JKK MUNIRAJAH COLLEGE OF TECHNOLOGY

T.N PALAYAM-638 506.

Approved by AICTE, New Delhi and Affiliated to Anna University.

RECORD NOTE BOOK

Reg.No

Certified that this is the bonafide record of work done by

Selvan/Selvi………………………….. of the ...............Semester
…………………………. …….branch during the year ………..
in the ........................................................................ Laboratory
with the laboratory code…………………..

Staff -in-charge Head of the Department

Submitted for the University Practical Examination on .

Internal Examiner External Examiner

 INDEX

EX.
TITLE MARKS SIGNATURE
NO DATE

1 Implement symmetric key algorithms

2 Asymmetric key algorithms and key exchange algorithms

3 Implement digital signature schemes

4 Installation of wireshark, tcpdump

5 Check message integrity and confidentiality using SSL

6A Eavesdropping

6B Dictionary attacks

6C Man-in-the-middle

7 Sniff traffic using ARP poisoning

8 Intrusion detection

9 Network Monitoring Tools

10A Configure Firewall

10B Configure VPN

 LIST OF EXPERIMENTS

1. Implement asymmetric key algorithms and key exchange algorithms

2. Implement digital signature schemes

3. Installation of Wire shark, tcpdump and observe data transferredin client-

server communication using UDP/TCP and identify the UDP/TCP datagram.
4. Implement symmetric key algorithms
5. Check message integrity and confidentiality using SSL
6. Experiment Eavesdropping, Dictionary attacks, MITM attacks
7. Experiment with Sniff Traffic using ARP Poisoning

8. Demonstrate intrusion detection system using any tool.

9. Explore network monitoring tools
10. Study to configure Firewall, VPN
 EX.NO: 1
IMPLEMENT SYMMETRIC KEY
DATE: ALGORITHMS

AIM:
To implement symmetric key algorithms for secure data encryption and decryption.

ALGORITHM:
Encryption:

STEP1: Initialize the round keys using the main symmetric key.

STEP 2: Break the plaintext into blocks, padding the last block if necessary.

STEP 3: For each block: a. Perform the initial round key addition. b. Perform multiple
rounds (10, 12,or 14 rounds based on key length):
 Byte substitution using a substitution box (S-box).

 Row shifting within the block.

 Column mixing within the block.

 Round key addition using the current round key. c. Perform the final round without
thecolumn mixing step.
STEP 4: Combine the encrypted blocks to create the ciphertext.

Decryption:

STEP 1: Initialize the round keys using the main symmetric key.

STEP 2: Break the ciphertext into blocks.

STEP 3: For each block: a. Perform the initial round key addition. b. Perform the reverse
of theencryption rounds in the reverse order:
 Inverse byte substitution using an inverse S-box.

 Inverse row shifting within the block.

 Inverse round key addition using the current round key.

 Inverse column mixing within the block (if not in the final round). c. Perform the final
roundwithout the inverse column mixing step.
STEP 4: Combine the decrypted blocks to recover the original plaintext.

STEP 5: Remove any padding added during encryption to obtain the actual original plaintext.

PROGRAM:

import javax.crypto.Cipher;

import javax.crypto.KeyGenerator;

import javax.crypto.SecretKey;

import java.util.Base64;
public class SymmetricEncryption {
public static void main(String[] args) throws Exception {
String plaintext = "Hello, symmetric encryption!";
System.out.println("Original Text: " + plaintext);

// Generate a secret key

KeyGenerator keyGen = KeyGenerator.getInstance("AES");

keyGen.init(128); // You can choose 128, 192, or 256 bits
SecretKey secretKey = keyGen.generateKey();

// Encryption

Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");

cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encryptedBytes = cipher.doFinal(plaintext.getBytes("UTF-8"));

System.out.println("Encrypted Text: " +

Base64.getEncoder().encodeToString(encryptedBytes));

// Decryption
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
String decryptedText = new String(decryptedBytes, "UTF-8");

System.out.println("Decrypted Text: " + decryptedText);

}}
OUTPUT:
Original Text: Hello, symmetric encryption!

Encrypted Text: XnO8JLmjRhKwx/mLPJ8zXyz6kfONJ6LYH8C75KxVvwk=

Decrypted Text: Hello, symmetric encryption!

RESULT:
Thus, the java program to implement symmetric key algorithms is verified
successfully and output is verified.
 EX.NO.:2
ASYMMETRIC KEY ALGORITHMS

DATE: AND KEY EXCHANGE ALGORITHMS

AIM:

To implement asymmetric key algorithms and key exchange algorithms using Java

Program.

ALGORITHM:

Asymmetric Key Algorithms (RSA):

Key Generation:

STEP 1: Generate a pair of mathematically related keys: public key (for encryption) and
private key(for decryption).
STEP 2: Select two large prime numbers, `p` and `q`.

STEP 3: Calculate the modulus `n = p * q`.

STEP 4: Calculate the totient `phi(n) = (p - 1) * (q - 1)`.

STEP 5: Choose an integer `e` (the public exponent) such that `1 < e <phi(n)` and
`gcd(e, phi(n)) =1`.
STEP 6: Calculate the modular multiplicative inverse `d` of `e` modulo `phi(n)` (`d * e
≡ 1 (modphi(n))`).
Encryption:

1. Obtain the recipient's public key `(e, n)`.

2. Break the plaintext into smaller blocks.

3. For each block, calculate the ciphertext `c = m^e mod n`, where `m` is the plaintext
block.

Decryption:
1. Use the recipient's private key `d` to calculate the original message `m = c^d mod n`,
where `c` is the ciphertext block.
 Key Generation:

1. Each party selects a large prime number `p` and a primitive root modulo `p`, denoted
as`g`.

Key Exchange:

1. Both parties select their secret private keys, `a` and `b`, respectively.

2. They each calculate their public keys: `A = g^a mod p` and `B = g^b mod p`.

3. They exchange these public keys.

Using the received public keys, each party calculates the shared secret: `s = B^a mod p`
and `s = A^b mod p`. Both parties now have the same shared secret `s`.

