NETWORK SECURITY LAB

NETWORK SECURITY
LAB MANNUAL

FOR VI SEMESTER Computer Science & Engineering Students

BY
Mr. G.RAVINDRAKUMAR
HEAD OF COMPUTER SCIENCE DEPARTMENT
COMPUTER SCIENCE & ENGG. DEPARTMENT

ADARSHA POLYTECHNIC

R.T.NAGAR, BANGALORE
FOR ANY QUERIES CONTACT TO
email: apt365@gmail.com

Mr. N.G SEETHARAMU

Principal,
Adarsha Polytechnic

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
1. LEARN TO INSTALL WINE / VIRTUAL BOX OR ANY OTHER EQUIVALENT
SOFTWARE ON THE HOST OS.

Virtualization is the process of emulating hardware inside a virtual machine.

Virtualization can include the following:

 Application Virtual Machines.
 Mainframe Virtual Machines.
 Parallel Virtual Machines.
 Operating System Virtual Machines.

Download the latest version of Sun Virtual Box from the website.
The installation steps are
1. Double Click on Virtual Box Executable File.
2. Welcome to the Oracle VM appears [Setup Wizard] Click Next.
3. Custom Setup Screen with all the features of VM appears Click Next.
4. Options to create shortcut on Desktop and Quick launch bar Click Next.
5. Ready to Install Click on Install button.
6. Click Finish Start Oracle VM Virtual Box.
And now install any kind of Operating Systems as Guest Operating System.
The Configuration of Guest OS is shown below.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
 Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
1. PERFORM AN EXPERIMENT TO GRAB A BANNER WITH TELNET AND PERFORM
THE TASK USING NETCAT UTILITY.
Banner Grabbing is a technique to determine which application or service is running on the
specified port by attempting to make a connection to this host.

Banner Grabbing can be performed in two ways.

1. ONLINE (Thru Internet connection by connecting to remote websites)
2. OFFLINE (Thru Local LAN or with Virtual Box Guest OS)

1. First Enable the TELNET service on your computer by typing the command given;
Type the command SERVICES.MSC in run command menu, Click on Telnet service and enable
the service, select it automatic and Click Start.
2. Open Command prompt and type the following ;
telnet www.rediff.com 80 (http port) and press enter key twice.
3. Now you can see the rediff website web server’s information.
4. You can also try it on your local machine connecting to your Guest OS like
telnet Guest IP address(example: 192.168.56.101) 80 and press enter twice.
5. The same Banner grabbing can also perform by the NETCAT utility available at
http://netcat.sourceforge.net the compressed file.
6. Extract on your local drive and perform the following in the command prompt;
Netcat www.rediff.com 80 (http port) and press enter twice to see the result.
7. Use the same procedure on Guest Operating System like
But before using netcat command please install the IIS (Internet Information
Server) from Add/Remove components on your Guest OS, then apply this;
Netcat –vv –n guest ip address(example: 192.168.56.101) 80 and press enter
twice to see the result.
-vv=verbose mode , -n=numerical IP address only.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
3. PERFORM AN EXPERIMENT FOR PORT SCANNING WITH NMAP, SUPERSCAN
OR ANY OTHER SOFTWARE.
Port Scanning is the process of connecting to TCP and UDP port for the purpose of finding
which services and applications are open on the Target Machine.
TCP establishes a connection by using what is called a Three way handshake. The TCP header
contains one byte field for the flags. These flags include the following;
ACK  The receiver will send an Ack to acknowledge data.
SYN  Setup to begin communication on initial sequence number.
FIN  Inform the other host that the sender has no more data to send.
RST  Abort operation.
PSH  Force data delivery without waiting for buffers to fill.
URG  Indicate priority data.
The port numbers are unique only within a computer system. Port numbers are 16-bit unsigned
numbers. The port numbers are divided into three ranges: the Well Known Ports (0-1023), the
Registered Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535).
All the operating systems now honor the tradition of permitting only the super-user open the
ports numbered 0 to 1023. Some are listed below:
echo 7/tcp Echo
ftp-data 20/udp File Transfer [Default Data]
ftp 21/tcp File Transfer [Control]
ssh 22/tcp SSH Remote Login Protocol
telnet 23/tcp Telnet
domain 53/udp Domain Name Server
www-http 80/tcp World Wide Web HTTP

