Nslabmanual BNN

Network Security LAB
SIXTH SEMESTER CSE LAB MANUAL

- B.N. Nagaraja HOD-CSE
SIDDAGANGA POLYTECHNIC
Department of Computer Science & Engineering
2013-2014
SIDDAGANGA POLYTECHNIC, Tumkur-3
Department of Computer Science & Engg.
1. Learn to install Wine/Virtual Box/Cygwin or any other equivalent Software

on the host Operating System.
Cygwin is a LINUX-like environment and command-line interface for Microsoft Windows
for Windows. It provides many of the standard GNU -General Public License tools and
applications that one would find on a LINUX computer, as well as an environment that
allows them to run within the Windows operating system. Many LINUX programs can be
recompiled using Cygwin, so that they can be run under Windows. Cygwin permits
installing inetd, syslogd, sshd, Apache, and other standard Windows services, allowing
Microsoft Windows systems to emulate Unix and Linux servers.
Cygwin creates a virtual Linux environment on windows Host Operating environment,
without installing Linux O.S.
INSTALLING CYGWIN
PREREQUISITES:
1. Make sure that you are using a version of Windows supported by Cygwin, and that you have
sufficient disk space and time available for the installation, as indicated above.
2. If your Windows login name contains a space character, consider changing it or creating a
separate login for use with Cygwin. The Cygwin installer names your home directory
according to your Windows login name. It is usually possible to work around problems caused
by directory or file names that contain spaces
3. Some virus scanners may interfere with Cygwin installation. If you encounter problems,
consider disabling your virus scanner during Cygwin installation and re-enabling it afterwards.
CYGWIN INSTALLATION STEPS:

1. Go to www.cygwin.com
2. Click on setup.exe, a dialog box appears showing the options to Run (to directly install
cygwin without saving the file), Save(to save the setup file), Cancel(to cancel the
installation).
3. Click on save button, it will ask for path where to save the setup.exe file
4. Select the desired path and Click on the save button.
5. The downloading starts and wait until the setup file download completes.
6. Click on the "Install Cygwin now" icon (
). Save the link (setup.exe) to your desktop,
then double-click on the saved icon to begin installation.
7.
A window titled Cygwin Net Release Setup Program appears. Click Next to get
started.
8. Choose A Download Source: Accept the default ("Install from Internet") and click Next.
9. Select Root Install Directory: Accept the defaults ("C:/cygwin", All Users, Unix) and
click Next.
10. Select Local Package Directory: Accept the default or change it to any temporary
directory of your choice, but make a note of it.
11. Select Your Internet Connection: The default should be correct for most users. Change
it only if you encounter problems.
12. Choose A Download Site: Select a nearby Cygwin mirror site from which to download
the Cygwin packages. Speeds may vary considerably from site to site.
13. Select Packages: If you wish to do a full installation, click on the rotating selector next
to "All" (at the top of the Category list) so that the indicator to its right changes from
"Default" to "Install". Click Next and skip ahead to step 14.
14. If you wish to do a custom installation, click the View button so that the indicator to its
right changes from "Category" to "Full".
15. Once all selected package files have been downloaded and checked, they are unpacked
into the Cygwin root install directory.
Create Icons: Unless these icons already exist from a previous Cygwin installation,
make sure the boxes are checked and click Finish.
USING CYGWIN
As noted, Cygwin provides a Unix-like environment under Windows. The installation
directory (by default, c:\cygwin) is the root of the Unix-like file system, which contains bin, etc,
home, tmp, and usr directories as would be found on a GNU/Linux or other Unix system.
Within home will be one or more subdirectories, each allocated to a Windows user.
To begin, click on the Cygwin desktop icon, or choose the Cygwin entry from your start
menu, to open a Cygwin terminal window. Within this window, the GNU bash shell is
running, with POSIX syntax (directory separators are '/', not '\'). Initially, the current
(working) directory is /home/user, where user is your Windows login name. Don't use this
directory if your Windows login name contains a space; make another and use that one
instead, e.g., by typing these commands at the bash prompt:
mkdir /home/bob
echo "export HOME=/home/bob" >>.bashrc
echo "export HOME=/home/bob" >>.bash_profile
cp .bashrc .bash_profile /home/bob
echo "cd" >>.bashrc
Close your Cygwin terminal window and open another one; your current directory should
now be /home/bob (or whatever you chose to call it).
------*-----SIDDAGANGA POLYTECHNIC, Tumkur-3
C:> telnet 192.168.1.88 80
2. Perform an experiment to grab a banner with telnet and perform the task using
Netcat.
BANNER GRABBING
In the context of Computer Networking, Banner Grabbing is a technique to determine which
application or service is running on the specified port by attempting to make a connection to
this host.
Banner Grabbing is an enumeration technique used to get information about computer
systems on a network and the services running its open ports. Administrators can use this to
take inventory of the systems and services on their network. An intruder however can use
banner grabbing in order to find network hosts that are running versions of applications and
operating systems with known exploits.
Banner Grabbing can be performed in two ways.
1. ONLINE (Thru Internet connection by connecting to remote websites)
2. OFFLINE (Thru Local LAN or with Virtual Box Guest OS)
Some examples of service ports used for banner grabbing are those used by Hyper Text
Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol
(SMTP); ports 80, 21, and 25 respectively. Tools commonly used to perform banner
grabbing are Telnet- which is included with most operating systems and Netcat.
Introduction to telnet
For banner grabbing, we will be using the Telnet client. The telnet client is more of a legacy
piece of command line software that is still installed on most Operating Systems by default.
The basic telnet syntax is: telnet [target ip] [port]
Working with telnet:
1. First Enable the TELNET service on your computer by typing the command given;
Type the command SERVICES.MSC in run command menu, Click on Telnet service and
enable the service, select it automatic and Click Start.
2. Open Command prompt and type the following ;
telnet www.rediff.com 80 (http port) and press enter key twice.
3. After suceesful connection type following request and press enter twice:
Get head /1.0
4. Now you can see the rediff website web servers information.
5. You can also try it on your local machine connecting to your Guest OS like
telnet Guest IP address(example: 192.168.56.101 80) and press enter twice.
C:/ns> nc www.targethost.com 80
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Mon, 11 May 2009 22:10:40 EST
Server: Apache/2.0.46 (Unix) (Red Hat/Linux)
Last-Modified: Thu, 16 Apr 2009 11:20:14 PST
ETag: "1986-69b-123a4bc6"
Accept-Ranges: bytes
Content-Length: 1110
Connection: close
Content-Type: text/html
C:/ns> nc vv n 192.168.56.101 80 and press enter twice to see the result.