PROGRAM:

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.Cipher;

public class Demo3 {

public static void main(String[] args) throws Exception {
// Step 1: Come up with a message we want to encrypt
byte[] message = "Hello, World!".getBytes();
// Step 2: Create a KeyGenerator object
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
// Step 3: Initialize the KeyGenerator with a certain keysize
keyPairGenerator.initialize(512);
// Step 4: Generate the key pairs
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// Step 5: Extract the keys
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
// Step 6: Create a Cipher object
Cipher cipher = Cipher.getInstance("RSA/ECB/NoPadding");
// Step 7: Initialize the Cipher object
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
// Step 8: Give the Cipher our message
cipher.update(message);
// Step 9: Encrypt the message
byte[] ciphertext = cipher.doFinal();
// Step 10: Print the ciphertext
System.out.println("message: " + new String(message, "UTF8"));
System.out.println("ciphertext: " + new String(ciphertext, "UTF8"));
// Step 11: Change the Cipher object's mode
cipher.init(Cipher.DECRYPT_MODE, privateKey);
// Step 12: Give the Cipher objectour ciphertext
cipher.update(ciphertext);
// Step 13: Decrypt the ciphertext
byte[] decrypted = cipher.doFinal();
System.out.println("decrypted: " + new String(decrypted, "UTF8"));
}
}

OUTPUT:

message: Hello, World!

ciphertext: ?? v???m-RI???/a'FHL???y?5?vj???z?i??A??U-4&?z?V?<?U?O?j
decrypted: Hello, World!

RESULT:
Thus, the java program to implement asymmetric key algorithms is verified
successfully and output is verified.
 EX.NO.:3
IMPLEMENT DIGITAL SIGNATURE
DATE: SCHEMES

AIM:

To implement the digital signature scheme using java program.

ALGORITHM:

STEP 1: Key Pair Generation

Generate an RSA key pair with a specified key length. Share the public key and private key with
appropriate security measures.

STEP 2: Creating a Digital Signature

Choose a message to be digitally signed. Use the private key to generate a digital signature for
the message.Attach the digital signature to the message.

STEP 3: Signature Verification

Receive a signed message and the associated digital signature. Extract the public key from the
sender. Verify the authenticity of the message using the digital signature and the public key.

STEP 4: Observation and Analysis

Observe the successful verification of authentic messages .Attempt to verify messages with
altered content or incorrect signatures to understand theverification process.

STEP 5: Discussion and Reflection

Discuss the importance of digital signatures in ensuring data integrity and authentication.
Reflect on how the private key's security impacts the overall security of digital signatures.

PROGRAM:

import java.security.*;

import java.util.Base64;

public class DigitalSignatureExample {

public static void main(String[] args) throws Exception {

 String message = "Hello, this is a message for digital signature!";

System.out.println("Original Message: " + message);

// Generate key pair

KeyPairGeneratorkeyPairGenerator = KeyPairGenerator.getInstance("RSA");

keyPairGenerator.initialize(2048); // Key length

KeyPairkeyPair = keyPairGenerator.generateKeyPair();

// Create a digital signature

Signature signature = Signature.getInstance("SHA256withRSA");

signature.initSign(keyPair.getPrivate());

signature.update(message.getBytes());

byte[] digitalSignature = signature.sign();

System.out.println("Digital Signature: " +

Base64.getEncoder().encodeToString(digitalSignature));

// Verify the digital signature

Signature verifier = Signature.getInstance("SHA256withRSA");

verifier.initVerify(keyPair.getPublic());

verifier.update(message.getBytes());

booleanisVerified = verifier.verify(digitalSignature);

if (isVerified) {

System.out.println("Digital Signature Verified: The message is authentic.");

} else {

System.out.println("Digital Signature Verification Failed: The message may be tampered

with.");

}
OUTPUT:

Original Message: Hello, this is a message for digital signature!

Digital Signature:

fdszfafkllmfasfmalflasmf;’g2sgs5gshsiuhsfs46sg84sgshgsiog54sg65s4gsgslkhsoigs524654df5jk

gjfghfdhdgsdhgfdshfdhdfdfdgf

Digital Signature Verified: The message is authentic.

RESULT:

Thus, the java program to digital signature schemes is executed successfully and
output is verified.
 EX.NO.:4
INSTALLATION OF WIRE SHARK,
DATE: TCPDUMP

AIM:

The aim of this lab activity is to install Wireshark and tcpdump, observe data transferred
in client-server communication using UDP/TCP protocols, and identify UDP/TCP datagrams for
better understanding of network traffic analysis and protocol behavior.

ALGORITHM:

STEP 1: Install Wireshark and tcpdump

Download and install Wireshark from the official website.
Install tcpdump using the package manager (e.g., apt-get, yum) on Linux systems.

STEP 2: Set Up Client-Server Communication

Set up a basic client-server communication scenario using UDP or TCP (e.g., sending messages
from a client to a server).

STEP 3: Capture Network Traffic

Open Wireshark and choose the appropriate network interface. Start capturing traffic to monitor
the communication.

STEP 4: Observe UDP Datagram

Filter captured packets to display only UDP packets.
Analyze the captured UDP datagrams, noting source and destination ports, payload data, and
other relevant information.

STEP 5: Observe TCP Segment

Filter captured packets to display only TCP packets.
Analyze the captured TCP segments, noting source and destination ports, sequence and
acknowledgment numbers, flags (such as SYN, ACK), and payload data.
 STEP 6: Discussion and Analysis
Compare the characteristics of UDP datagrams and TCP segments observed in the captured
network traffic.

STEP 7: Reflection
Reflect on the importance of network analysis tools in understanding network communication
and troubleshooting.

PROCEDURE:

Step 1: Install Wireshark and tcpdump:

Installing Wireshark:

1. Visit the official Wireshark website: https://www.wireshark.org/

2. Download and install Wireshark for your operating system (Windows, macOS, or Linux).

Installing tcpdump:

On Linux:

Open a terminal.

Use the package manager of your distribution to install tcpdump.