Nmap ("Network Mapper") is a free and open source utility for network exploration or security
auditing. The FIVE port states recognized by Nmap such as:
1. Closed 2. Filtered 3. UnFiltered 4. Open-Filtered 5. Closed-Filter
Download Super Scan 3.0 tool from the WebSite and Execute the following:

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
4. USING NMAP 1)FIND OPEN PORTS ON A SYSTEM 2) FIND THE MACHINES
WHICH ARE ACTIVE 3)FIND THE VERSION OF REMOTE OS ON OTHER SYSTEMS
4)FIND THE VERSION OF S/W INSTALLED ON OTHER SYSTEM

1. Download Nmap from www.nmap.org and install the Nmap Software with WinPcap Driver
utility.
2. Execute the Nmap-Zenmap GUI tool from Program Menu or Desktop Icon.
3. Type the Target Machine IP Address(ie.Guest OS or any website Address)
4. Perform the profiles shown in the utility.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
5. PERFORM AN EXPERIMENT ON ACTIVE AND PASSIVE FINGER
PRINTING USING XPROBE2 AND NMAP.

Fingerprinting is a process in scanning phase in which an attacker tries to identify Operating

System of target Machine. Fingerprinting can be classified into two types
Active and Passive Fingerprinting
Active Stack Fingerprinting
It involves sending data to the target system and then see how it responds. Based on the fact that
teach system will respond differently, the response is compared with database and the OS is
identified. It is commonly used method though there are high chances of getting detected. It can
be performed by following ways.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
Using Nmap : Nmap is a port scanning tool that can be used for active stack OS fingerprinting.
Syntax: nmap -O IP_address
Example: nmap –O 192.168.56.101

Using Xprobe2: This UNIX tool for active fingerprinting.

Syntax: xprobe2 -v IP_address
Example: xprobe -v 192.168.56.101

Passive Fingerprinting involves examining traffic on network to determine the operating system.
There is no guarantee that the fingerprint will be accurate but usually they are accurate. It
generally means sniffing traffic rather than making actual contact and thus this method is
stealthier and usually goes undetected.

6. PERFORMA AN EXPERIMENT TO DEMONSTRATE HOW TO SNIFF FOR ROUTER

TRAFFIC BY USING THE TOOL WIRESHARK.
A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used
by a network or system administrator to monitor and troubleshoot network traffic. Using the
information captured by the packet sniffer an administrator can identify erroneous packets and
use the data to pinpoint bottlenecks and help maintain efficient network data transmission.
In its simple form a packet sniffer simply captures all of the packets of data that pass through
a given network interface. By placing a packet sniffer on a network in promiscuous mode, a
Malicious intruder can capture and analyze all of the network traffic.

Wireshark is a network packet analyzer. A network packet analyzer will try to capture
network packets and tries to display that packet data as detailed as possible.

Download and install wireshark network analyzer.

Steps to capture traffic:

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
1. Open Wireshark network analyzer.

2. Select interface: Goto capture option in menu bar and select interface

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
Start Caputuring

7. PERFORM AN EXPERIMENT HOW TO USE DUMPSEC.

SomarSoft's DumpSec is a (free) security auditing program for Microsoft Windows

NT/2000. It dumps the permissions (DACLs) and audit settings (SACLs) for the file
system, registry, printers and shares in a concise, readable format, so that holes in
system security are readily apparent. DumpSec also dumps user, group and replication
information. DumpSec is a must have product for Windows NT systems administrators
and computer security auditors.
1. Download & install dumpsec.
2. Open dumpsec and select computer

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
2. Now select report=> dump users as table and click ok.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
Printer Sharing Report

Permission on Shares:

8. PERFORM AN WIRELESS AUDIT OF AN ACCESS POINT / ROUTER AND

DECRYPT WEP AND WPA.