-vv=verbose mode , -n=numerical IP address only.
Opening a raw connection to port 25 (like telnet)
nc mail.server.net 25
Checking if UDP ports (-u) 80-90 are open on 192.168.0.1 using zero mode I/O (-z)
nc -vzu 192.168.0.1 80-90
Note that UDP tests will always show as open. The -uz argument is useless.
Introduction to Netcat
Netcat is a computer networking service for reading from and writing network
connections using TCP or UDP. Netcat is designed to be a dependable back-end device
that can be used directly or easily driven by other programs and scripts. At the same time, it
is a feature-rich network debugging and investigation tool, since it can produce almost any
kind of correlation you would need and has a number of built-in capabilities.
Netcat is often referred to as a "Swiss-army knife for TCP/IP." Its list of features
includes port scanning, transferring files, and port listening, and it can be used as a
backdoor.
Netcat is one of the most commonly used anti-hacking tool. It provides a basic TCP/UDP
networking subsystem that allows users to interact manually or via script with network
applications and services on the application layer. It lets us see raw TCP and UDP data
before it gets wrapped in the next highest layer such as File Transfer Protocol (FTP), Simple
Mail Transfer Protocol (SMTP), or Hypertext Transfer Protocol (HTTP).
Features of Netcat:
Some of netcat's major features are:
Outbound or inbound connections, TCP or UDP, to or from any ports

Full DNS forward/reverse checking, with appropriate warnings
Ability to use any local source port
Ability to use any locally-configured network source address
Built-in port-scanning capabilities, with randomization
Built-in loose source-routing capability
Can read command line arguments from standard input
Working with Netcat:

1.
2.
3.
4.
5.
6.
Go to web site http://www.downloadnetcat.com/

Click on Download Netcat Windows Version
Click on Save to store nc11nt zipped File on your system.
Extract the files from nc11nt file on your system.
Goto Command prompt and get onto nc11nt directory.
Type the nc commands and execute them to run find the banner information.
[Note: Before using netcat command, please install the IIS-Internet Information Server from Add/Remove
components on your Guest OS]
~~~~***~~~~
10
3. Perform an experiment for Port Scanning with nmap, superscan or any other
equivalent software
Port scanning: Port scanning or scanning is when intruders collect information on the
network services on a target network. Here, the intruder attempts to find open ports on the
target system.
The different scanning methods that network attackers use are:
1. Vanilla scan/SYNC scan: TCP SYN packets are sent to each address port in an attempt
to connect to all ports. Port numbers 0 65,535 are utilized.
2. Strobe scan: Here, the attacker attempts to connect to a specific range of ports that are
typically open on Windows based hosts or UNIX/Linux based hosts.
3. Sweep: A large set of IP addresses are scanned in an attempt to detect a system that has
one open port.
4. Passive scan: Here, all network traffic entering or leaving the network is captured and
traffic is then analyzed to determine what the open ports are on the hosts within the
network.
5. User Datagram Protocol (UDP) scan: Empty UDP packets are sent to the different
ports of a set of addresses to determine how the operating responds. Closed UDP ports
respond with the Port Unreachable message when any empty UDP packets are
received. Other operating systems respond with the Internet Control Message Protocol
(ICMP) error packet.
6. FTP bounce: To hide the attackers location, the scan is initiated from an intermediary
File Transfer Protocol (FTP) server.
7. FIN scan: TCP FIN packets that specify that the sender wants to close a TCP session
are sent to each port for a range of IP addresses.
Zenmap/Nmap:
Nmap ("Network Mapper") is a free and open source (license) utility for network
exploration or security auditing. Many systems and network administrators also find it useful
for tasks such as network inventory, managing service upgrade schedules, and monitoring
host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are
available on the network, what services (application name and version) those hosts are
offering, what operating systems (and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly
scan large networks, but works fine against single hosts.
Nmap runs on all major computer operating systems, and official binary packages are
available for Linux, Windows, and Mac OS X. Nmap is executable in classic command-line
and an advanced GUI results viewer Nmap can recognise five port states such as: Closed,
Filtered, Unfiltered, Open-filtered and Closed-Filtered.
11
1. Open the terminal and Enter the following command

Nmap -sS 192.168.1.88
2. Scanning range of ip address

Nmap -sS 192.168.1.50-90
12
Working with Nmap/Zenmap:

1. Download the Nmap software from the website www.Nmapdownload.org by accepting
the license agreement.
2. After downloading Nmap setup must be done.
3. By agreeing the license agreement, by selecting components and choose the location
where the Nmap software to be installed.
4. Select Create Desktop icon & Start Menu Folder option.
5. Installation of Nmap Completes.
6. After the installation,click on Nmap icon on desktop.
7. On the Zenmap Window in target option enter the targeted website URL.
8. On the profile bar select Intense Scan option.
9. After scanning, it will list the number of ports, types of ports, Protocol used, Service
offered by the ports, Status of port, version of Software using by port etc.,
10. Go to file menu select save option to save these information in some files.
<<<<<<
>>>>>>>
13
Open the terminal and enter the following commands on Command Prompt:
1. Find Open ports on a system
nmap -v 192.168.1.82
2. Find machines which are active in network.
nmap -sP 192.168.1.1-90
3. Service and version detection by Nmap
nmap -sV 192.168.1.88
4. Find the version of softwares installed on other system
nmap A T4 192.168.1.88
14
4. Using nmap
1) Find Open ports on a system

2) Find machines which are active
3) Find the version of remote OS on other systems
4) Find the version of s/w installed on other system
(using nmap or any othe software)
Nmap Features:
Flexible: Supports dozens of advanced techniques for mapping out networks filled
with IP filters, firewalls, routers, and other obstacles. This includes many port
scanning mechanisms (both TCP & UDP), OS detection, version detection, ping
sweeps, and more. See the documentation page.
Powerful: Nmap has been used to scan huge networks of literally hundreds of
thousands of machines.
Portable: Most operating systems are supported, including Linux, Microsoft
Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS,
Amiga, and more.
Easy: While Nmap offers a rich set of advanced features for power users, you can
start out as simply as "nmap -v -A targethost". Both traditional command line and
graphical (GUI) versions are available to suit your preference. Binaries are available
for those who do not wish to compile Nmap from source.
Free: The primary goals of the Nmap Project is to help make the Internet a little more
secure and to provide administrators/auditors/hackers with an advanced tool for
exploring their networks. Nmap is available for free download, and also comes with
full source code that you may modify and redistribute under the terms of the license.
Well Documented: Significant effort has been put into comprehensive and up-to-date
man pages, whitepapers, tutorials, and even a whole book! Find them in multiple
languages here.
Supported: While Nmap comes with no warranty, it is well supported by a vibrant
community of developers and users. Most of this interaction occurs on the Nmap
mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but
only after you read the guidelines. We recommend that all users subscribe to the lowtraffic nmap-hackers announcement list. You can also find Nmap on Facebook and
Twitter.
Acclaimed: Nmap has won numerous awards, including "Information Security
Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been
featured in hundreds of magazine articles.
Popular: Thousands of people download Nmap every day, and it is included with
many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD,
etc). It is among the top ten (out of 30,000) programs at the Net repository.
15
16

1. Download the Nmap software from the website www.Nmapdownload.org by accepting
the license agreement.
2. After downloading Nmap setup must be done.
3. By agreeing the license agreement by selecting components and choose the location
where the Nmap software to be installed.
4. Select Create Desktop icon & Start Menu Folder option.
5. Click on Finish to complete installation of Nmap.
6. After the installation click on Nmap icon on desktop.
7. On the Zenmap Window in target option enter the targeted website URL.
8. On the profile bar select Intense scan.
9. After scanning it lists
The number of ports which are opened or closed on target Machine
The target system is up or down.
The Operating System using and its version
Different Software running on systems
10. Go to file menu select save option to save these information in some files.
****
*********
17
18
5. Perform an experiment on Active and Passive finger printing using XProbe2

or nmap
Fingerprinting: This is basically the initial step in hacking a corporate network. Here the
intruder attempts to gain as much information on the targeted network by using sources that
the public can access. The aim of fingerprinting is to create a map of the network to
determine what operating systems, applications and address ranges are being utilized and to
identify any accessible open ports.
Fingerprinting is a process in scanning phase in which an attacker tries to identify Operating
System(OS) of target system.
Fingerprinting can be classified into two types:
Active Stack Fingerprinting
Passive Stack Fingerprinting
Active Stack Fingerprinting: It involves sending data to the target system and then see how
it responds. Based on the fact that each system will respond differently, the response is
compared with database the Os is identified. It is commonly used method though there are
high chances of getting detected.
Passive Stack Fingerprinting: It involves examining traffic on network to determine the
operating system. There is no guarantee that the fingerprint will be accurate but usually they
are accurate. It generally means sniffing traffic rather than making actual contact and thus
this method is stealthier and usually goes undetected.
The methods used to fingerprint a network are:
Access information publicly available on the company website to gain any useful info.
Try to find any anonymous File Transfer Protocol (FTP) sites and intranet sites that are not
secured.
Gather information on the companys domain name and the IP address block used.
Test for hosts in the networks IP address block. Tools such as Ping is typically used.
Using tools such as Nslookup, the intruder attempts to perform Domain Name System
(DNS) zone transfers.
A tool such as Nmap is used to find out the operating systems are that are being used.
Tools such as Tracert are used to find routers and to collect subnet information.
19
Using Nmap on Command Prompt:

Nmap is a port scanning tool that can be used for active stack OS fingerprinting.
Syntax: nmap -O IP_address
Example: nmap O 192.168.1.88
Using Linux Command Prompt:

Port scanning for passive stack OS fingerprinting using Linux.
In Linux you will need to install it first.
#p0f -i eth0 -vt
where i means interface eth0 is our communicating card
v means show results in verbose mode and
t means add timestamps to output.
20

1. Download the Nmap software from the website www.Nmapdownload.org by
2.
3.
4.
5.
6.
7.
8.
accepting the license agreement and Install the Tool.

On the Zenmap Window in target option enter the targeted website URL.
On the profile bar select Intense scan(Passive Scan).
After Intense Scan, it lists
The number of ports which are opened or closed on target Machine
The Operating System using and its version
Different Software running on systems
Go to file menu select save option to save these information in some files.
For Active scan, on Profile bar select Ping scan.
After Ping Scan, it lists
The IP Address of target, Domain name of Server, the number of ports which are
opened or closed on target Machine
Go to file menu select save option to save these information in some files.
~~~((((((
))))))~~~
21
22
6. Performa an experiment to demonstrate how to sniff for router traffic by using the
tool Cain and Abel / Wireshark / tcpdump
Sniffer attack: Sniffing refers to the process of capturing and analyzing network traffic.
The packets contents on a network are analyzed. The tools that attackers use for sniffing are
called sniffers or more correctly, protocol analyzers. While protocol analyzers are really
network troubleshooting tools, hackers also use them for malicious purposes.
A sniffer is an application or device that can read, monitor, and capture network data
exchanges and read network packets. If the packets are not encrypted, a sniffer provides a
full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken
open and read unless they are encrypted and the attacker does not have access to the key.
Sniffers monitor, capture, and obtain network information such as passwords and valuable
customer information. When an individual has physical access to a network, he/she can
easily attach a protocol analyzer to the network and then capture traffic. Remote sniffing can
also be performed and network attackers typically use them.
Using a sniffer, an attacker can do any of the following:
Analyze your network and gain information to eventually cause your network to crash
or to become corrupted.
Read your communications.
There are a number of common sniffers that network security administrators and malicious
hackers use: Dsniff, Ethereal, Etherpeek, Network Associatess Sniffer, Ngrep, Sniffit,
Snort, Tcpdump, Windump.
To protect against sniffers, implement Internet Protocol Security (IPSec) to encrypt network
traffic so that any captured information cannot be interpreted.
23
24
Working with Wireshark:

1.
2.
3.
4.
5.
6.
Go to web site http://www.wireshark.org/download.html

Click on Windows Installer (32 bit) for download.
Click on Save to store winshark-win32-1.6.5.exe File on your system.
Double click on WireShark executable file icon.
Choose the folder in which to install and click next to install.
In capture tab down to Interface List Option Double Click on the NIC Type detected by
wireshork: Such as Intel82578DC Gigabit Network Connection.
7. Wireshark windows show the complete traffic capturing on wire. It includes the source
& Destination IP addresses & Ports, Protocol used, Length of data and raw data in
Hexadecimal, Octal & Binary format.
8. On Filter Option, type the type of packets to be filtered such as FTP, HTTP, ARP, UDP.
9. Click on capture menu then stop to stop capturing traffic.
10. Data can decoded and analyzed by selecting essential options in Analyze menu.
11. Sniffed traffic details, Packet Data can be saved into a file.
25
26
7. Perform an experiment to demonstrate the use of DumpSec.