For example, on Debian/Ubuntu, you can use: `sudo apt-get install tcpdump`

- On CentOS/RHEL, you can use: `sudo yum install tcpdump`

Step 2: Observe Data Transferred in Client-Server

Communication:Setting Up a Simple Communication Scenario:

1. Choose a client and server machine, preferably on the same network.

2. Decide whether you'll be using UDP or TCP for communication.

3. Write a simple client-server program or use command-line tools (e.g., `nc` for TCP,
`ncat`for UDP) to simulate communication.

Capturing Network Traffic:

Wireshark:

1. Open Wireshark.
2. Select the network interface through which the client and server communicate.
 3. Click the "Start" button to capture traffic.

tcpdump:

1. Open a terminal.

2. Use the following command to capture traffic on a specific interface sudo tcp dump -i
<interface> -w capture.pcap

3. Replace `<interface>` with the appropriate network interface.

Step 3: Identify UDP/TCP Datagram:

1. After capturing traffic, you can stop the capture in Wireshark or tcpdump.

2. In Wireshark:

- You will see a list of captured packets.

- Use display filters to focus on UDP or TCP traffic. For example:

- `udp` to show only UDP packets.

- `tcp` to show only TCP packets.

Click on a packet to view its details, including source and destination ports, payload data,
and more.

3. In tcpdump:

- Open the captured pcap file with Wireshark for graphical analysis.

- Use the same display filters (`udp`, `tcp`) to focus on UDP or TCP packets. Identifying UDP

Datagram:

- In Wireshark or tcpdump, look for packets with a UDP protocol. You'll see source and

destination port numbers and the payload data.

- Identifying TCP Segment: In Wireshark or tcpdump, look for packets with a TCP protocol.

You'll see source and destination port numbers, sequence numbers, acknowledgment numbers,

flags (such as SYN,ACK), and the payload data.

RESULT:

Thus, the command for various activities is executed successfully and output is
verified.
EX.NO.:5
CHECK MESSAGE INTEGRITY AND CONFIDENTIALITY
DATE: USING SSL

AIM:

Write a Java program to check message integrity and confidentiality using SSL.

ALGORITHM:

STEP 1: Key Pair Generation

Generate an RSA key pair with a specified key length.

Share the public key and private key with appropriate security measures.

STEP 2: Creating a integrity and confidentiality

Choose a message to be data confidential.

Use the private key to generate a digital signature for the message.

Attach the SSL to the message.

STEP 3: Verification for SSL

Receive a signed message and the associated SSL.

Extract the public key from the sender.

Verify the integrity of the message using the SSL and the public key.

STEP 4: Observation and Analysis

Observe the successful verification of authentic messages.

Attempt to verify messages with altered content or incorrect SSl to understand the integrity
and confidentiality process.

STEP 5: Discussion and Reflection

Discuss the importance of SSL in ensuring data integrity and confidentiality.

Reflect on how the private key's security impacts the overall security of SSL.
PROGRAM:

Server side:

import javax.net.ssl.*;
import java.io.*;
import java.security.*;

public class SSLServer {

public static void main(String[] args) throws Exception {
int port = 1234; // Port to listen on
// Load the keystore containing the server's private key and certificate
char[] password = "password".toCharArray(); // Keystore password
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream("server_keystore.jks"), password);
// Create and initialize the SSLContext
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, password);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), null, null);
// Create and configure the server socket factory
SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket)
sslServerSocketFactory.createServerSocket(port);
System.out.println("Server started. Listening on port " + port + "...");
// Accept client connections
while (true) {
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
System.out.println("Client connected: " + sslSocket.getInetAddress());
 // Create input and output streams for communication
BufferedReader in = new BufferedReader(new
InputStreamReader(sslSocket.getInputStream()));
PrintWriter out = new PrintWriter(sslSocket.getOutputStream(), true);
// Read and print client's message
String message = in.readLine();
System.out.println("Received from client: " + message);
// Echo the message back to the client
out.println("Server received: " + message)
// Close streams and socket
out.close();
in.close();
sslSocket.close();
}
}
}

Client Side:

import javax.net.ssl.*;
import java.io.*;
import java.security.*
public class SSLClient {
public static void main(String[] args) throws Exception {
String serverAddress = "localhost"; // Server address
int serverPort = 1234; // Server port
// Create and initialize the SSLContext
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, null, new SecureRandom()
// Create and configure the socket factory
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(serverAddress, serverPort);
 // Create input and output streams for communication
BufferedReader in = new BufferedReader(new InputStreamReader(sslSocket.getInputStream()));
PrintWriter out = new PrintWriter(sslSocket.getOutputStream(), true)
// Send message to server
out.println("Hello, server!");
// Read and print server's response
String response = in.readLine();
System.out.println("Received from server: " + response);
// Close streams and socket
out.close();
in.close();
sslSocket.close();
}
}

OUTPUT:

Server:
Server started. Listening on port 1234...
Client connected: /127.0.0.1
Received from client: Hello, server!
Client:
Received from server: Server received: Hello, server!

RESULT:

Thus, the java program to check message integrity and confidentiality using SSL is
executed successfully and output is verified.
 EX.NO.:6(a)
EAVESDROPPING
DATE:

AIM:

To implement dictionary attacks using Java Program.

