EX.No.

: 3 IMPLEMENT MESSAGE DIGEST ALGORITHM (MD5)

AIM:
Develop a program to implement Message Digest Algorithm.

ALGORITHM DESCRIPTION:

The MD5 message-digest algorithm is a widely used cryptographic hash

function producing a 128-bit (16-byte) hash value, typically expressed in
text format as a 32-digit hexadecimal number.
MD5 has been utilized in a wide variety of cryptographic applications and
is also commonly used to verify data integrity

PROGRAM:

import

java.util.*; class

md5Alg

/* initialize variables A,B,C,D */

private static final int INIT_A = 0x67452301;

private static final int INIT_B =

(int)0xEFCDAB89L; private static final int

INIT_C = (int)0x98BADCFEL; private static

final int INIT_D = 0x10325476;

/* per-round shift amounts */

private static final int[] SHIFT_AMTS = { 7, 12,

17, 22, 5, 9, 14, 20, 4, 11, 16, 23, 6, 10, 15, 21 };

/* binary integer part of sin's of integers (Radians) as

constants */ private static final int[] TABLE_T = new

int[64];

static

{
for (int i = 0; i < 64; i++) for (int i = 0; i < numBlks; i
++)
{
{
TABLE_T[i] = (int)(long)((1L << 32) * Math.abs(Math.sin(i +
1)));

}
}
/* compute message digest (hash value)
*/
public static byte[] computeMd5(byte[]
msg)
{
int msgLenBytes = /* msg length (bytes)
msg.length; */
long msgLenBits = (long)msgLenBytes << /* msg length (bits)
3; */
int numBlks = ((msgLenBytes + 8) >>> 6) /* number of
+ 1; blocks */
int totLen = numBlks << 6; /* total length */
byte[] padB = new byte[totLen -
msgLenBytes]; /* padding bytes */
/* pre-processing with padding */
padB[0] = (byte)0x80;
for (int i = 0; i < 8; i++)
{
padB[padB.length - 8 + i] =
(byte)msgLenBits;
msgLenBits >>>= 8;
}
int a = INIT_A;
int b = INIT_B;
int c = INIT_C;
int d = INIT_D;
int[] buf = new int[16];
int idx = i << 6;

for (int j = 0; j < 64; j++, idx++)

buf[j >>> 2] = ((int)((idx < msgLenBytes) ? msg[idx] : padB[idx - msgLenBytes]) <<

24) | (buf[j >>> 2] >>> 8);

/* initialize hash value for this chunk */ int origA = a;

int origB = b; int origC = c; int origD = d;

for (int j = 0; j < 64; j++)

int div16 = j >>> 4; int f = 0;

int bufIdx = j; /* buf idx */ switch (div16)

case 0:

f = (b & c) | (~b & d); break;

case 1:

f = (b & d) | (c & ~d);

bufIdx = (bufIdx * 5 + 1) & 0x0F;

break;

case 2:

{
f = b ^ c ^ d;

bufIdx = (bufIdx * 3 + 5) &

0x0F; break;

case 3:

f = c ^ (b | ~d);

bufIdx = (bufIdx * 7) &

0x0F; break;

/* left rotate */

int temp = b + Integer.rotateLeft(a + f + buf[bufIdx] +

TABLE_T[j], SHIFT_AMTS[(div16 << 2) | (j & 3)]);

a =

d; d

= c;

c =

b;

b = temp;

/* add this chunk's hash to result

so far */ a += origA;
b +=

origB; c

+= origC;
d += origD; public static
void main
}
(String[] args)
byte[] md5 = new throws
java.lang.Except
byte[16]; int cnt = 0; ion

for (int i = 0; i < 4; i++) {

{ String msg =
"hello world";
int n = (i == 0) ? a : ((i == 1) ? b : ((i == 2) ? c :

d)); for (int j = 0; j < 4; j++)

md5[cnt++] =

(byte)n; n >>>= 8;

return md5;

public static String toHexString(byte[] b)

StringBuilder sb = new

StringBuilder(); for (int i = 0; i <

b.length; i++)

sb.append(String.format("%02x", b[i] & 0xFF));

return sb.toString();

}
System.out.println("simulation of MD5

algorithm"); System.out.println("input msg : "

+ msg);

System.out.println("md5 hash : " + toHexString(computeMd5(msg.getBytes())));

stdin:

Standard input is empty

stdout:

simulation of MD5

algorithm input msg :

hello world

md5 hash : 5eb63bbbe01eeed093cb22bb8f5acdc3

RESULT:
Thus the program was executed and verified successfully.
 EX.No.: 4 IMPLEMENT SECURE HASH FUNCTION (SHA)

AIM:

Develop a program to implement Secure Hash Algorithm (SHA-1)

ALGORITHM DESCRIPTION:

Secured Hash Algorithm-1 (SHA-1):

Step 1: Append Padding Bits….