DumpSec is a graphical tool which allows you to dump the permissions (DACLs) and
audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable
listbox format, so that holes in system security are readily apparent. DumpSec also dumps
user, group and replication information.
DumpSec, presently available as freeware from SomarSoft and downloadable at
http://www.systemtools.com/somarsoft/, is a security auditing program for Windows
systems.
You click on the Report tab, Select Computer (enter IP number) and select what items you
want in the report. You will receive the output.
It allows users to remotely connect to any computer and dump permissions, audit settings,
and ownership for the Windows NT/2000 file system into a format that is easily converted
to Microsoft Excel for editing. Hackers can choose to dump either NTFS or share
permissions. It can also dump permissions for printers and the registry. The user can also
get password information such as 'Password Last Set Time' and 'Password Expires Time'. To
summarize, Dumpsec can pull a list of users, groups, and the NT system's policies and user
rights.
Working with DumpSec:

1)
2)
3)
4)
5)
6)
7)
8)
9)
Go to the web site http://www.systemtools.com/nload/dumpacl.zip

Click on download option and double click on dumpsec file to download.
Extract files from Downloaded Compressed (zipped) folder.
Double click on SystemTools.exe file for installation.
Accept License agreement and Click on Next button.
Specify the destination folder to install DumpSec and click on Next.
The Installation Wizard will appear, click on Next to install DumpSec.
Click on Finish button to complete installation process.
Click on DumpSec icon and on Menu bar click on Report menu and select different
Dump permissions supported.
10) The dumped report can be saved by using Save menu.
--------@@@--------
27
8. Perform an wireless audit of an access point / router and decrypt WEP and
WPA. (Using NetStumbler or airsniff)
Wireless LAN Auditing
A corporate network administrator needs assure that the wired LAN is not being
exposed to unauthorized users. This can often happen when users set up their own
wireless LANs for convenience. Such wireless LANs often have little or no security,
which poses a risk to the entire LAN. The network administrator can use NetStumbler
to detect the presence of these "rogue" wireless LANs.
If your LAN uses DHCP, make sure that DHCP is enabled on your wireless LAN card.
You will then be able to tell if networks that you find are connected to your network.
Wireless LAN Coverage Verification
The owner of a wireless LAN can use NetStumbler to verify that an area is well covered
by a good quality signal. NetStumbler can also be used to see how far the coverage area
extends beyond its intended boundary.Configure the wireless LAN card with the SSID
and other settings of the LAN being verified.
Site Survey
When installing or troubleshooting a wireless LAN, it is important to pick locations and
channels in such a way that interference is minimized. A site survey typically includes
finding out what existing items (microwave ovens, cordless phones, radio hams) are
using the radio frequencies as the wireless LAN. A survey should done before
installation of a new wireless LAN, and then subsequent surveys should be performed
after installation. A full site survey requires special hardware such as an RF spectrum
analyzer, but NetStumbler can also be used as part of a site survey.
Use a wireless card that reports noise levels. High noise levels are one of the indicators
of interference.
Wardriving
Wardriving is the sport of detecting and/or locating wireless LANs. NetStumbler is a
very popular tool for wardriving, because of its ease of use and GPS integration.
Encryption: The word "WEP" will appear on an encrypted network, regardless of
whether it is really using WEP.
28
NetStumbler is "beggarware". This means that you do not have to pay for a license
to use it. NetStumbler is a tool for Windows that allows you to detect Wireless Local
Area Networks (WLANs) using 802.11b, 802.11a and 802.11g (IEEE standards).
Netstumbler: NetStumbler (Network Stumbler) is one of the Wi-Fi hacking tool which
only compatible with windows, this tool also a freeware. With this program, we can
search for wireless network which open and infiltrate the network. Its having some
compatibility and network adapter issues. NetStumbler will start in a record mode and
will automatically configure our wireless card, soit's as simple as launching the tool
while our wireless card is enabled.Some APs have lock symbols in the green bubble
indicate that the AP has encryption enabled.
NetStumbler uses:
Verify that your network is set up the way you intended.

Find locations with poor coverage in your WLAN.
Detect other networks that might be causing interference with your network.
Detect unauthorized "rogue" access points in your workplace.
Help aim directional antennas for long-haul WLAN links.
Use it recreationally for WarDriving.
Working with Net stumbler:

1. Plug in the Wireless Adapter (USB) to the PC system.
2. Install the driver software supplied with the Adapter.
Or use Laptop which as Wireless NIC with it.

3. Go to the web site http://network-stumbler.software.informer.com
4. Click on download option and support path to save the file.
5. Double click on Network Stumbler icon to run setup.
6. Accept License agreement and Click on I Agree button.
7. Specify the destination folder to install NetStumbler and click on Next.
8. Click on Close button to complete installation process.
9. Double Click on Network Stumbler icon on desktop to run the tool.
10. On the Menu bar click on Auto reconfigure button and then scanning button to
display the details of wireless point/Wi-Fi router available around your system.
11. Click on Channel and then click on the wireless point number to get the graphical
view of the signal strength, noise, vendor etc,.
12. Switch on Auto Reconfigure, to ensure that as many wireless LANs as possible are found.
13. These details can be saved into a file by clicking on save option on menu bar.
29
The Net Stumbler provides following details of WLAN (wireless LAN):