ALGORITHM:
Step 1: Server Initialization:
 Start the server.
 Load the server's SSL keystore containing the private key and certificate.
 Create and initialize the SSL context.
 Create and configure the SSL server socket factory.
 Listen for client connections.
Step 2: Client Initialization:
 Create and initialize the SSL context.
 Create and configure the SSL socket factory.
 Connect to the server.
 Create input and output streams for communication.
Step 3: Client Communication:
 Send a message to the server.
 Receive and print the server's response.
 Close the streams and socket.
Step 4: Eavesdropper Initialization:
 Create and initialize the SSL context.
 Create and configure the SSL socket factory.
 Connect to the server.
 Create an input stream to listen to the server's communication.
Step 5: Eavesdropping:
 Continuously read messages from the server.
 Print the intercepted messages.
Step 6: Cleanup:
 Close the input stream and socket.
PROGRAM:

Server side:

import javax.net.ssl.*;

import java.io.*;

import java.security.*;

public class SSLServer {

public static void main(String[] args) throws Exception {

int port = 1234; // Port to listen on

char[] password = "password".toCharArray(); // Keystore password

// Load the keystore containing the server's private key and certificate

KeyStore keyStore = KeyStore.getInstance("JKS");

keyStore.load(new FileInputStream("server_keystore.jks"), password);

// Create and initialize the SSLContext

KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

kmf.init(keyStore, password);

SSLContext sslContext = SSLContext.getInstance("TLS");

sslContext.init(kmf.getKeyManagers(), null, null);

// Create and configure the server socket factory

SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory();

SSLServerSocket sslServerSocket = (SSLServerSocket)

sslServerSocketFactory.createServerSocket(port);

System.out.println("Server started. Listening on port " + port + "...");

 // Accept client connections

while (true) {

SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();

System.out.println("Client connected: " + sslSocket.getInetAddress());

// Create input and output streams for communication

BufferedReader in = new BufferedReader(new

InputStreamReader(sslSocket.getInputStream()));

PrintWriter out = new PrintWriter(sslSocket.getOutputStream(), true);

// Read and print client's message

String message = in.readLine();

System.out.println("Received from client: " + message);

// Echo the message back to the client

out.println("Server received: " + message);

// Close streams and socket

out.close();

in.close();

sslSocket.close();

Client side:

import javax.net.ssl.*;
import java.io.*;
import java.security.*;
public class SSLClient {
public static void main(String[] args) throws Exception {
String serverAddress = "localhost"; // Server address
 int serverPort = 1234; // Server port

// Create and initialize the SSLContext

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, null, new SecureRandom());
// Create and configure the socket factory
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(serverAddress, serverPort);
// Create input and output streams for communication
BufferedReader in = new BufferedReader(new InputStreamReader(sslSocket.getInputStream()));
PrintWriter out = new PrintWriter(sslSocket.getOutputStream(), true);
// Send message to server
out.println("Hello, server!");
// Read and print server's response
String response = in.readLine();
System.out.println("Received from server: " + response);
// Close streams and socket
out.close();
in.close();
sslSocket.close();
}
}
Eavesdropper Code:
import javax.net.ssl.*;
import java.io.*;
import java.security.*;
public class Eavesdropper {
public static void main(String[] args) throws Exception {
String serverAddress = "localhost"; // Server address
int serverPort = 1234; // Server port
// Create and initialize the SSLContext
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, null, new SecureRandom());
// Create and configure the socket factory
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(serverAddress, serverPort);
 // Create input stream to listen to server's communication
BufferedReader in = new BufferedReader(new InputStreamReader(sslSocket.getInputStream()));

// Read and print server's communication

String message;
while ((message = in.readLine()) != null) {
System.out.println("Eavesdropped: " + message);
}
// Close stream and socket
in.close();
sslSocket.close();
}
}

OUTPUT:

Server side:
Server started. Listening on port 1234...
Client connected: / 192.168.2.50
Received from client: Hello, server!
Client side:
Received from server: Server received: Hello, server!
Eavesdropper Output:
Eavesdropped: Server received: Hello, server!

RESULT:

Thus, the java program to implement Eavesdropping is executed successfully and output
is verified.
 EX.NO.:6(b)

DICTIONARY ATTACKS
DATE:

AIM:

To implement dictionary attacks Using Java Program.

ALGORITHM:

Create a Java Project: Start by creating a Java project in your favorite integrated
developmentenvironment (IDE) or a simple text editor.

STEP 1:
Import Required Libraries: You'll need libraries for hash functions and file handling.
Import thenecessary libraries.

STEP 2:

Read the List of Hashed Passwords: Create a method to read the list of hashed passwordsfrom
a file. Assume the hashed passwords are stored in a file, one hash per line

STEP 3:

Load the Dictionary: Create a method to load a dictionary file containing words or phrasesyou
want to try as passwords

STEP 4:

Perform the Dictionary Attack: Create a method to perform the dictionary attack

STEP 5:
Main Method: In your main method, call the above methods to read hashed passwords, load
the dictionary, and perform the dictionary attack

STEP 6:

Prepare Input Files: Create two text files, one for the hashed passwords (hashed_passwords.txt)
and one for the dictionary (dictionary.txt). Populate them with the appropriate data.

STEP 7:

Run the Program: Run the Java program, and it will attempt to match the hashed passwords
from your input file with the words or phrases in the dictionary file.
PROGRAM:

import java.io.BufferedReader;

import java.io.FileReader;

import java.io.IOException;

public class DictionaryAttack {

public static void main(String[] args) {

String username = "user123"; // The target username

String dictionaryFile = "passwords.txt"; // Path to the dictionary file

booleanaccessGranted = false;

try (BufferedReader reader = new BufferedReader(new FileReader(dictionaryFile)) {

String password;

while ((password = reader.readLine()) != null) {

if (authenticate(username, password)) {

System.out.println("Access granted for username: " + username + " with password: " +
password);

accessGranted = true;

break;

} catch (IOException e) {

e.printStackTrace();

if (!accessGranted) {

System.out.println("Dictionary attack failed. Access not granted.");

 }

// Simulate authentication logic

private static boolean authenticate(String username, String password) {

// In a real system, this function would check if the provided username and password are
correct.

// For demonstration purposes, it only checks if the password matches "123456".Return

password.equals("123456");

OUTPUT:

Access granted for username: user123 with password: 123456

If the program does not find a matching password in the dictionary, it will print:

Dictionary attack failed. Access not granted.

RESULT:

Thus, the java program to implement Dictionary attack is executed successfully and
output is verified.
 EX.NO.:6(c)

MAN-IN-THE-MIDDLE
DATE:

AIM:

To guide Man in the Middle Attack and resolved it.

INTRODUCTION:

A man-in-the-middle (MITM) attack is a malicious technique in which an attacker

intercepts and possibly alters the communication between two parties by positioning
themselves between them. By exploiting vulnerabilities in the communication channel, the
attacker gains unauthorized access to sensitive information without the knowledge of the
communicating parties.

