NETWORK SECURITY AND LOG ANALYSIS LAB
MANUAL
INDEX
Sr. .
No. Practicals Page No.
1. [Perform a live network traffic capture using wireshark from 4-9
running the application to saving the file
2. [Identify the following using wireshark of given peap file
10-13
(traffic.peap):
Perform DOS attack using LOIC and capture in wireshark 14-19
4. |Make a script to scan the target (Using any programming 20-23
language such as Python, Ruby or others) °
5. |Use of tepdump tool for capture and analysis of live network 4
y 24-31
traffic
6. __|Perform Man in The Middle attacks using Ettercap 32-55
Use of Network Miner for capture and analysis of network
ers 56-57
traffic
8.__|Use tshark to capture live network traffic 58-61
9. _|Install and configure snort and write rules to generate alerts 62-75
10. [Install and configure checkmk and add host for monitoring 76 - 92
11. |Zabbix: Infrastructure Monitoring Tool 93 - 100
12. |Security Onion: Enterprise Security Monitoring and Log
101 - 109
Management tool
13, |Kibana: Search and Data Visualization tool in Elastic Stack 110 - 115NETWORK SECURITY AND LOG ANALYSIS LAB MANUAL
actical No: 01
‘Aim: Perform a live network traffic capture using wireshark from running the
application to saving the file
1.1. Tools Used: Wireshark
1.2. Theory: Wireshark is a software tool used to monitor the network traffic through a
network interface. It is the most widely used network monitoring tool today. Wireshark
is used by system administrators, network engineers, network enthusiasts, network
security professionals and black hat hackers.
1.3. Steps:
13.1. Download and install = Wireshark from —official__~—_ website:
hitps://www.wireshark.org/
1.3.2. Run the Wireshark application as administrator so that Wireshark can get all the
required permissions and resources
Wireshark
vee
Oo
eee
oan
"ig:1.1: Run Wireshark as administratorNETWORK SECURITY AND LOG ANALYSIS LAB MANUAL
1.3.3. Select the interface from which we want to capture the network traffic
In this case, select Wi-Fi, as the PC is connected to internet using Wi-Fi
A tnt toe - ax
® =
ema |
Fig:1.2: Network Interfaces
1.3.4. Double click the interface name (Wi-Fi) to start capturing the network traffic:
1s
{Soni en ha 9 esx.
987 Sina wary nome oe PTL oes poe
2), a es ON ora a Com RTM OS Ge ENN RNG SESE
Fig:1.3: Packet capture startedNETWORK SECURITY AND LOG ANALYSIS LAB MANUAL
1.3.5. Live network traffic can be seen in the table below which is organized into
columns of number, time, source, destination, protocol, length and info
Click the packet to see the TCP/IP layer-wise details of the packet in left table and
hexadecimal representation in right table
ik Ree am ara maT
Fig:1.4: Layer wise details of captured packet
1.3.6. Use filter tab to apply various filters to filter packets according to protocols or IP
addresses
tep.stream eq 1: shows first TCP HandshakeNETWORK SECURITY AND LOG ANALYSIS LAB MANUAL
arp: to show ARP packets
‘Sree, cestsit, ea (rl
Siam dete Gomis Mezeaam eevme Me oP {Sree sees, eae rote
Gaia lesan tonne anti Gmail or ‘Sloman, te (oe.
LEbitime iets Gitte auntie Guguinecss form foe pig) sly" dase cece 8 a
Fae wei Moore owe Gal Hn), 7 Wee care GRE He) wine ereeyw (OG Dr
here, Ses Chan cu (cies), tL Db (ens)
dns:
Borate at Gmmunteat remnant sea
Geryaitaias Be 7
tana BSL Gomme ne 87
Fram Bas ire (i Hs, ane cape (Rs) ms rte es [OGRE REDE] ST
> Eeteree iy Seen ere Gu froin 58 (etree) 4
tenner)
ip.sre==
a a
Soe a
Boseae Laem Gots sa. ary Giew tele
Hemapmb@ te “Sy Sauna fet] Stes aris wn
Geum ant Sahet Mt badznae er var mane) OFM dem (ona) reaeet oman, n/a Fi
Trove 9:70 tes wr ee (AE), 9 Wes care (0 So rere Doce SOW BOOT IGE 2
2 net onan rata a em gs seen)NETWORK SECURITY AND LOG ANALYSIS LAB MANUAL
ip.sre==