MAC : The Media Access Control or MAC address is a unique code assigned to networking
hardware, in this case the MAC address is referring to the address assigned to the Wireless
AP (WAP). So beside the green bubble we see the 12 character MAC address for that AP.
BSSID: The text contains the BSSID (Basic Service Set Identifier) for wireless devices. The
icon shows the signal strength as reported in the last scan: Gray means the item was not
detected, or a colored icon ranging from red to green reports the signal strength. A lock
appears in the icon if encryption is enabled on the network. For devices on a wired network
segment, the icon shows a T-shaped network cable and the MAC address is displayed.
SSID (Service Set Identifier) : The reported SSID. This may be blank for access points that
report their existence but not their SSID. For wired network items, the SSID is assumed to
be the SSID that was associated when the item was discovered.
Name : The device's name. This is reported rarely and only if "Query APs for names" is
configured.
Chan : All the channels that the device has been seen on. The most recent one is listed first.
Before the channel number may be a star (*), which means you are associated with the
device, or a plus (+) which means that you were associated with it at some point.
Speed: The maximum reported bandwidth for the device (this is not the actual bandwidth).
If you are using an 802.11b device, it may misreport the bandwidth of 802.11g networks as
11Mbps. Some devices are capable of 108Mbps but only report 54Mbps.
Vendor: The vendor assigned to the MAC, which may not be the actual equipment
manufacturer.
Type :"AP" for a BSS, "Peer" for an IBSS.
Encryption: The word "WEP" will appear on an encrypted network, regardless of whether it
is really using WEP.
SNR: The current Signal to Noise ratio, either in dB or arbitrary RSSI units.
Signal+ : The highest seen Signal value.
Noise-: The lowest seen Noise value.
SNR+ The highest seen SNR value.
IP, Subnet : The IP configuration of the object, if available.
30
Latitude, Longitude, Distance: If you are using a GPS receiver, this indicates the estimated
position of the object. This position is currently the location where the strongest signal was
seen, which is never the actual location. Distance is measured from your current position to
the object's estimated position.
Graph View
The data that appears in the graph view is somewhat dependent on your hardware and
device driver.
The green bars indicate signal strength. The higher the bar, the better the signal.
The red bars, if available, indicate noise level. The higher the bar, the higher the
noise.
The gap between the green and red bars is equivalent to signal to noise ratio.
A purple bar indicates loss of signal, possibly temporary.
To avoid using the networks that you observe, go to the Network Control Panel and
unbind TCP/IP from your wireless LAN card.
The graph view will automatically scroll to keep up with new data if you are viewing the
rightmost part of it.
decibel : dBm is a decibel unit that measures power. 0 dBm is equivalent to 1 milliwatt. 30
dBm is equivalent to 1 watt. A decibel is a logarithmic measure of something compared
with a defined reference point. An increase of 10 dB corresponds to the value being
multiplied by 10. A decrease of 10 dB corresponds to the value is divided by 10.
Access Points (APs) that do have encryption enabled. One of the flaws with the latest
version of NetStumbler is that all enabled encryption is displayed as WEP.
Decrypt 802.11
Wireshark can decrypt WEP and WPA/WPA2 in pre-shared (or personal) mode.
WPA/WPA2 enterprise mode decryption is not yet supported.
You can add decryption keys using Wireshark's 802.11 preferences or by using the
wireless toolbar. Up to 64 keys are supported.
Adding Keys: 802.11 Preferences

Go to Edit->Preferences->IEEE 802.11. You should see a window that looks like this:
Note that the key examples mention WPA, and that each key item is labeled "Key". If
your preferences window doesn't mention WPA, like this
31
then your version of Wireshark only supports WEP decryption. This might be the case
with older versions of Wireshark, particularly the 64-bit Windows version.
In all versions WEP keys can be specified as a string of hexadecimal numbers, with or
without colons:
a1:b2:c3:d4:e5
0102030405060708090a0b0c0d
In versions that support WPA decryption you should use a prefix to tell
Wireshark what kind of key you're using:
wep The key is parsed as a WEP key.
wep:a1:b2:c3:d4:e5
wpa-pwd The password and SSID are used to create a raw pre-shared key.
wpa-pwd:MyPassword:MySSID
wpa-psk The key is parsed as a raw pre-shared key.

wpa-psk:0102030405060708091011...6061626364
Adding Keys: Wireless Toolbar

If you are using the Windows version of Wireshark and you have an AirPcap adapter
you can add decryption keys using the wireless toolbar. If the toolbar isn't visible, you
can show it by selecting View->Wireless Toolbar. Click on the Decryption Keys...
button on the toolbar: This will open the decryption key managment window. As
shown in the window you can select between three decryption modes: None,
Wireshark, and Driver:
_-_-_-_-_-_-_-_
32
33
34
1.
Perform an experiment to sniff traffic using ARP poisoning
35
ARP (address resolution protocol) operates by broadcasting a message across a

network, to determine the Layer 2 address (MAC address) of a host with a predefined Layer
3 address (IP address). The host at the destination IP address sends a reply packet containing
its MAC address. Once the initial ARP transaction is complete, the originating device then
caches the ARP response, which is used within the Layer 2 header of packets that are sent to
a specified IP address.
ARP Spoofing attack is the egression of unsolicited ARP messages. These ARP messages
contain the IP address of a network resource, such as the default gateway, or a DNS server,
and replaces the MAC address for the corresponding network resource with its own MAC
address. Network devices, by design, overwrite any existing ARP information in conjunction
with the IP address, with the new, counterfeit ARP information. The attacker then takes the
role of man in the middle; any traffic destined for the legitimate resource is sent through the
attacking system. As this attack occurs on the lower levels of the OSI model, the end-user is
oblivious to the attack occurrence.
ARP Poisoning is also capable of executing Denial of Service (DoS) attacks. The
attacking system, instead of posing as a gateway and performing a man in the middle attack,
can instead simply drop the packets, causing the clients to be denied service to the attacked
network resource. The spoofing of ARP messages is the tributary principal of ARP
Poisoning.
Address Resolution Protocol (ARP) poisoning is a type of attack where the Media
Access Control (MAC) address is changed by the attacker. Also, called an ARP spoofing
attacks, it is effective against both wired and wireless local networks. Some of the things an
attacker could perform from ARP poisoning attacks include stealing data from the
compromised computers and prevent legitimate access to services, such as Internet service.
Thus MAN in MIDDLE watch the traffic between Source and Target machines.
MAC address is a unique identifier for network nodes, such as computers, printers, and other
devices on a LAN. MAC addresses are associated to network adapter that connects devices
to networks. The MAC address is critical to locating networked hardware devices
because it ensures that data packets go to the correct place. ARP tables, or cache, are used to
correlate network devices IP addresses to their MAC addresses.
36
When a device to be able to communicate with another device with a known IP Address but
an unknown MAC address the sender sends out an ARP packet to all computers on the
network. The ARP packet requests the MAC address from the intended recipient with the
known IP address. When the sender receives the correct MAC address then is able to send
data to the correct location and the IP address and corresponding MAC address are store in
the ARP table for later use.
ARP poisoning is when an attacker is able to compromise the ARP table and changes the
MAC address so that the IP address points to another machine. If the attacker makes the
compromised devices IP address point to his own MAC address then he would be able to
steal the information, or simply eavesdrop and forward on communications meant for the
victim. Additionally, if the attacker changed the MAC address of the device that is used to
connect the network to Internet then he could effectively disable access to the web and other
external networks.
Cain & Abel : It is a nifty program that deals with recovering lost passwords using the
most powerful and tough decryption algorithms. It is capable to quickly and efficiently
retrieve Outlook and network passwords and to display passwords underneath asterisks.
Most encrypted passwords are breakable using this program via Dictionary, Brute-Force
and Cryptanalysis attacks. Decrypting scrambled passwords or wireless network keys is not
a challenge either. Besides the ability to record VoIP conversations, the application also
features the possibility to analyze route protocols.
Working with Cain& abel:
1. Go to the web site http://www.oxid.it/cain.html
2. Click on download option and support path to save the setup file.
3. Double click on ca_setup.exe icon to run setup.
4. Accept License agreement and Click on Next button.
5. Specify the destination folder to install Cain & Abel click on Next.
6. It asks WinPcap to install if not installed earlier.
7. Accept the License agreement and Click on Next button to install WinPcap.
8. Double Click on Cain icon on desktop to run the tool.
9. Click on Sniffer menu.
37
10. Click on hosts on the button portion window.