Steps To Perform Advanced Man-in-the-Middle Attacks with Xerosploit

Step 1: Clone the official Xerosploit repository from Github using the git clone command.
git clone https://github.com/LionSec/xerosploit
Step 2: Change the directory to xerosploit using the cd command. and then install the
xerosploit.

sudo cd xerosploit
sudo python install.py

Step 3: Install it’s all dependencies using the following command:

sudo apt install nmap hping3 build-essential ruby-devlibpcap-dev libgmp3-dev

Step 4: Run the following command for setting up the terminal tables.

sudo pip3 tabulate terminal tables

Step 5: Run Xerosploit.

sudo python3 xerosploit.py
Step 6: Use the commands for various purposes like scanning the network use the below
command.

scan

Step 7: Select the target and run the module you want to execute.

RESULT:
Thus, the man in the middle attacks discussed and all the modules are executed.
 EX.NO:7
SNIFF TRAFFIC USING ARP
POISONING
DATE:

AIM:

To guide Sniff Traffic Using Arp Poisoning and resolved it.

Enter the command

ipconfig /all

ARP is the acronym for Address Resolution Protocol.

Static ARP entries: these can be defined in the local ARP cache and the switch configured to
ignore all auto ARP reply packets. The disadvantage of this method is, it’s difficult to maintain
on large networks. IP/MAC address mapping has to be distributed to all the computers on the
network.

ARP poisoning detection software: these systems can be used to cross check the IP/MAC
address resolution and certify them if they are authenticated. Uncertified IP/MAC address
resolutions can then be blocked.

Operating System Security: this measure is dependent on the operating system been used.The
following are the basic techniques used by various operating systems.

 Linux based: these work by ignoring unsolicited ARP reply packets.

 Microsoft Windows: the ARP cache behavior can be configured via the registry.The
following list includes some of the software that can be used to protect networks
against sniffing;
 AntiARP– provides protection against both passive and active sniffing
 Agnitum Outpost Firewall–provides protection against passive sniffing
 XArp– provides protection against both passive and active sniffing
 Mac OS: ArpGuard can be used to provide protection. It protects against bothactive
and passive sniffing.

Hacking Activity: Configure ARP entries in Windows

We are using Windows 7 for this exercise, but the commands should be able to work on other
versions of windows as well.

Open the command prompt and enter the following command

arp –a

HERE,
 Arp calls the ARP configure program located in Windows/System32 directory
 -a is the parameter to display to contents of the ARP cache

 You will get results similar to the following

Note: dynamic entries are added and deleted automatically when using TCP/IP sessions with
remote computers.

Static entries are added manually and are deleted when the computer is restarted, and the
network interface card restarted or other activities that affect it.

Adding static entries

Open the command prompt then use the ipconfig /all command to get the IP and MAC
address

The MAC address is represented using the Physical Address and the IP address is
IPv4Address
Enter the following command
arp –s 192.168.1.38 60-36-DD-A6-C5-43

Note: The IP and MAC address will be different from the ones used here. This is because
they are unique.

Use the following command to view the ARP cache

arp –a

You will get the following results

Note the IP address has been resolved to the MAC address we provided and it is of a static
type.

Deleting an ARP cache entry

Use the following command to remove an entry

arp –d 192.168.1.38
RESULT:

The expected output is achieved with the command of Sniff Traffic using Arp Poisoning.
EX.NO:8

INTRUSION DETECTION
DATE:

AIM:

To Demonstrate Intrusion Detection System (IDS) using Snorts Software tool.

STEPS ON CONFIGURING AND INTRUSION DETECTION:

1. Download Snort from the Snort.org website. (http://www.snort.org/snort-downloads)

2. Download Rules(https://www.snort.org/snort- rules). You must register to get the
rules.(You should download these often)
3. Double click on the .exe to install snort. This will install snort in the ―C:\Snort‖folder.It is
important to have WinPcap(https://www.winpcap.org/in stall/)installed
4. Extract the Rules file. You will need WinRAR for the .gz file.
5. Copy all files from the ―rules‖ folder of the extracted folder. Now paste the rules into
―C:\Snort\rules‖ folder.
6. Copy ―snort.conf‖ file from the ―etc‖ folder of the extracted folder. You must paste it into
―C:\Snort\etc‖ folder. Over write any Existing file. Remember if you modify your snort. Conf
file and download an e wfile, you must modify it for Snort to work.
7. Open a command prompt (cmd.exe) and navigate to folder ―C:\Snort\bin‖folder. (at the
Prompt, typecd\snort\bin)
8. To start (execute) snort insniffer mode use following command: snort-dev-i3
-I indicates the interface number. You must pick the correct interface number. In my case, it is 3
-devis used to run snort to capture packets on your network. To check the interface list, use
following command: snort -W
Finding an interface You can tell which interface to use by looking at the Index number and
finding Microsoft. As you can see in the above example, the other interfaces are for VMW
are.Myinterface is 3.
9. To run snort in IDS mode, you will need to configure the file ―snort.conf‖ according to your
network environment.
10. To specify the network address that you want to protect in snort .conffile, look for the
following line. varHOME_NET192.168.1.0/24 (You will normally see any here)
11. You may also want to set the addresses of DNS_SERVERS, if you have some on your
network.

