rules are very flexible, easily written,
and easily inserted into the rule base. If a new exploit or attack is found a rule for the attack can be
added to the rule base in a matter of seconds. Another advantage of snort is that it allows for raw
packet data analysis.
SNORT can be configured to run in three modes:
Sniffer mode
Packet Logger mode
Network Intrusion Detection System mode
Sniffer mode
Snort –v Print out the TCP/IP packets header on the screen
Snort –vd show the TCP/IP ICMP header with application data in transmit
Packet Logger mode
snort –dev –l c:\log [create this directory in the C drive] and snort will automatically know to go into
packet logger mode, it collects every packet it sees and places it in log directory.
snort –dev –l c:\log –h ipaddress/24:This rule tells snort that you want to print out the data link and
TCP/IP headers as well as application data into the log directory. snort –l c:\log –b This is binary
mode logs everything into a single file.
Network Intrusion Detection System mode
snort –d c:\log –h ipaddress/24 –c snort.conf This is a configuration file applies rule to each packet to
decide it an action based upon the rule type in the file.
Snort –d –h ipaddress/24 –l c:\log –c snort.conf This will cnfigure snort to run in its most basic
NIDS form, logging packets that trigger rules specifies in the snort.conf.
PROCEDURE:
STEP-1: Sniffer mode€ snort –v € Print out the TCP/IP packets header on the screen.
STEP-2: Snort –vd € Show the TCP/IP ICMP header with application data in transit.
STEP-3: Packet Logger mode € snort –dev –l c:\log [create this directory in the C drive] and snort
will automatically know to go into packet logger mode, it collects every packet it sees and places it
in log directory.
STEP-4: snort –dev –l c:\log –h ipaddress/24 € This rule tells snort that you want to print out the
data link and TCP/IP headers as well as application data into the log directory.
STEP-5: snort –l c:\log –b € this binary mode logs everything into a single file.
STEP-6: Network Intrusion Detection System mode € snort –d c:\log –h ipaddress/24 –c snort.conf €
This is a configuration file that applies rule to each packet to decide it an action based upon the rule
type in the file.
STEP-7: snort –d –h ip address/24 –l c:\log –c snort.conf € This will configure snort to run in its
most basic NIDS form, logging packets that trigger rules specifies in the snort.conf.
STEP-8: Download SNORT from snort.org. Install snort with or without database support.
STEP-9: Select all the components and Click Next. Install and Close.
STEP-10: Skip the WinPcap driver installation.

lOMoARcPSD|36537134
STEP-11: Add the path variable in windows environment variable by selecting new classpath.
STEP-12: Create a path variable and point it at snort.exe variable name € path and variable value €
c:\snort\bin.
STEP-13: Click OK button and then close all dialog boxes. Open command prompt and type the
following commands:
INSTALLATION PROCESS :

lOMoARcPSD|36537134
RESULT: Thus the demonstration of the instruction detection using Snort tool was done
successfully.

lOMoARcPSD|36537134
Experiment No.- 8
Demonstrate how to provide secure data storage, secure data transmission and
for creating digital signatures.
AIM:
Demonstrate how to provide secure data storage, secure data transmission and for creating digital
signatures (GnuPG).
INTRODUCTION:
Here’s the final guide in my PGP basics series, this time focusing on Windows The OS in question
will be Windows 7, but it should work for Win8 and Win8.1 as well Obviously it’s not
recommended to be using Windows to access the DNM, but I won’t go into the reasons here. The
tool well be using is GPG4Win
INSTALLING THE SOFTWARE:
Visit www.gpg4win.org. Click on the “Gpg4win 2.3.0” button
On the following screen, click the “Download Gpg4win” button.
When the “Welcome” screen is displayed, click the “Next” button

lOMoARcPSD|36537134
When the “License Agreement” page is displayed, click the “Next” button
Set the check box values as specified below, then click the “Next” button
Set the location where you want the software to be installed. The default location is fine. Then,
click the “Next” button.

lOMoARcPSD|36537134
Specify where you want shortcuts to the software placed, then click the “Next” button.
If you selected to have a GPG shortcut in your Start Menu, specify the folder in which it will be
placed. The default “Gpg4win” is OK. Click the “Install” button to continue

lOMoARcPSD|36537134
A warning will be displayed if you have Outlook or Explorer opened. If this occurs, click the “OK”
button.
The installation process will tell you when it is complete. Click the “Next” button
Once the Gpg4win setup wizard is complete, the following screen will be displayed. Click the
“Finish” button

lOMoARcPSD|36537134
If you do not uncheck the “Show the README file” check box, the README file will be
displayed. The window can be closed after you’ve reviewed it.

