EX.

NO: 06

DATE:

Demonstrate how to provide secure data storage, secure data transmission and for creating
digital signatures (GnuPG)

Aim:
To demonstrate how to provide secure data storage, secure data transmission and how to
create digital signatures Using GPA

Procedure:

i) Generate the Key

1. Open GPA (GNU Privacy Assistant) from StartGPA.

2. Open Key Manager, by selecting WindowKeyring Manager.

3. Select New Key, by selecting KeysNew key.

4. Generate key by Selecting Algorithm, Key Size and specify Name, Email also check
Expires if you want to specify key expiry date and Click Ok.

5. Enter ‘passphrase’ a secret key to protect your keys. (ex: cnslab)

6. Re-enter ‘passphrase’ to confirm.

7. If the ‘passphrase’ is not strength, a dialog will be shown.Click “Take this one anyway”
if you do not want to change phrase key. Otherwise if you want to change the
“passphrase”, click “Enter new passphrase”.

8. Repeat steps 1 to 8 to create keys for another user. (Ex:receiver@gmail.com)

ii) Encrypt and Sign Text

1. Open GPA (GNU Privacy Assistant) from StartGPA.

2. Type the message to encrypt and sign in Clipboard.

 3. Click Encrypt, in the tool bar,

4. Select the public key of the receiver to Encrypt and for sign select the sender
private key. And click Ok.

5. Enter the ‘passphrase’ keyword of the sender.

6. The Encrypted and signed message will be shown,

7. Copy and save the encrypted message in text file.(message.txt)

iii) Decrypt and verify Message received.

1. Open GPA (GNU Privacy Assistant) from StartGPA.

2. Under Clipboard paste the content of the message.txt.

 3. Click Decrypt menu in tool bar,

4. Enter the receivers “passphrase” to decrypt the message.

The Decrypted message will be shown in, GNU Privacy assistant – Clipboard

Result:

Thus the demonstration to provide secure data storage, secure data transmission and to
create digital signatures is done successfully and output is verified.
EX.NO: 07

DATE:

SETUPA HONEY POT AND MONITOR THE HONEYPOT ON NETWORK

Aim:

To demonstrate and set up a Honeypot and Monitor the Honeypot on the given network

Steps to Install KF-Sensor and Honeypot Setup:

Honey Pot is a device placed on Computer Network specifically designed to capture malicious
network traffic.

KF Sensor is the tool to setup as honeypot when KF Sensor is running it places a siren icon in the
windows system tray in the bottom right of the screen. If there are no alerts then green icon is
displayed.

 Download KF Sensor Evaluation Set File from KF Sensor Website. Install with
License Agreement and appropriate directory path. Reboot the Computer now.

 The KF Sensor automatically starts during windows boot Click Next to setup
wizard. Select all port classes to include and Click Next.

 Send the email and Send from email enter the ID and Click Next.

 Select the options such as Denial of Service [DOS], Port Activity, Proxy
Emulsion, Network Port Analyzer, Click Next.

 Select Install as System service and Click Next.

 Click finish.
Result:

Thus the demonstration to set up a Honeypot and Monitor the Honeypot on the given
network using KF-Sensor is done successfully and output is verified.
EX.NO: 08

DATE:

PERFORM WIRELESS AUDIT ON AN ACCESS POINT OR A ROUTER AND

DECRYPT WEP AND WPA (NET STUMBLER)

Aim:

To perform wireless audit on an access point or a router and decrypt WEP and WPA using
Net Stumbler

Steps to be followed:

1. Download and install Netstumbler from http://www.netstumbler.com/downloads/

2. It is highly recommended that your PC should have wireless network card in order to access

Wireless router

Fig. Net Stumbler (Home Page)

3. Now Run Netstumbler in record mode and configure wireless card.

4. There are several indicators regarding the strength of the signal, such as GREEN indicates
Strong, YELLOW and other color indicates a Weaker signal, RED indicates a Very Weak and
GREY indicates a Signal Loss.

5. Lock symbol with GREEN bubble indicates the Access point has encryption enabled.
6. MAC assigned to Wireless Access Point is displayed on right hand pane.

7. The next column displays the Access Points Service Set Identifier [SSID] which is useful to
crack the password.

8. To decrypt use Wireshark tool by selecting Edit Preferences IEEE 802.11

9. Enter the WEP keys as a string of hexadecimal numbers as A1B2C3D4E5

Fig. List of Wireless Network

Fig. Key in IEEE 802.11

Adding Keys: Wireless Toolbar

In using the Windows version of Wireshark and you have an AirPcap adapter you can add
decryption keys using the wireless toolbar. If the toolbar isn’t visible, you can show it by
selecting View Wireless Toolbar. Click on Decryption keys button on the toolbar.