Example:
Example snort
12. Change the RULE_PATH variable to the path of rules folder. var RULE_PATH
c:\snort\rules path to rules
13. Change the path of all library files with the name and path on your system. And you must
change the path of snort_dynamic preprocessor variable. C:\Snort\lib\snort_dynamic
preprocessor You need to do this to all library files in the ―C:\Snort\lib‖ folder. The old path
might be: ―/usr/local/lib/…‖.you will need to replace that path with your sy stem path. Using
C:\Snort\lib
14. Change the path of the ―dynamic engine‖ variable value in the ―snort.con f‖ file. Example:
dynamic engine C:\Snort\lib\snort_dynamic engine\sf_engine.dll

15. Addthepathsfor―includeclassification.config‖and―includereference.config‖ files. Include

 c:\snort\etc\classification.config include c:\snort\etc\reference.config
16. Remove the comment(#) on the line to allow ICMP rules, if it is commented w it ha#. Include
$RULE_PATH/icmp.rules
17. You can also remove the comment of ICMP-in for rules comment, if it is commented.
Include $RULE_PATH/icmp-info. rules
18. To add log files to store alerts generated by snort, search for the ―output log‖ test in
snort.conf and add the following line: output alert_fast :snort-alerts.ids
19. Comment (add a #) the whitelist $WHITE_LIST_PATH/white_list.rules and the blacklist
Change the nested_ipinner,\tonested_ipinner#,\
20. Comment out(#) following lines:#preprocess or normalize_ ip4
#preprocessor normalize_ tcp: ipsecn stream# preprocessor normalize_icmp4 #preprocessor
normalize_ip6 #preprocessornormalize_icmp6
21. Save the ―snort.conf‖ file.
22. To start snort in IDS mode, run the following command:
snort-cc:\snort\etc\snort.conf-lc:\snort\log- i3(Note:3isusedformyinterfacecard)

If a log is created, select the appropriate program to open it. You can use WordPad or
NotePad++ to read the file.
To generate Log files in ASCII mode, you can use following command while running snort in
IDS mode: snort-Aconsole-i3-c c:\Snort\etc\snort.conf-lc:\Snort\log-Kascii
23. Scan the computer that is running snort from another computer by using
PINGorNMap(ZenMap).
After scanning or during the scan you can check the snort- alerts. Ids file in the log folder to
ensure it is logging properly. You will see IPaddress disappear. Snort monitoring traffic–
RESULT:
Thus the Intrusion Detection System(IDS) has been demonstrated by using the OpenSource
Snort Intrusion Detection Tool.
 EX.NO:9

NETWOTK MONITORING TOOLS

DATE:

AIM

To achieve the network monitoring tools with the required function and software.

INTROUDCTION:

Networks are the fundamentals behind businesses worldwide. It plays a pivotal role in
serving your employees for administrative purposes and your clients across the continents. The
networks help you keep information in a centralized location - accessible to those who need and
restrict every other inbound request. So how do you provide continuous top-notch end user
experience and maintain your rapidly evolving network? Only by monitoring the availability,
health, and performance of your networks over time with the help of reliable, real-time
network monitoring tools.

Requirements of a network monitoring tool

While selecting a network monitor tool for your IT environment, it is important to weigh in
your current requirements and also your future needs because choosing the right one among
various tools for network monitoring is crucial. Some of the essential elements that a
network monitoring tool requires are:

 Real time monitoring

 Comprehensive monitoring capabilities scalability
 Automation
 User management
Real time monitoring
Learning that your network is down from your end users is the nightmare that every IT admin
tries to avoid. The network monitoring application and its reporting tools must provide
performance insights into your network in real time. This helps you identify performance
hiccups early and avoid potential outages.
Comprehensive monitoring capabilities
Employing individual network monitoring tools for monitoring various network
components such as switches/routers, servers, virtual environment, HCI, applications,
storage devices, etc., and also employing network monitoring tools for Windows and Linux
environments separately is more trouble than help as the tools themselves require constant
management, additional resources, and there is also a certain learning curve associated with
each network monitoring tool. Therefore, the network performance monitoring tools should
support extensive monitoring in a single console.
Scalability
Network scalability is an important aspect to be considered when selecting enterprise
network monitoring tools. A network management tool or network monitoring software
can be called as scalable when it is more adaptable to the changing needs or demands of the
business or users. Scalability helps a network to stay in par with increased productivity,
trends, changing needs and new adaptations. Scalability ensures that the overall network
performance does not significantly degrade, even if the size of the network is increasing.
Businesses also need remote network monitoring tools for managing multiple geographical
locations from one console.
Automation
In network monitoring, automation helps network performance monitoring tools to
react based on threshold values or a set of framed rules/ criteria being met. With
automation, the monitoring network tools can automatically detect and troubleshoot
problems (proactive monitoring), send alert notifications, forecast storage growth, and much
more. When you are monitoring and managing multiple devices in your environment,
automation comes in super handy and saves you ample time and resources, making it an
important usability aspect of your network monitoring solutions.

User Management
User Management helps organizations ensure network security by providing
access to the designated users only. Apart from providing access to users with roles, the
network monitoring tool should also define the scope for users. This helps IT teams with
multiple staffs as it clearly defines their operational boundaries. Network monitoring
tools with the above features are exceptionally benefiting to your business.
Why is ManageEngineOpManager considered one of the
best network monitor tools in the market?

OpManager is a powerful network management and monitoring tool that monitors switches,
routers, servers, WLC, load balancers, VPN, printers, firewalls, VMs, Nutanix environments,
and anything that has an IP and connected to the network - in a single console.

1. top features

2. comprehensive monitoring capabilities

3. customer reviews
Top features:

Comprehensive monitoring capabilities

Switch/Router monitoring

Network switches and routers form the backbone of any IT infrastructure. Any issue
with switch breaks the end user connectivity with the network. Using OpManager, you can
monitor switches, and routers from the likes of Cisco, Juniper, Aruba, ZTE, and many other
vendors for availability, health, and performance in real-time for 2,000+ parameters and
avoid possible network pitfalls. Apart from monitoring switches, OpManager maps switch
ports to devices and monitors the availability of the switch ports.

Network interface monitoring

Network interfaces are one of key performance indicators (KPI) as they help identify
network performance degradation at the earliest. OpManager, the best network monitoring
tool, monitors interfaces using SNMP and provides a single customizable dashboard to view
and analyze bandwidth performance and network traffic for your IT network. You can
monitor interfaces by checking the availability status of interfaces and monitor traffic speed
on the interface, errors, discards, etc. using OpManager.
WLC monitoring

OpManager's multi-vendor WLC monitoring module allows you to keep your

network intact by providing in-depth visibility of your wireless LAN controller (WLC), its
associated service set identifiers (SSIDs) and access points (APs). Cisco's WLC monitoring
tool in OpManager allows direct discovery of Cisco WLC and their associated SSIDs, APs
and helps you monitor the overall performance of your wireless network with the help of
Cisco WLC monitor. The WLC snapshot page provides inventory information, the device
availability status, and other similar information. In addition, knowing the top five access
points based on usage tells you who the top talkers are in your WLC environment, and
custom dials display information on various parameters, including CPU and memory usage.