Message is “padded” with a 1 and as many 0’s as necessary

to bring the message length to 64 bits less than an even multiple of 512.

Step 2: Append Length....

64 bits are appended to the end of the padded message. These

bits hold the binary format of 64 bits indicating the length of the original
message.

Step 3: Prepare Processing Functions….

SHA1 requires 80 processing functions defined as:

f(t;B,C,D) = (B AND C) OR ((NOT B) AND D) ( 0 <= t <= 19)
(20 <= t <=
f(t;B,C,D) = B XOR C XOR D 39)
f(t;B,C,D) = (B AND C) OR (B AND D) OR (C AND D) (40 <= t<=59)
f(t;B,C,D) = B XOR C XOR D (60 <= t <= 79)
Step 4: Prepare Processing Constants....
SHA1 requires 80 processing constant words defined as:

K(t) = 0x5A827999 ( 0 <= t <= 19)

K(t) = 0x6ED9EBA1 (20 <= t <= 39)
K(t) = 0x8F1BBCDC (40 <= t <= 59)
K(t) = 0xCA62C1D6 (60 <= t <= 79)
Step 5: Initialize Buffers….
SHA1 requires 160 bits or 5 buffers of words (32 bits):

H0 = 0x67452301
H1 = 0xEFCDAB89
H2 = 0x98BADCFE
H3 = 0x10325476
H4 = 0xC3D2E1F0
Step 6: Processing Message in 512-bit blocks (L blocks in total message)….
This is the main task of SHA1 algorithm which loops through the
padded and appended message in 512-bit blocks.
Input and predefined functions: M[1, 2, ..., L]: Blocks of the padded and appended
message f(0;B,C,D), f(1,B,C,D), ..., f(79,B,C,D): 80 Processing
Functions K(0), K(1), ...,
K(79): 80 Processing Constant Words

H0, H1, H2, H3, H4, H5: 5 Word buffers with initial values

Step 7: Pseudo Code….

▪ For loop on k = 1 to L
(W(0),W(1),...,W(15)) = M[k] /* Divide M[k] into 16
words */ For t = 16 to 79 do:
▪ W(t) = (W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16))
<<< 1 A = H0, B = H1, C = H2, D = H3, E = H4
For t = 0 to 79 do:
▪ TEMP = A<<<5 + f(t;B,C,D) + E + W(t) + K(t) E = D, D = C,
▪C = B<<<30, B = A, A = TEMP
End of for loop
H0 = H0 + A, H1 = H1 + B, H2 = H2 + C, H3 = H3 + D, H4 = H4
+ E End of for loop

Output:

H0, H1, H2, H3, H4, H5: Word buffers with final message digest

PROGRAM :

import
java.security.*;
public class SHA1 {
public static void
main(String[] a) { try {
MessageDigest md =
MessageDigest.getInstance("SHA1");
System.out.println("Message digest object info: ");
System.out.println(" Algorithm = "
+md.getAlgorithm()); System.out.println(" Provider
= " +md.getProvider()); System.out.println("
ToString = " +md.toString());
String input = "";
md.update(input.getByte
s()); byte[] output =
md.digest();
System.out.println();
System.out.println("SHA1(\""+input+"\") = "
+bytesToHex(output)); input = "abc";
md.update(input.getByte
s()); output = md.digest();
System.out.println();
System.out.println("SHA1(\""+input+"\") = "
+bytesToHex(output)); input =
"abcdefghijklmnopqrstuvwxyz";
md.update(input.getBytes());
output =
md.digest();
System.out.printl
n();
System.out.println("SHA1(\"" +input+"\") = "
+bytesToHex(output)); System.out.println(""); }
catch (Exception e) {
System.out.println("Exception:
" +e);
}
}
public static String bytesToHex(byte[] b) {
char hexDigit[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D',
'E', 'F'}; StringBuffer buf = new StringBuffer();
for (int j=0; j<b.length; j++) {
buf.append(hexDigit[(b[j] >> 4) &
0x0f]); buf.append(hexDigit[b[j] &
0x0f]); } return buf.toString(); }
}