Fig. Decryption Keys tab in Wireshark Tool

This will open the decryption key management window. As shown in the window you can select
between three decryption modes: None, Wireshark and Driver.

Result:

Thus the demonstration to set up and to perform wireless audit on an access point or a
router and decrypt WEP and WPA using Net Stumbler
EX.NO: 09

DATE:

INSTALL ROOTKITS AND STUDY VARIETY OF OPTIONS

Aim:

To Study about installing rootkits and variety of options available for rootkits

Rootkit is a stealth type of malicious software designed to hide the existence of certain process
from normal methods of detection and enables continued privileged access to a computer.

 Download Rootkit Tool from GMER website. www.gmer.net

 This displays the Processes, Modules, Services, Files, Registry,

RootKit/Malwares, Autostart, CMD of local host.

 Select Processes menu and kill any unwanted process if any. Modules menu
displays the various system files like .sys, .dll

 Services menu displays the complete services running with Autostart, Enable,
Disable, System, and Boot.

 Files menu displays full files on Hard-Disk volumes.

 Registry displays Hkey_Current_user and Hkey_Local_Machine.

Rootkits/Malawares scans the local drives selected.

 Autostart displays the registry base Autostart applications.

 CMD allows the user to interact with command line utilities or Registry.
Result:

Thus the study installing rootkits and variety of options available for rootkits is done
successfully

EX.NO: 10
DATE:

DEMONSTRATE INTRUSION DETECTION SYSTEM (IDs) USING ANY TOOL

(SNORT OR ANY OTHER S/W)

Aim:

To understand the execute various commands using snort for setting up Network intrusion
detection and prevention techniques

To know the version of snort installed

C:\Snort\bin>snort -V

,,_ -*> Snort! <*-

o" )~ Version 2.9.9_beta-WIN32 GRE (Build 35)

'''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team

Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.

Copyright (C) 1998-2013 Sourcefire, Inc., et al.

Using PCRE version: 8.10 2010-06-25

Using ZLIB version: 1.2.3

To verify that Snort is installed and running correctly you can run a couple of commands
from the Command Prompt

C:\Snort\bin>snort.exe -W

,,_ -*> Snort! <*-

o" )~ Version 2.9.9_beta-WIN32 GRE (Build 35)

'''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team

Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.

Copyright (C) 1998-2013 Sourcefire, Inc., et al.

Using PCRE version: 8.10 2010-06-25

Using ZLIB version: 1.2.3

Index Physical Address IP Address Device Name Description

 1 00:00:00:00:00:00 0000:0000:fe80:0000:0000:0000:b511:ba30 \Device\

NPF_{11A184BB-300E-4976-8AD9-32E2A2A8598A} Realtek RTL8139/810x Family Fast

Ethernet NIC

To set fast alert mode, write the alert in a simple format with a timestamp, alert message, source
and destination IPs/ports

C:\Snort\bin>snort -A fast

Various Commands for snort:

Options:

-A Set alert mode: fast, full, console, test or none (alert file alerts only)

-b Log packets in tcpdump format (much faster!)

-B <mask> Obfuscated IP addresses in alerts and packet dumps using CIDR mask

-c <rules> Use Rules File <rules>

-C Print out payloads with character data only (no hex)

-d Dump the Application Layer

-e Display the second layer header info

-E Log alert messages to NT Eventlog. (Win32 only)

-f Turn off fflush() calls after binary log writes

-F <bpf> Read BPF filters from file <bpf>

-G <0xid> Log Identifier (to uniquely id events for multiple snorts)

-h <hn> Home network = <hn>

-H Make hash tables deterministic.

-i <if> Listen on interface <if>

-I Add Interface name to alert output

-k <mode> Checksum mode (all,noip,notcp,noudp,noicmp,none)

-K <mode> Logging mode (pcap[default],ascii,none)

-l <ld> Log to directory <ld>

 -L <file> Log to this tcpdump file

-n <cnt> Exit after receiving <cnt> packets

-N Turn off logging (alerts still work)

-O Obfuscate the logged IP addresses

-p Disable promiscuous mode sniffing

-P <snap> Set explicit snaplen of packet (default: 1514)

-q Quiet. Don't show banner and status report

-r <tf> Read and process tcpdump file <tf>

-R <id> Include 'id' in snort_intf<id>.pid file name

-s Log alert messages to syslog

-S <n=v> Set rules file variable n equal to value v

-T Test and report on the current Snort configuration

-U Use UTC for timestamps

-v Be verbose

-V Show version number

-W Lists available interfaces. (Win32 only)

-X Dump the raw packet data starting at the link layer

-x Exit if Snort configuration problems occur

-y Include year in timestamp in the alert and log files

-Z <file> Set the performonitor preprocessor file path and name

-? Show this information

Result:

Thus the execution of various commands using snort for setting up Network intrusion detection
and prevention techniques is done successfully and output is verified.