VPN monitoring
Organizations allow connections into their networks through VPNs for their remote
workforce. These connections can sometimes be compromised, resulting in data theft or
network attacks. With a monitoring tool like OpManager, you can monitor your VPN by
tracking the number of active VPN sessions, VPN tunnel status, and VPN tunnels count in
real time, and also receive instant alerts on VPN connection regularities making your network
secure and keeping your remote productivity issues at bay.
Hybrid environment monitoring

Every organization's network has unique needs, so top-of-the-line networking

technologies are employed to address them. This helps networks deliver business services but
also poses a challenge with monitoring and managing the network. Using multiple network
management tools is not efficient and cost effective. With OpManager, apart from
monitoring switches, servers, etc., you can monitor VMware, Hyper-V, Hypervisors, Cisco
UCS, Nutanix infrastructures, and more, all within a unified console, making it the best
network monitor. Additionally, you can monitor your WAN with Cisco IP SLA using
OpManager.

Mobile application

Access your OpManager's network monitoring and reporting anytime and anywhere
using thenew ManageEngineOpManager mobile application. Available for both Android and
iOS, this lets you visualize your infrastructure, act on the alerts, drill-down to the root cause
of theproblem without having to be physically present in your server room to resolve a fault!

OpManager makes your work easy

Apart from the above, OpManager, your comprehensive network monitoring solution
monitors Windows servers, Linux servers, storage devices, Windows services, processes and
scales upto 30,000 devices out of the box. This network software makes network monitoring
effortless with intelligent automations, ML-based forecasting, and extensive protocol support.
Here are some of OpManager's network monitoring applications:
1. Storage capacity forecasting: With the help of ML-based forecasting techniques, this
network monitoring and reporting software pinpoints when the device storage will
reach 80 percent, 90 percent, and 100 percent of the allocated storage, and helps with
planning purchase decisions.
2. Notification profiles: OpManager lets you notify network faults via Slack channels,
trouble tickets, emails, SMS, and web alarms if they are not acknowledged, so no
alarm goes unnoticed.
3. Alarm Escalation: Alarm escalation rules can be configured for mission-critical
devices such as application servers, so any fault pertaining to availability, health, and
performance is escalated to a higher authority via email or SMS based on user-
defined criteria.
4. Support for multiple vendors: OpManager offers support for more than 53,000
vendor templates, so you can efficiently manage your network devices from vendors
such as Cisco,Juniper, Fortigate, and many more.
5. Support for wide range of protocols: OpManager supports communication protocols
such as ICMP, and LAN management protocols such as SNMP, WMI, CLI, and
more.

6. Discovery Rule Engine: Discovery Rule Engine automatically associates device

templates and rules to network devices as defined by the user, thereby automating
routine tasks, and saving valuable time and resources.

7. In-built troubleshooting tools: OpManager offers multiple tools such as Ping,

SNMP Ping, Proxy Ping, Traceroute, WMI Query Tool, CLI Query Tool, and more
that aid in troubleshooting network issues within OpManager.
8. Dashboards: OpManager provides intuitive dashboards that provide a 360-degree
view of your entire IT infrastructure on one screen, and makes fault identification
 easier.
9. Visualizations: Determine the availability of crucial services in multiple branch
offices with maps and business views. With OpManager, you can easily monitor
remote locations visually, and get alerted in real time before network services are
disrupted.
10. Multi-level thresholds: OpManager offers multi-level thresholds with color codes,
so you can identify show-stopping network faults and promptly take action.

RESULT:

The modules are executed with the commands of network monitoring tool.
 EX.NO:10 (a)

CONFIGURE FIREWALL
DATE:

AIM
To knows the uses of firewall and their uses in windows.

INTRODUCTION

A firewall is a network security device, either hardware or software-based, which monitors

all incoming and outgoing traffic and based on a defined set of security rules it accepts,
rejects or drops that specific traffic. Please refer to the article Introduction of Firewall in
Computer Network for more details. We can configure 2 types of firewalls on Windows on
the basis of firewall provider:

1. Windows Defender (Default firewall).

2. Third-party firewalls.

Configuring Firewall Defender on Windows:

 Step 1: Launch Start from the taskbar.
Step 2: Search “Settings” in the search bar if you do not find the Settings icon in Start menu.

Step 3: In the left pane of Settings, click Privacy & security.

Step 4: Click Windows Security option in Privacy & security menu.

Step 5: Select Firewall & network protection

.
 Step 6: Now Window’s Security window will pop up windows. Here you can verify
whether your Defender firewall is active or not.

Step 7:

Now to configure the firewall according to your requirement, click Advanced settings. You
will be prompted by User Account Control to give administrative access to Windows
Defender to make changes. Click Yes to proceed.
Step 8: Windows Defender Firewall with Advanced Security window will launch after giving
administrative permission.

Step 9: The left pane has several options:

o Inbound rules: Programs, processes, ports can be allowed or denied the

incoming transmission of data within these inbound rules.

o Outbound rules: Here we can specify whether data can be sent outwards by
that program, process, or port.
Step 10: To add a new inbound rule, select Inbound Rules option, then click New
Rule… from the right pane.
Step 11: Now we will configure an inbound rule for a network port. A New Inbound Rule
Wizard window pops-up, select Port option and click next.
Step 12: Now select TCP and specify port number 65000.

Step 13: Now we can select the action we need to take on this port. We will block the
inbound connection by selecting Block the connection option then click Next.
Step 14: Here we can specify when this rule should come into action. We will keep only
Public option selected and move Next.