OUTPUT:

C:\Program Files\Java\jdk1.6.0_20\bin>javac
SHA1.java C:\Program
Files\Java\jdk1.6.0_20\bin>java SHA1 Message
digest object info:
Algorithm = SHA1
Provider = SUN version
1.6
ToString = SHA1 Message Digest from SUN, <initialized>
SHA1("") =
DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA1("abc") =
A9993E364706816ABA3E25717850C26C9CD0D89D
SHA1("abcdefghijklmnopqrstuvwxyz") =
32D10C7B8CF96570CA04CE37F2A19D84240D3A89

RESULT:
Thus the program was executed and verified successfully.
 EX.No.: 5 IMPLEMENT DIGITAL SIGNATURE SCHEME

AIM:

To write a program to implement the digital signature scheme in java

PROGRAM :

import java.util.*;

import

java.math.BigInteger;

class dsaAlg

final static BigInteger one = new

BigInteger("1"); final static BigInteger zero =

new BigInteger("0"); /* incrementally tries

for next prime */

public static BigInteger getNextPrime(String ans)

BigInteger test = new

BigInteger(ans); while

(!test.isProbablePrime(99))

test = test.add(one);

return test;

/* finds largest prime factor of n */

public static BigInteger findQ(BigInteger n)

BigInteger start = new

BigInteger("2"); while

(!n.isProbablePrime(99))
{

while (!((n.mod(start)).equals(zero)))

start = start.add(one);

n = n.divide(start);

return n;

/* finds a generator mod p */

public static BigInteger

getGen(BigInteger p, BigInteger q,

Random r)

BigInteger h = new BigInteger(p.bitLength(), r);

h = h.mod(p);

return h.modPow((p.subtract(one)).divide(q), p);

public static void main (String[] args) throws java.lang.Exception

Random randObj = new Random();

/* establish the global public key components */

BigInteger p = getNextPrime("10600"); /* approximate prime */

BigInteger q = findQ(p.subtract(one));
BigInteger g =

getGen(p,q,randObj); /* public

key components */

System.out.println("simulation of Digital Signature Algorithm");

System.out.println("global public key components are:");

System.out.println("p is: " + p);

System.out.println("q is: " + q); System.out.println("g is:

" + g); /* find the private key */

BigInteger x = new BigInteger(q.bitLength(), randObj); x = x.mod(q);

/* corresponding public key */ BigInteger y =

g.modPow(x,p); /* random value message */

BigInteger k = new BigInteger(q.bitLength(), randObj); k = k.mod(q);

/* randomly generated hash value and digital signature */ BigInteger r =

(g.modPow(k,p)).mod(q); BigInteger hashVal = new BigInteger(p.bitLength(),

randObj); BigInteger kInv = k.modInverse(q);

BigInteger s = kInv.multiply(hashVal.add(x.multiply(r))); s = s.mod(q);

/* secret information */ System.out.println("secret information are:");

System.out.println("x (private) is: " + x); System.out.println("k (secret)

is: " + k); System.out.println("y (public) is: " + y); System.out.println("h

(rndhash) is: " + hashVal); System.out.println("generating digital

signature:"); System.out.println("r is : " + r); System.out.println("s is : " +

s);

/* verify the digital

signature */ BigInteger w =

s.modInverse(q);

BigInteger u1 = (hashVal.multiply(w)).mod(q);

BigInteger u2 = (r.multiply(w)).mod(q);
BigInteger v =

(g.modPow(u1,p)).multiply(y.modPow(u2,p)); v =

(v.mod(p)).mod(q);

System.out.println("verifying digital signature (checkpoints):");

System.out.println("w is : " + w);

System.out.println("u1 is : " +

u1); System.out.println("u2 is

: " + u2);

System.out.println("v is : " +

v); if (v.equals(r))

System.out.println("success: digital signature is verified! " + r);

else

System.out.println("error: incorrect digital signature");

stdin:

Standard input is

empty stdout:

simulation of Digital Signature

Algorithm global public key

components are:
p is: 10601
q is: 53

g is: 3848

secret information

are: x (private) is:

48

k (secret) is: 25

y (public) is: 5885

h (rndhash) is:

8794

generating digital

signature: r is : 4

s is : 16

verifying digital signature

(checkpoints): w is : 10

u1 is : 13

u2 is :

40 v is :

success: digital signature is verified! 4

RESULT:
Thus the program was executed and verified
successfully.
 EX.No.: 6 INSTALL ROOTKITS AND STUDY VARIETY OF OPTIONS

AIM:

Rootkit is a stealth type of malicious software designed to hide the existence of

certain process from normal methods of detection and enables continued
privileged access to a computer

DESCRIPTION :

Root kit is a stealth type of malicious software designed to hide the existence of
certain process from normal methods of detection and enables continued
privileged access to a computer.