NetStumbler (Network Stumbler) is one of the Wi-Fi hacking tool which only compatible
with windows, this tool also a freeware. With this program, we can search for wireless
network which open and infiltrate the network. Its having some compatibility and
network adapter issues.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
 Download and install Netstumbler
 It is highly recommended that your PC should have wireless network card in order to access
wireless router.
 Now Run Netstumbler in record mode and configure wireless card.
 There are several indicators regarding the strength of the signal, such as GREEN indicates
Strong, YELLOW and other color indicates a weaker signal, RED indicates a very weak and GREY
indicates a signal loss.
 Lock symbol with GREEN bubble indicates the Access point has encryption enabled.
 MAC assigned to Wireless Access Point is displayed on right hand pane.
 The next coloumn displays the Access points Service Set Identifier[SSID] which is useful to crack
the password.
 To decrypt use WireShark tool by selecting EditpreferencesIEEE 802.11
 Enter the WEP keys as a string of hexadecimal numbers as A1B2C3D4E5

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
Adding Keys: Wireless Toolbar
If you are using the Windows version of Wireshark and you have an AirPcap adapter
you can add decryption keys using the wireless toolbar. If the toolbar isn't visible, you
can show it by selecting View->Wireless Toolbar. Click on the Decryption Keys... button
on the toolbar:

This will open the decryption key managment window. As shown in the window you can
select between three decryption modes: None, Wireshark, and Driver:

9. PERFORM AN EXPERIMENT TO SNIFF TRAFFIC USING ARP POISONING.

Address Resolution Protocol (ARP) poisoning is a type of attack where the Media Access
Control [MAC] address by the attacker called spoofing. ARP poison routing uses the stored
cache as a way to reroute or redirect ;packets from a target, to an intermediate machine. Thus
MAN in MIDDLE watch the traffic between Source and Target machines.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
To perform this Install CAIN and Abel tool and do the following:
 Click on Sniffer menu.
 Click on hosts on the button portion window.
 Click Start sniffer and APR service from Standard toolbar menu.

 Right Click on the hosts window and click on Scan MAC address.
 Select all hosts in my subnet or range FROM and TO IP address and Click OK.
 Now you view the MAC and IP address of Remote / Local machines.
 Click on APR button on toolbar menu.
 Left Click on right pane of APR window and then Click on ‘+’ symbol on standard
toolbar.
 APR enables you to poison IP traffic between the selected host .
 Click on any IP address on the left side list and the other IP selected on the right side.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
 Left Click on Right side on the IP address and Click OK.
 Wathch the poisoning effect FROM and TO IP address.

 The analysis of this traffic can also be performed by other tool called ETHEREAL.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
 ABEL is the second part of program composed by two files able.exe and abel.dll. The service
can be installed with Administrative Priviledges on the Target Machine.
 Execute Abel.exe from ProgramFiles Folder.
 Expand Microsoft windows Network and Click on all Computers.
 Right Click on Computer and Connect as Administrative Credentials.
 Once connected Right Click on services icon and select install Abel, the two files abe.exe
and abel.dll will be copied on to connected Computer.
 Now bring up a console prompt on the connected Computer examine the password hashes.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
10. Install IPCop on a linux system and learn all the function available on the software.