11. Click Start sniffer and APR service from Standard toolbar menu.
12. Right Click on the hosts window and click on Scan MAC address.
13. Select all hosts in my subnet or range FROM and TO IP address and Click OK.
14. Now you view the MAC and IP address of Remote / Local machines.
15. Click on APR button on toolbar menu.
16. Left Click on right pane of APR window and then Click on + symbol on standard
toolbar.
17. APR enables you to poison IP traffic between the selected host .
18. Click on any IP address on the left side list and the other IP selected on the right side.
19. Left Click on Right side on the IP address and Click OK.
20. Watch the poisoning effect FROM and TO IP address.
--------QQQQQQQ-------
38
39
40
2.
Demonstrate Intrusion Detection System (IDS) using any tool such as Snort
or any other Software.
With the development of network technologies and applications, network attacks are
greatly increasing both in number and severity. As a key technique in network security
domain, Intrusion Detection System (IDS) plays vital role of detecting various kinds of
attacks and secures the networks. Main purpose of IDS is to find out intrusions among
normal audit data and this can be considered as classification problem. Intrusion detection
systems (IDS) are an effective security technology, which can detect, prevent and possibly
react to the attack. It performs monitoring of target sources of activities, such as audit and
network traffic data in computer or network systems, requiring security measures, and
employs various techniques for providing security services. With the tremendous growth of
network-based services and sensitive information on networks, network security is becoming
more and more important than ever before.
Intrusion : Attempting to break into or misuse your system. Intruders may be from outside
the network or legitimate users of the network. Intrusion can be a physical, system or remote
intrusion.
Intrusion Detection Systems look for attack signatures, which are specific patterns that
usually indicate malicious or suspicious intent.
About Snort:
Snort is an open source network intrusion prevention system, capable of performing realtime traffic analysis and packet logging on IP networks. It can perform protocol analysis,
content searching/matching, and can be used to detect a variety of attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting
attempts, and much more.
Snort has three primary uses: It can be used as a straight packet sniffer like tcpdump, a
packet logger (useful for network traffic debugging, etc), or as a full blown network
intrusion prevention system.
The privacy of the Snort community is very important to Sourcefire. If you choose to optout, the information collected at the time of registration will not be used for any Sourcefire
marketing efforts. In addition, Sourcefire will not sell or distribute any personal information
to 3rd party companies.
SNORT can be configured to run in three modes:
1. Sniffer mode
2. Packet Logger mode
Sniffer mode: snort v

3. Network Intrusion Detection System mode
Print out the TCP/IP packets header on the screen

41
Packet Logger mode : snort dev l c:\log [create this directory in the C drive] and
snort will automatically know to go into packet logger mode, it
collects every packet it sees and places it in log directory.
Network Intrusion Detection System mode : snort d c:\log h ipaddress/24 c nort.conf
This is a configuration file applies rule to each packet to decide
it an action based upon the rule type in the file.
Working with Snort:

1. Go to the web site www.snort.org/start/download
2. Click on download option and support path to save the setup file.
3. Double click on Snort Installation icon to run setup.
4. Accept License agreement and Specify path for installation, then Click on Next.
5. Install snort with or without database support.
6. Skip the WinPcap driver installation
7. Select all the components and Click Next.
Install and Close.

9. Add the path variable in windows environment variable by selecting new classpath.
10. Create a path variable and point it at snort.exe variable name : path and variable
value as c:\snort\bin.
11. Click OK button and then close all dialog boxes.
12. and type the following commands:
13. Go to command prompt and get into Snort/bin directory and run Snort.exe file.
14. An editor window displays the complete details of packets flowing across the system,
the IP Address of packet generator, date &Time, length of Packet, Time to live(TTL)
Etc at Realtime.
15. By analyzing these details Intrusers can be traced at real time.
16. These details can be documents by using a print screen option.
8.
++++++++++++++
++++++++++++++
42
3.
Install RootKit and study variety of options.
43
The term Rootkit originally referred to a collection of tools used to gain administrative
access on UNIX operating systems.
The collection of tools often included well-known system monitoring tools that were
modified to hide the actions of an unauthorized user. An unauthorized user would replace
the existing tools on the system with the modified versions preventing authorized users from
discovering the security breach.
Rootkits in Windows refers to programs that use system hooking or modification to hide
files, processes, registry keys, and other objects in order to hide programs and behaviors. In
particular, Windows rootkits do not necessarily include any functionality to gain
administrative privileges. In fact, many Windows rootkits require administrative privileges
to even function.
Two basic classes of Windows rootkits : kernel mode rootkits & user mode rootkits.
Rootkit - A tool used to protect backdoors and other tools from detection by
administrators
ROOTKITS :
Rootkit is a malicious software program, used to gain elevated access to a computer while it
remains hidden from the owner of the computer and installed security software. Rootkits
typically run at a low level and load before the computer's operating system to remain
hidden. The rootkit can then divert any OS functions that would reveal its presence and
display manipulated results to the user.
Malicious users or software often install a rootkit once they have gained access to a
computer, through vulnerabilities in the computer's software or through gaining the
password by social engineering, for example. The rootkit allows them continued access to
the computer, but it leaves no trace of their activity, as it would if they were logged in
through a normal user account. Once installed, the rootkit owner can access the computer at
any time to run software, or to control the computer remotely.
WHY ROOT KITS ARE USED
Root kits are used by criminals for a variety of purposes, usually to turn a computer into
part of a botnet, which can then, in turn, go on to infect other computers or send spam email
messages. The rootkit owner can install keyloggers to capture user-entered passwords for
online banking and similar activities, or steal the users personal details to use for identity
fraud. If the rootkit owner uses the computer for criminal acts, such as breaking into other
computers, it will appear as if the computer owner is responsible if authorities trace the
connection.
o
HOW ROOT KITS STAY UNDETECTED