Download Rootkit Tool from GMER website. www.gmer.net

This displays the Processes, Modules, Services, Files, Registry,
RootKit/Malwares, Autostart, CMD of local host.
Select Processes menu and kill any unwanted process if any. Modules
menu displays the various system files like .sys, .dll
Services menu displays the complete services running with Autostart,
Enable, Disable, System, Boot.
Files menu displays full files on Hard-Disk volumes.
Registry displays Hkey_Current_user and Hkey_Local_Machine.
Rootkits/Malawares scans the local drives selected.
Autostart displays the registry base Autostart applications.
CMD allows the user to interact with command line utilities or Registry.
RESULT:
Thus the program was executed and verified successfully.
 SETUP A HONEY POT AND MONITOR THE HONEYPOT ON
EX.No.: 7
NETWORK

AIM:
Honey Pot is a device placed on Computer Network specifically designed to
capture malicious network traffic. KF Sensor is the tool to setup as honeypot
when KF Sensor is running it places a siren icon in the windows system tray in
the bottom right of the screen. If there are no alerts then green icon is displayed.

STEPS:

1. Install winpcap library (mandatory for kfsensor)

2.Download kfsensor and install

3.Then restart your pc.Configure properly no change needs to do now go to

setting option and configure according to your attack.

4.Now go to your home screen of kf sensor

5.You will get some logs about clients.And it will start working

KFSensor

Windows based honeypot known as KF Sensor

It detects an incoming attack or port scanning and reports it to you

A machine running KFSensor can be treated as just another server

on the network, without the need to make complex changes to
routers and firewalls.

How KFSensor Woorks?

KFSensor is an Intrusion Detection System.

It performs by opening ports on the machine it is installed on

and waiting for connections to be made to those ports.

By doing this it sets up a target, or a honeypot server, that will record

the actions of a hacker.

Components: KFSensor server

KFSensor Server- Performs core functionality

 It listens to both TCP and UDP ports on the server machine and
interacts with visitors and generates events.
 A daemon that runs at the background (like Unix daemon)

Components: KFSensor Monitor

Interprets all the data and alerts captured by server in graphical form.

Using it you can configure the KFSensor Server and monitor the events
generated by the KFSensor Server.

Sim Server

Sim server is short for simulated server.

It is a definition of how KFSensor should emulate real

server software. There is no limit to the number of Sim

Servers that can be defined.

There are two types of Sim Server available; the Sim Banner and the
Sim Standard Server.

Setting Up a HoneyPot

• You can get educational License from Keyfocus.

• Install WinPCap

– A industry standard network packet capturing library

• Install KFSensor

KFSensor Monitor
Terminology

Visitor

A visitor is an entity that connects to KFSensor.

• Visitors could be hackers, worms, viruses or even legitimate

users that have stumbled onto KFSensor by mistake.

• Visitors can also be referred to as the clients of the services provided

by KFSensor.

Event

• An event is a record of an incident detected by the KFSensor Service.

• For example if a visitor attempts to connect to the simulated web

server then an event detailing the connection is generated.

• Events are recorded in the log file and displayed in the KFSensor monitor.

Editing Scenario
Terminology – Rules

• KFSensor is rules based.

• All of the data that was produced was the result of KFSensor detecting
certain types of activity and then using a rule to determine what type of
action should be taken.

• We can easily modify the existing rules or add your own.

Edit Active Scenario

• To create or modify rules,

– Scenario menu ->select the Edit Active Scenario command ->you

will see a dialog box which contains a summary of all of the
existing rules.

– either select a rule and click the Edit button to edit a rule, or you
can click the Add button to create a new rule.

Adding a rule

• Click the Add button and you will see the Add Listen dialog box.
 – `The first thing that this dialog box asks for is a name. This is just a
name for the rule.

– Pick something descriptive though, because the name that you enter
is what will show up in the logs whenever the rule is triggered.