IPCOP Linux is a complete Linux distribution. Its sole purpose is to protect the network. Its main
features are: IP table network filter, All types of Drive Support and Quad Network support such
as GREEN(Internal Trusted Network), BLUE(Wireless Semi-Trusted Network,
ORANGE(Demilitarized Zone for internet Access Servers, RED(The Internet)
Installation Procedure as follows:
Download IPCOP 2.0.2.iso from www.ipcop.org.
Run Virtual Box on Host PC and add IPCOP.ISO file and Start the Installation.
The Bootup Screen appears hit enter key.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
Select Default English Language and Press Enter-Key
Select default US layout Keyboard and Press Enter-Key.
Select Asia/Calcutta and Press OK to proceed.
Change the Date and Time if required and Press OK.
Select the disk installation default HDD and Press OK.
Skip the restore windows by pressing skip option button.
Now Disk installation is complete press on congratulation button.
Enter HOST name ipcop and Press OK.
Domain Name local domain and Press OK.
Select DHCP by pressing space bar key and Press OK.
Select card assignment first as GREEN and second as RED and Press DONE.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
Press OK on DHCP server by Default.

Type the Password for root minimum 6 characters and Press OK

Type the Password for admin minimum 6 characters and Press OK.
Type the Password for backup minimum 6 characters and Press OK.
Your IPCOP Virtual Box Reboots.
Type the username as root and enter the password , Press Enter-Key.
Now open your Internet Explorer Web Browser and type the following in the address bar:
https://192.168.1.1:8443/ and Press Enter-Key.
Certificate error is obtained Click on continue which displays as not recommended
anyway.
IPCOP begins and enter the username as admin and type the password, click OK.
The Full Fledge IPCOP firewall is now ready.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
 Practice the absic options of IPCOP firewall.
11. INSTALL JCRYPT TOOL (OR ANY OTHER EQUIVALENT) AND DEMONSTRATE
ASYMMETRIC, SYMMETRIC CRYPTO ALGORITHM, HASH AND DIGITAL/PKI
SIGNATURES

ASYMMETRIC ALGORITHM
o Download Jcrypt tool from Cryptool Website and Install
o Open Jcrypt Software and Click on NEW text editior, type the text information into it.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
o Click on the Algorithm menu bar and Select Asymmetric algorithm RSA for encryption.
o Click create a New KeyPair and type in the contact name[xxxxx] and enter the password
and confirm password, then Click finish again.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
o Now you can see RSA output bin file is generated.

o The same output bin file to decrypt select RSA Algorithm and Click on Decrypt, Select
keyname you have declared earlier and Click Finish.
o Enter the password to Decrypt and see the output with original Decrypted text on the
Screen.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
SYMMETRIC ALGORITHM
o Click on Algorithm Menu bar Select SymmetricAES and Click on it.
o Click on create a new key, type contact name and enter the password and confirm, Click
finish Click finish again.
o Enter the password to open the output file.
o To Decrypt Select Algorithms SymmetricSelect the key which you have created and
Click Finish.
o Enter the password and see the result in output bin file with hexadecimal values and plain
text.

HASH GENERATION
o Click on Algorithms, Click on HashSelect MD5Click Finish.
o Now view the output bin file HASH generated.
o Practice using SHA and SHA3 and verify the result on the screen.

DIGITAL SIGNATURE
o Click on algorithms, Click on Signature, Select DSA and Click on it.
o Select sign operation and Click on create a new key.
o Enter the password and save the file and Click finish.
o To verify Click on Algorithm, Click on Signature and Click DSA.
o Select verify operation, Click open and type the password and Click finish.
o The Signature file is opened and verified.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
SHA1 RANDOM PASSWORD GENERATOR
o Click AlgorithmClick Random Number GeneratorClick SHA1
o Type the output size[default 128 bits] or your choice.
o Select filter output binary or output as character or output as numbers and Click Finish.
o The output bin SHA1 file is generated and displayed on the screen.
o Practice with various size and filter to binary output or output as character or output as
number.