lOMoARcPSD|36537134
CREATING YOUR PUBLIC AND PRIVATE KEYS

GPG encryption and decryption is based upon the keys of the person who will be receiving the
encrypted file or message. Any individual who wants to send the person an encrypted file or message
must possess the recipient’s public key certificate to encrypt the message. The recipient must have
the associated private key, which is different than the public key, to be able to decrypt the file. The
public and private key pair for an individual is usually generated by the individual on his or her
computer using the installed GPG program, called “Kleopatra” and the following procedure:
From your start bar, select the “Kleopatra” icon to start the Kleopatra certificate management
software
The following screen will be displayed From the “File” dropdown, click on the “New Certificate”
Option

lOMoARcPSD|36537134
The following screen will be displayed. Click on “Create a personal OpenGPG key pair” and the
“Next” button

lOMoARcPSD|36537134
The Certificate Creation Wizard will start and display the following:
Enter your name and e-mail address. You may also enter an optional comment. Then, click the
“Next” button

lOMoARcPSD|36537134
Review your entered values. If OK, click the “Create Key” button
You will be asked to enter a passphrase

lOMoARcPSD|36537134
The passphrase should follow strong password standards. After you’ve entered your passphrase, click the
“OK” button.
You will be asked to re-enter the passphrase Re-enter the passphrase value. Then click the “OK” button. If the
passphrases match, the certificate will be created.

lOMoARcPSD|36537134
Once the certificate is created, the following screen will be displayed. You can save a backup of your public
and private keys by clicking the “Make a backup Of Your Key Pair” button. This backup can be used to copy
certificates onto other authorized computers.

lOMoARcPSD|36537134
If you choose to backup your key pair, you will be presented with the following screen:

lOMoARcPSD|36537134
Specify the folder and name the file. Then click the “OK” button.

lOMoARcPSD|36537134
After the key is exported, the following will be displayed. Click the “OK” button.

lOMoARcPSD|36537134
You will be returned to the “Key Pair Successfully Created” screen. Click the “Finish” button.
Before the program closes, you will need to confirm that you want to close the program by clicking on the
“Quit Kleopatra” button

lOMoARcPSD|36537134
DECRYPTING AN ENCRYPTED E-MAIL THAT HAS BEEN SENT TO YOU:
Open the e-mail message

lOMoARcPSD|36537134
Select the GpgOL tab

lOMoARcPSD|36537134
Click the “Decrypt” button

lOMoARcPSD|36537134
A command window will open along with a window that asks for the Passphrase to your private key that will
be used to decrypt the incoming message.

lOMoARcPSD|36537134
Enter your passphrase and click the “OK” button

lOMoARcPSD|36537134
The results window will tell you if the decryption succeeded. Click the “Finish” button top close the window

lOMoARcPSD|36537134
Your unencrypted e-mail message body will be displayed.
When you close the e-mail you will be asked if you want to save the e-mail message in its unencrypted form.
For maximum security, click the “No” button. This will keep the message encrypted within the e-mail system
and will require you to enter your passphrase each time you reopen the e-mail message

lOMoARcPSD|36537134
RESULT:
Thus the secure data storage, secure data transmission and for creating digital signatures (GnuPG) was
developed successfully.

Cybersecurity Lab Maual

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cybersecurity Lab Maual

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|36537134

Cybersecurity lab maual

cyber security lab (Rajasthan Technical University)

Studocu is not sponsored or endorsed by any college or university

Lab Name : CYBER SECURITY LAB

Lab Code : 7CS4-22

Branch : Computer Science and Engineering

Year : 4th Year

Jaipur Engineering College and Research Centre, Jaipur

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

1 VISION AND MISION 4

Exp:- 1 Objectives: -1. Implement the following Substitution & 12

Exp:- 2 Objectives: -2. Implement the Diffie-Hellman Key Exchange 14

Exp:-5 Objectives:-5. Installation of rootkits and study about the

Exp:-6 Objectives:-6. Perform an Experiment to Sniff Traffic using

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

JAIPUR ENGINEERING COLLEGE AND RESEARCH CENTER

1. VISION & MISSION

2. PROGRAM EDUCATIONAL OBJECTIVES (PEOs)

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

3. PROGRAM OUTCOMES (POs)

1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

4. COURSE OUTCOMES (COs)

5. MAPPING OF COs & POs

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

List of Hardware Requirements & Software Requirements

 Standalone Desktops (or) Server supporting 30 terminals or more

• White board presentation

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

1. End term Practical exam (Conducted by RTU, KOTA)

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

INSTRUCTIONS FOR STUDENTS

BEFORE ENTERING IN THE LAB

WHILE WORKING IN THE LAB

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

input message : Hello welcome to Security Laboratory

encoded message : Tqxxa iqxoayq fa Eqogdufk

decoded message : Hello welcome to Security

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

PROGRAM: (Diffie Hellman Key Exchange)

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

long long int power(int a, int b, int mod)

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

/*Change "(" to "<" and change ")" to ">" */

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

Figure 1: Wireshark in Kali Linux

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

TCP/IP Network Stack

Figure 2: Encapsulation of Data in the TCP/IP Network Stack

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

Figure 3: Packet Sniffer Structure

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

Figure 4: Download Page of Wireshark

Downloaded by RUDRAKSH LADDHA (rudrakshmaheshwari23@gmail.com)

Figure 5: Initial Graphic User Interface of Wireshark

Figure 6: Capture Interfaces in Wireshark

/Change "(" to "<" and change ")" to ">" /