Download Link

• http://www.keyfocus.net/kfsensor/free-trial/

• Write to support@keyfocus.net and request for educational license

Installing KFSensor

1.Download and install

winpcap 2.Download and

install KFSensor

3. Enable Telnet client, server, Internet Information server in Control Panel->

Programs-> Turn windows features on/off

Check Telnet client, Telnet server, IIS-> FTP (both options),

Convert to Native Service

1. Convert the stroked off services as native

services. *Select Scenario ->Edit Active Scenario

* choose the respective service listed in the dialog box

opened and press convert to native button and ok.

Setting up Server

1. To start the server

• Settings-> Set Up Wizard

• Go through the wizard, give fictitious mail ids when they are asked
and start the server running by pressing the finish button.

2. Kfsensor now start showing the captured information in its window.

FTP Emulation
1. Open command prompt

2. Type
Ftp ipaddress

Enter user name anonymous

Enter any password

Get any file name with path

3. Monitor this ftp access in KFSensor monitor

4. Right click KFSensor entry, select Event details, see the details captured by the
server

5. Create visitor rule by right clicking the FTP entry and check either ignore /
close under actions in the dialog box that opened.

6. Now redo the above said operations at the command prompt and see
how the emulation behaves.

7. You can see/ modify the created rules in Scenario->edit active visitor rules.

SMTP Emulation

1. open command prompt

2. Type

telnet

ipaddress 25

Helo

Mail from:<mail-id>

Rcpt to:<mail-id>

Data
 type contents of mail end that with . in

new line 3. Check the kfsensor for the

captured information.

IIS emulation

1. Create an index.html, store it in c:\keyfocus\kfsensor\files\iis7\wwwroot

2. Select scenario->edit simserver

1. Choose iis and edit

2. Make sure index.html is in first place in the listed htm files in the
dialog box
 3. Check the kfsensor for the captured information.

DOS attack

1. Settings-> DOS attack settings modify (reduce) values in general tab,

ICMP and other tabs. Press ok.

2. Open command prompt and type

Ping ipaddress –t or

Ping –l 65000 ipaddress –t

1. Check the kfsensor for the DOS attack alerts, open event details in right
click menu for further details.

RESULT:
Thus the program was executed and verified successfully.
 PERFORM WIRELESS AUDIT ON AN ACCESS POINT OR A
EX.No.: 8
ROUTER AND DECRYPT WEP AND WPA

AIM:
NetStumbler (also known as Network Stumbler) aircrack on ubuntu is a
tool for windows that facilitates detection of Wireless LANs using the 802.11b,
802.11a and 802.11g WLAN standards. It is one of the Wi-Fi hacking tool which
only compatible with windows; this tool also a freeware. With this program, we
can search for wireless network which open and infiltrate the network. It’s
having some compatibility and network adapter issues.

DESCRIPTION :

NetStumbler (Network Stumbler) is one of the Wi-Fi hacking tool which

only compatible with windows, this tool also a freeware.
With this program, we can search for wireless network which open
and infiltrate the network.
Its having some compatibility and network adapter issues.

Download and install Netstumbler

It is highly recommended that your PC should have wireless network
card in order to access wireless router.
Now Run Netstumbler in record mode and configure wireless card.
There are several indicators regarding the strength of the signal, such as
GREEN indicates Strong, YELLOW and other color indicates a weaker
signal, RED indicates a very weak and GREY indicates a signal loss.
Lock symbol with GREEN bubble indicates the Access point has
encryption enabled. MAC assigned to Wireless Access Point is displayed
on right hand pane.
The next column displays the Access points Service Set Identifier[SSID]
which is useful to crack the password.
 To decrypt use WireShark tool by selecting Edit preferences IEEE
802.11
Enter the WEP keys as a string of hexadecimal numbers as A1B2C3D4E5

Adding Keys: Wireless Toolbar

If you are using the Windows version of Wireshark and you have an
AirPcap adapter you can add decryption keys using the wireless
toolbar.
 If the toolbar isn't visible, you can show it by selecting
View->Wireless Toolbar. Click on the Decryption Keys. button on
the toolbar:

Prepared By CS6711 – Security

lab
Mrs.N.Deepa, AP/CSE, GKMCET. 2016-2017
 This will open the decryption key management window.
As shown in the window you can select between three decryption
modes: None, Wireshark, and Driver:

RESULT:
Thus the program was executed and verified successfully.
 DEMONSTRATE INTRUSION DETECTION SYSTEM (IDs)
USING
EX.No.: 9
ANY TOOL (SNORT OR ANY OTHER S/W)

AIM:
Snort is an open source network intrusion detection system (NIDS) has the
ability to perform real-time traffic analysis and packet logging on internet
protocol (IP) networks. Snort performs protocol analysis, content searching and
matching. Snort can be configured in three main modes: sniffer, packet logger,
and network intrusion detection.