12. DEMONSTRATE INTRUSION DETECTION SYSTEM (IDS) USING ANY TOOL

EG . SNORT OR ANY OTHER S/W

SNORT can be configured to run in three modes:

1. Sniffer mode 2. Packet Logger mode 3. Network Intrusion Detection System mode

Sniffer modesnort –v Print out the TCP/IP packets header on the screen
Snort –vd show the TCP/IP ICMP header with application data in transit.
Packet Logger mode snort –dev –l c:\log [create this directory in the C drive] and snort will
automatically know to go into packet logger mode, it collects every
packet it sees and places it in log directory.
snort –dev –l c:\log –h ipaddress/24 This rule tells snort that you want to
print out the data link and TCP/IP headers as well as application data
into the log directory.
snort –l c:\log –b This is binary mode logs everything into a single file.
Network Intrusion Detection System mode snort –d c:\log –h ipaddress/24 –c snort.conf This
is a configuration file applies rule to each packet
to decide it an action based upon the rule type in
the file.
Snort –d –h ipaddress/24 –l c:\log –c snort.conf
This will cnfigure snort to run in its most basic
NIDS form, logging packets that trigger rules
specifies in the snort.conf

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
Download SNORT from snort.org
Install snort with or without database support.

Select all the components and Click Next.

Install and Close.
Skip the WinPcap driver installation
Add the path variable in windows environment variable by selecting new classpath.
Create a path variable and point it at snort.exe variable namepath and variable
valuec:\snort\bin.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
Click OK button and then close all dialog boxes.
Open command prompt and type the following commands:

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
13. INSTALL ROOTKITS AND STUDY VARIETY OF OPTIONS

Rootkit is a stealth type of malicious software designed to hide the existence of certain process
from normal methods of detection and enables continued privileged access to a computer.

Download Rootkit Tool from GMER website. www.gmer.net

This displays the Processes, Modules, Services, Files, Registry, RootKit/Malwares,
Autostart, CMD of local host.
Select Processes menu and kill any unwanted process if any.
Modules menu displays the various system files like .sys, .dll
Services menu displays the complete services running with Autostart, Enable, Disable,
System, Boot.
Files menu displays full files on Hard-Disk volumes.
Registry displays Hkey_Current_user and Hkey_Local_Machine.
Rootkits/Malawares scans the local drives selected.
Autostart displays the registry base Autostart applications.
CMD allows the user to interact with command line utilities or Registry.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
 Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
14. GENERATING PASSWORD HASHES WITH OPENSSL

The Open SSL is command line binary can perform a wide range of cryptographic operation.
Install Open SSL setup file on to the default location.
Perform Full installation and Click Next.
Create Document shortcuts in start menu and Click Next
Complete the installation.
Execute the Open SSL from command prompt available at
C:\ProgramFiles\GnuWin32\OpenSSL\openssl.exe
openssl> (This is the Open SSL prompt)
Now execute the command as follows for password generation.
Passwd –crypt [type your password] This is limited to 8 characters password generator.
Passwd -1 [your password] This allows you to insert password length beyond 8
characters.
Type this command to generate 10-12 characters passwords of TEN numbers.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
15. SETUP A HONEY POT AND MONITOR THE HONEYPOT ON NETWORK

Honey Pot is a device placed on Computer Network specifically designed to capture malicious
network traffic.

KF Sensor is the tool to setup as honeypot when KF Sensor is running it places a siren icon in the
windows system tray in the bottom right of the screen. If there are no alerts then green icon is
displayed.

Download KF Sensor Evaluation Setu File from KF Sensor Website.

Install with License Agreement and appropriate directory path.
Reboot the Computer now.
The KF Sensor automatically starts during windows boot Click Next to setup wizard.
Select all port classes to include and Click Next.
Send the email and Send from email enter the ID and Click Next.
Select the options such as Denial of Service[DOS], Port Activity, Proxy Emulsion,
Network Port Analyzer, Click Next.
Select Install as System service and Click Next.
Click finish.

Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
 Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com
 Written by G.RAVINDARKUMAR [APT 365]

WWW.Vidyarthiplus.Com