Step 15: This is the last step. Here we provide a name to this rule so that we can keep track of
it later in the Inbound rules list. Write the name ―65000 Port Block (Public)‖. Click Finish.
Step 16: The inbound rule is successfully created. We can find ―65000 Port Block (Public)‖
in the Inbound rules list.

Step 17: Right-click the rule we just created and there are multiple options with which it can
be Disabled or Deleted.

Firewall can be configured on Windows in the above-mentioned way.

RESULT:

We protect our system with the properties of firewall in windows.

EX.NO:10 (b)

CONFIGURE VPN
DATE:

AIM:
To knows the uses of VPN and functionality with application
PROCEDURE:
Step 1: Line up key VPN components. ...
Step 2: Prep devices. ...
Step 3: Download and install VPN clients. ...
Step 4: Find a setup tutorial. ...
Step 5: Log in to the VPN. ...
Step 6: Choose VPN protocols. ...
Step 7: Troubleshoot. ...
Step 8: Fine-tune the connection.

Configuring a Virtual Private Network (VPN) involves setting up a secure and

encrypted connection between your device and a remote server. VPNs are commonly used
to enhance online privacy, security, and anonymity. Below, I'll provide a general overview
of how to configure a VPN:

1. Choose a VPN Service: Start by selecting a reputable VPN service provider. There
are many options available, such as NordVPN, Express VPN, CyberGhost, and
many more. Subscribe to the VPN service and follow their setup instructions.
2. Download and Install the VPN Client: Most VPN services offer dedicated apps for
various platforms, including Windows, macOS, iOS, Android, and Linux. Download
the appropriate VPN client for your device, and install it.
3. Launch the VPN Client: Open the VPN client on your device. You may need to log
in using your VPN service credentials.
4. Connect to a VPN Server: In the VPN client, choose a server location to which you
want to connect. VPN services typically offer servers in various countries. Your
choice of server location may affect your internet speed and the websites or services
you can access.
5. Optional Configuration Settings: VPN clients often provide advanced settings that
 you can configure to meet your specific needs. These settings might include the VPN
protocol (e.g., OpenVPN, L2TP, or IKEv2), a kill switch to stop internet traffic if the
VPN connection drops, split tunneling to specify which apps or websites use the
VPN, etc. Configure these settings according to your requirements.
6. Connect to the VPN: Click or tap the "Connect" or "Start" button in the VPN clientto
establish a connection to the selected server. Once the connection is established, your
internet traffic will be encrypted and routed through the VPN server.
7. Verify Your Connection: You can verify that your VPN connection is active by
visiting a website like "WhatIsMyIP" to confirm that your IP address is now
associated with the VPN server location.

8. Use the Internet Securely: Your internet activity is now encrypted and secure. You
can access blocked content, enhance your privacy, and protect your data from
eavesdropping on public Wi-Fi networks.
9. Disconnect from the VPN: When you're finished using the VPN, disconnect from the
server by using the VPN client.
10. Customize Your Experience: Some VPN services offer additional features, such as
ad-blocking, anti-malware, and more. Explore your VPN service's features to see how
you can tailor your VPN experience.

It's essential to choose a trusted VPN service, as they have access to your internet traffic. Be
sure to read their privacy policy and terms of service to understand their data handling
practices. Additionally, keep your VPN software and device operating system up to date to
ensure the highest level of security.

Architecture of VPN
Surfshark VPN Options and Features

1. CleanWeb

Clean Web was able to block ads that managed to slip even past our regular ad blockers.
2. MultiHop

The MultiHop option provides some additional security but does have a negative
impact on your internet speeds. After all, your traffic has to go through two VPN servers
instead of one.

3. White lister
The Whitelister for apps and websites allows you to connect to specific apps and
websites you trust using your own IP address instead of that of the VPN server (split
tunneling).

4. Surfshark Alert
Surfshark Alert is an option you can use that will notify you when your email or
passwords might be in danger of being compromised.

5. Surfshark Search
Surfshark Search is Surfshark’s answer to the anonymous search engine
DuckDuckGo. However, both Surfshark Alert and Surfshark Search are paid expansions of
the normal Surfshark subscription.
6. Surfshark VPN for torrenting
Surfshark has specialized P2P servers that help you download torrents securely. You
don’t have to manually select these servers: they are automatically activated when you open
a torrenting program.

7. Camouflage Mode
Camouflage Mode is Surfshark’s version of obfuscation technology. It’s primarily
designed to disguise your VPN traffic to bypass any content filtering and make it more
difficult to monitor your activities. It runs automatically when you pick OpenVPN (TCP or
UDP) as its protocol.

8. No Borders Mode -
No Borders Mode is a mode in which you can use Surfshark and access the internet
freely even in restrictive regions. When Surfshark detects any kind of restrictions on your
network, it automatically enables the No Borders mode. This gives you a selected list of
servers that perform well despite network restrictions.

9. GPS spoofing
Recently, Surfshark has added a GPS spoofing function to its service. GPS spoofing
allows you to change your virtual location, even when it isn’t based on your IP address.
Surfshark’s GPS spoofing option is only available on Android for now.

10. Kill Switch

A kill switch is an essential security feature for any VPN. It instantly ―kills your
internet connection if your VPN stops working for whatever reason. This prevents data
leaks (like your IP address) and keeps you protected when your VPN falters. Surfshark
offers a kill switch on Windows, macOS, iOS, and Android. You can turn it on by going
into the settings in the Surfshark app.

Logging and privacy

Surfshark has a ―no-logs’’ policy. They have made every effort to require as little
personal information from you as possible for your VPN to work. Secondly, Surfshark —
like most VPNs — requires certain information to monitor their service.
CONCLUSION:
Furthermore, Surfshark recently switched to a RAM-only server network, which
means that there is no longer any data on physical servers. This form of storage also ensures
that data is automatically deleted when you disconnect. Your data will therefore only be
stored temporarily and cannot be retrieved afterward. In addition, Surfshark is one of the
first VPNsto offer two-factor authentication (2FA).

RESULT:

The modules are executed successfully with VPN application.