Description:

Snort Installation Steps

Getting and Installing Necessary
Tools Installaing Packages
Snort:
<Snort_2_9_8_2_installer.exe>
WinPcap: <WinPcap_4_1_3.exe>
Snort rules:
<snortrules-snapshot-2982.tar.gz>
Once Completed
1.Change the Snort program
directory: <c:\cd \Snort\bin
2.Check the installed version for
Snort: <c:\Snort\bin> snort -V
3.Check to see what network adapters are on
your system <c:\Snort\bin> snort -W>
Configure Snort with snort.conf
<snort.conf> is located in
<c:\Snort\ect> Contains nine steps:
1.Set the network variables
a. Change <HOME_NET> to your home network IP address range
<10.6.2.1/24>
b. Change <EXTERNAL_NET> to <!$HOME_NET>
This expression means the external network will be defined as - any IP
not part of home network
c. Check for <HTTP_PORTS>
d. Change var <RULE_PATH> - actual path of rule files. i.e <c:\Snort\rules>
e. Change var <PREPROC_RULE_PATH> - actual path of preprocessor
rule files i.e <c:\Snort\preproc_rules>
f. Comment <#> <SO_RULE_PATH> - as windows Snort doesn't use
shared object rules
g. Configure trusted <white.list> and untrusted <black.list> IP
address - reputation preprocessor
2.Configure the decoder
a. No changes in this part
b. Set the default directory for Snort logs i.e
<c:\Snort\logs> 3.Configure the base detection
engine
a. No changes in this part
4.Configure dynamic loaded
libraries
a. Change the dynamic loaded library path references
i.e. <dynamicpreprocess direc
c:\Snort\lib\snort_dynamicpreprocessor> i.e. <dynamicengine
direc c:\Snort\lib\snort_dynamicengine\sf_engine.dll>
b. Comment out <dynamicdetection directory>
declaration 5.Configure preprocessors
a. Many Preprocessors are used by Snort - Check Snort manual before
setting them.
b. Comment on <inline packet normalization
preprocessor> This preprocessor is used when
Snort is in-line IPS mode>
c. For general purpose Snort usage - check these preprocessors are active
frag3
stream5
http_inp
ect
ftp_telne
t smtp
dn
s
ssl
sensitive_data
6.Confgiure output
plugins
a. Be default Snort uses only one output plugings - <default:unified2>
b. Want to use Syslog output pluging - activate it by
uncommenting. 1. Uncomment and edit the syslog output
line
<output alert_syslog: host=127.0.0.1:514, LOG_AUTH
LOG_ALERT> Note: If you are going to use syslog - install
<Syslog Server>
c. Uncomment metadata reference lines
<include classification.config and include
reference.config> 7.Customise your rule set
a. Initial test, reduce the number of rules loaded at start-up, uncomment
<local.rules>
b. First time users, comment most of include statements.
8.Customise preprocessor and decoder
rule set a. Uncomment the first two
lines in Step 8
<include
$PREPROC_RULE_PATH\preprocessor.rules>
<include $PREPROC_RULE_PATH\decoder.rules>
b. If you enables the sensitive_data preprocessor <step 5>
uncomment <include
$PREPROC_RULE_PATH\sensitive-data.rules>
c. Make sure rules you declare - available in
<c:\Snort\preproc_rules> 9.Customise shart object rule set
a. Comment on lines
b. Uncomment <include
threshold.conf> Generating Alerts
This is for validation of Snort
1. Open <local.rules> in a text editor
2. Start typing this:
<alert icmp any any -> any any (msg:"ICMP Testing Rule";
sid:1000001; rev:1;) <alert tcp any any -> any 80 (msg:"TCP Testing
Rule"; sid:1000002; rev:1;) <alert udp any any -> any any (msg:"UDP
Testing Rule"; sid:1000003; rev:1;) 3. Save as <local.rules>
4. Open <CMD> and run it as <ADMINISTRATOR>
5. Start Snort <c:\Snort\bin> snort -i 2 -c c:\Snort\etc\snort.conf -A console
6. Open <CMD> no need to be an ADMINISTRATOR
7. Send a <PING> command to your local gateway: <c:\> ping 10.6.0.1>
8. Open a web browser and browse to any web page
You can see the alerts Snort produces and shows it in First terminal.
RESULT:
Thus the program was executed and verified successfully.