Many root kits infect the boot sectors of the computers hard disk, allowing them to load
before the computers operating system. The rootkit then patches the operating system and
o
44
changes common functions to hide its existence. For example, the root kit could intercept
calls for a list of files in a directory, removing its own file names before showing the results
to the user, so it would appear as if the directory is clean. Both anti-virus and security
software programs are vulnerable to the effects of a root kit, which runs at a lower level,
ensuring the anti-virus software cannot detect or remove it. This leads the anti-virus
software into believing the system is clean, when it is actually infected and running
malicious software.
Current Rootkit Capabilities:
Root kits Hide processes, Hide files, Hide registry entries, Hide services, Completely
bypass personal firewalls, Undetectable by antivirus, Remotely undetectable, Covert
channels - undetectable on the network, Defeat cryptographic hash checking, Install silently,
All capabilities ever used by viruses or worms
o
***
45
46
12. Generate minimum 10 passwords of length 12 characters using OpenSSL

command.
OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) network protocols and related cryptography standards
required by them.
The openssl program is a command line tool for using the various cryptography functions of
OpenSSL's crypto library from the shell.
It can be used for:
Creation and management of private keys, public keys and parameters

Public key cryptographic operations
Creation of X.509 certificates, CSRs and CRLs
Calculation of Message Digests
Encryption and Decryption with Ciphers
SSL/TLS Client and Server Tests
Handling of S/MIME signed or encrypted mail
Time Stamp requests, generation and verification
The openssl program provides a rich variety of commands, each of which often has a wealth
of options and arguments (command_opts and command_args in the SYNOPSIS). The
pseudo-commands list-standard-commands, list-message-digest-commands, and list-ciphercommands output a list (one entry per line) of the names of all standard commands, message
digest commands, or cipher commands, respectively, that are available in the present openssl
utility.
STANDARD COMMANDS
openssl
passwd
pkcs12
pkey
rand
ts
version
- OpenSSL command line tool

-Generation of hashed passwords.
-PKCS#12 Data Management.
-Public and private key management.
-Generate pseudo-random bytes.
-Time Stamping Authority tool (client/server)
-OpenSSL Version Information.
ENCODING AND CIPHER COMMANDS

base64
rsa
genrsa
genpkey
-Base64 Encoding
-RSA key management.
-Generation of RSA Private Key. Superceded by genpkey.
-Generation of Private Key or Parameters.
Syntax:
openssl command [ command_opts ] [ command_args ]
47
openssl [ list-standard-commands | list-message-digest-commands | list-cipher-commands |

list-cipher-algorithms | list-message-digest-algorithms | list-public-key-algorithms]
openssl no-XXX [ arbitrary options ]
Working with openssl on windows
1. Install Open SSL setup file on to the default location.
2. Perform Full installation and Click Next to Complete the installation.
3. Execute the Open SSL from command prompt available at
C:\ProgramFiles\GnuWin32\OpenSSL\openssl.exe
4. Go to openssl> (This is the Open SSL prompt) and execute the command as follows for
password generation.
5. Passwd crypt [type your password] This is limited to 8 characters password generator.
6. Passwd -1 [your password] This allows you to insert password length beyond 8
characters.
7. Type this command to generate 10-12 characters passwords of TEN numbers.
~~~~~***~~~~~
C:\OpenSSL-Win32\bin>openssl
OpenSSL> passwd
Password:
Verifying - Password:
q8jVlTuFX9wSU
OpenSSL> rand -base64 12
Loading 'screen' into random state - done
72RhZZGSB4rph+eg
OpenSSL> genrsa -out mykey.key 96
Loading 'screen' into random state - done
Generating RSA private key, 96 bit long modulus
...+++++++++++++++++++++++++++ e is 65537 (0x10001)
48
13. Setup a honey pot and monitor the honey pot on network.
49
A honeypot is a device placed on a computer network specifically designed to capture

malicious network traffic. The logging capability of a honeypot is far greater than any other
network security tool and captures raw packet level data even including the keystrokes and
mistakes made by hackers. The captured information is highly valuable as it contains only
malicious traffic with little to no false positives.Honeypots are becoming one of the leading
security tools used to monitor the latest tricks and exploits of hackers by recording their
every move so that the security community can more quickly respond to new exploits.
HoneyBOT works by opening over 1000 UDP and TCP listening sockets on your computer
and these sockets are designed to mimic vulnerable services. When an attacker connects to
these services they are fooled into thinking they are attacking a real server. The honeypot
safely captures all communications with the attacker and logs these results for future
analysis. Should an attacker attempt an exploit or upload a rootkit or trojan to the server the
honeypot environment will safely store these files on your computer for analysis and
submission to antivirus vendors. Our test servers have captured several thousand trojans and
rootkits from some simulated services.
Working with HoneyBOT
1. HoneyBOT can be downloaded from our web site at:
http://www.atomicsoftwaresolutions.com/honeybot.php
2. After clicking the download link save HoneyBOT_010.exe to a location on your hard
drive.
3. Double click the HoneyBOT_010.exe installation file to begin the setup process.
4. Follow the prompts in the setup process. The default installation folder for setup is
c:\honeybot\
5. Setup will create a shortcut in the Start Menu folder and an option is available to create a
desktop icon.
6. Now you can launch HoneyBOT using the programs shortcut icon.
7. Click on the blue play button to start the HoneyBOT listening engine.
8. Using a Web Browser try to access various network systems by providing their IP
Addresses.
50
9. Double clicking a record in the list view of the main window will open the Packet Log
viewer window. On the upper left hand side of the window is the Connection Details
which displays basic information about the selected hit including the total number of
bytes sent and bytes received for that hit.
In the upper right hand side the application displays the Packet History list view of all
transmitted and received IP packets associated with the hit.
10. By clicking on a record in the Packet History box you can view the complete Packet
data in the lower window.
11. All log files are saved by default to c:\honeybot\logs folder. Log files store information
relating to the hits on the system and also store all data received and sent to the attacking
computer.
12. Click on the red stop button to shut down all listening services and terminate all
existing open sockets.
Uninstalling HoneyBOT
Click the Uninstall HoneyBOT icon in the programs start menu to uninstall HoneyBOT and
follow the prompts.
*)))))
(((((
51
14. Install JCrypt tool (or any other equivalent) and demonstrate Asymmetric, Symmetric
crypto algorithm, Hash and Digital/PKI signatures studied in theory Network Security and
Management.
52
STEPS:
1. Download and install jcryptool.
2. Open jcryptool.
3. Open the text editor in jcryptool & write the msg which you want to encrypt.
4. Select asymetric algoritham RSA .
53
5. Provide password for encryption.
6. Following encrypted O/P will appear on screen
54
7. Decrpt the same text by selecting decrypt
Provide the same password which provided during encryption .
55
8. O/P will look like this .

Encryption using symetric algorithms
1. Select AES algorithm .
56
57
58
STEPS FOR MD5
59
60
STEPS for MAC
61
62
63
15. Install IPCop on a linux system and learn all the functions available on
the software.
IPCOP Linux is a complete Linux distribution. Its sole purpose is to protect the network. Its
main features are: IP table network filter, All types of Drive Support and Quad Network
support such as GREEN(Internal Trusted Network), BLUE(Wireless Semi-Trusted Network,
ORANGE(Demilitarized Zone
for internet Access Servers,
RED(The Internet)
System Requirements for IPCop Installation:

P
pentium Processor with 32MB RAM, 300MB hard disk and 3 Network Cards
2 x 5 port 10/100/1000 switch or a Layer 3 switch
N
etwork Cables
B
urned ISO CD
Installation Procedure as follows:

1. Download IPCOP 2.0.2.iso from www.ipcop.org.
2. Run Virtual Box on Host PC and add IPCOP.ISO file and Start the Installation.
3. The Bootup Screen appears hit enter key.
64
4. Select Default English Language and Press Enter-Key

5. Select default US layout Keyboard and Press Enter-Key.
6. Select Asia/Calcutta and Press OK to proceed.
7. Change the Date and Time if required and Press OK.
8. Select the disk installation default HDD and Press OK.
9. Skip the restore windows by pressing skip option button.
10. Now Disk installation is complete press on congratulation button.
11. Enter HOST name ipcop and Press OK.
12. Domain Name local domain and Press OK.
13. Select DHCP by pressing space bar key and Press OK.
14. Select card assignment first as GREEN and second as RED and Press DONE.
15. Press OK on DHCP server by Default.
16. Type the Password for root minimum 6 characters and Press OK
17. Type the Password for admin minimum 6 characters and Press OK.
18. Type the Password for backup minimum 6 characters and Press OK.
19. Your IPCOP Virtual Box Reboots.
20. Type the username as root and enter the password , Press Enter-Key.
21. Now open your Internet Explorer Web Browser and type the following in the address
bar: https://192.168.1.1:8443/ and Press Enter-Key.

22. Certificate error is obtained Click on continue which displays as not recommended
anyway.
23. IPCOP begins and enter the username as admin and type the password, click OK.
24. The Full Fledge IPCOP firewall is now ready.
25. Practice the basic options of IPCOP firewall
Installing the System

S
elect our language.
S
elect our Installation Medium, a CD in this case.
The first step, after powering on the system, is changing the boot sequence in the BIOS-the
optical drive has to be the first in the list for setup purposes. This option can be found in a
variety of places in the BIOS menus, depending on the specific BIOS used by the
motherboard. It is usually in the "Advanced Setup Options" or "Advanced BIOS Setup"
areas.
CDROM set as first boot device
After changing this setting, you can leave the BIOS, either by pressing the F10 key, or via
the menu option "Exit Saving Changes" in the main BIOS screen.
The system will now boot from the CD, and you will be greeted by the Isolinux boot loader.
The warning that all data on your drive will be wiped should be taken very seriously!
This is the last dialog the installer will display before erasing and partitioning the drive. If
you still have any important files left on the system, cancel the installation now and back
them up to a safe location!
65
Run through the simple prompt-based installation.

Configure our network cards The fastest way to configure our network interface cards is by
selecting Probe option. If we know the network card information we can choose to our exact
interface from Select.
41
66
67
Initial Setup
Having installed IPCop we now have to enter some further configuration information in
setup for our setup to be complete.
Enter in Keyboard, Time Zone and Hostname/Domain.
ISDN Setup As we are not using ISDN we should select to disable it
Network Configuration Type - Select the Interface configuration we will be running by
tabbing to Network Configuration Type and hit the Enter key.
Password Setup - IPCop has 2 users which we will be asked to setup passwords for the root
68
and admin. Set these both to a strong password > 8 character password that is not a word in
any language and contains Caps. A good example would be 1luv19c0p. Root password will
be used to log on and add any add-ons or upgrades via SSH. Admin user is used to manage
our IPCop day to day.
Since we have 3 interfaces and only have set up Green, repeat the interface setup options for
the Red and Orange interfaces as described above.
Configure the RED interface to use DHCP as this is interface connected to the Internet (i.e.
Our ISP). Then configure our ORANGE interface to use the 192.168.10.x address space. For
Red tab over to the DHCP box and select it by hitting Enter. So if our Green network will
contain 15 hosts we can use 192.168.1.2-16. To set this up simply add in this range
192.168.1.2-16 and tab down to OK.
69
70

Nslabmanual BNN

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Nslabmanual BNN

Diunggah oleh

Hak Cipta:

Format Tersedia

Network Security LAB

SIXTH SEMESTER CSE LAB MANUAL

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

1. Learn to install Wine/Virtual Box/Cygwin or any other equivalent Software

CYGWIN INSTALLATION STEPS:

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

------*-----SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

C:> telnet 192.168.1.88 80

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

C:/ns> nc vv n 192.168.56.101 80 and press enter twice to see the result.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

Outbound or inbound connections, TCP or UDP, to or from any ports

Working with Netcat:

Go to web site http://www.downloadnetcat.com/

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

1. Open the terminal and Enter the following command

2. Scanning range of ip address

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

Working with Nmap/Zenmap:

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

1) Find Open ports on a system

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

Working with Nmap/Zenmap:

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

5. Perform an experiment on Active and Passive finger printing using XProbe2

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

Using Nmap on Command Prompt:

Using Linux Command Prompt:

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

Working with Nmap/Zenmap:

accepting the license agreement and Install the Tool.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

Read your communications.

SIDDAGANGA POLYTECHNIC, Tumkur-3