1

2
3
4
 [Link]:
Date: Caeser Cipher Technique

AIM :
To implement Caeser cipher technique algorithm using python code.

PROGRAM:
def encrypt(message, key):
alphabet = "abcdefghijklmnopqrstuvwxyz"
encrypted_text = ""
for char in message:
if [Link]():
is_upper = [Link]()
char_lower = [Link]()

# Find new shifted character

index = [Link](char_lower)
new_index = (index + key) % 26
encrypted_char = alphabet[new_index]

# Convert back to uppercase if needed

if is_upper:
encrypted_char = encrypted_char.upper()
encrypted_text += encrypted_char
else:
encrypted_text += char # Keep spaces, punctuation, numbers unchanged
return encrypted_text

5
def decrypt(encrypted_message, key):
alphabet = "abcdefghijklmnopqrstuvwxyz"
decrypted_text = ""
for char in encrypted_message:
if [Link]():
is_upper = [Link]()
char_lower = [Link]()

# Find new shifted character (reversing shift)

index = [Link](char_lower)
new_index = (index - key) % 26
decrypted_char = alphabet[new_index]

# Convert back to uppercase if needed

if is_upper:
decrypted_char = decrypted_char.upper()
decrypted_text += decrypted_char
else:
decrypted_text += char # Keep spaces, punctuation, numbers unchanged
return decrypted_text

# Example usage
key = 6
message = "Dinesh"
encrypted = encrypt(message, key)
print("Encrypted:", encrypted)

6
decrypted = decrypt(encrypted, key)
print("Decrypted:", decrypted)

OUTPUT:

Encrypted: jotkyn
Decrypted: dinesh

RESULT:
Thus,The Caeser Cipher Technique has been implemented using python code and the output has
been verified successfully.

7
 [Link]:
Date: Hill Cipher Technique

AIM :
To implement Hill cipher technique algorithm using python code.

PROGRAM:
keyMatrix = [[0] * 3 for i in range(3)]
messageVector = [[0] for i in range(3)]
cipherMatrix = [[0] for i in range(3)]
def getKeyMatrix(key):
k=0
for i in range(3):
for j in range(3):
keyMatrix[i][j] = ord(key[k]) % 65
k += 1
def encrypt(messageVector):
for i in range(3):
for j in range(1):
cipherMatrix[i][j] = 0
for x in range(3):
cipherMatrix[i][j] += (keyMatrix[i][x] *
messageVector[x][j])
cipherMatrix[i][j] = cipherMatrix[i][j] % 26
def HillCipher(message, key):
getKeyMatrix(key)
for i in range(3):
messageVector[i][0] = ord(message[i]) % 65

8
 encrypt(messageVector)
CipherText = []
for i in range(3):
[Link](chr(cipherMatrix[i][0] + 65))
print("Cipher text: ", "".join(CipherText))
def main():
message = "GFG"
key = "HILLMAGIC"
HillCipher(message, key)
if __name__ == "__main__":
main()

OUTPUT:
Cipher text: SWK

RESULT:
Thus,The Hill Cipher Technique has been implemented using python code and the output has
been verified successfully.

9
 [Link]:
Date: Data Encryption Standard (DES) Algorithm

AIM:
To use Data Encryption Standard (DES) Algorithm for a practical application like User Message
Encryption.

PROGRAM:

import base64
from [Link] import DES
key = b"01234567"
mode = DES.MODE_ECB
def pad(text):
padding_length = 8 - (len(text) % 8)
return text + bytes([padding_length]) * padding_length
def unpad(text):
padding_length = text[-1]
return text[:-padding_length]
def encrypt(plaintext, key, mode):
plaintext = pad(plaintext)
cipher = [Link](key, mode)
ciphertext = [Link](plaintext)
return ciphertext
def decrypt(ciphertext, key, mode):
cipher = [Link](key, mode)
plaintext = [Link](ciphertext)
plaintext = unpad(plaintext)
return plaintext

10
plaintext = b"This is a secret message."
ciphertext = encrypt(plaintext, key, mode)
print("Ciphertext:", base64.b64encode(ciphertext).decode('utf-8'))

decrypted_text = decrypt(ciphertext, key, mode)

print("Decrypted text:", decrypted_text.decode('utf-8'))

OUTPUT:
Ciphertext: hGfoDnnw/frDFdBcbrc7Ad08XmTSf5orWpHFkHuFyt8=
Decrypted text: This is a secret message.

RESULT:
Thus,The Data Encryption Standard (DES) Algorithm has been implemented using python code
and the output has been verified successfully.

11
 [Link]:
Date: Digital Signature Standard(DSS)

AIM:
To implement the SIGNATURE SCHEME - Digital Signature Standard.

PROGRAM:
from random import randrange
from hashlib import sha1
from gmpy2 import xmpz, to_binary, invert, powmod, is_prime
def generate_p_q(L, N):
g = N # g >= 160
n = (L - 1) // g
b = (L - 1) % g
while True:
# generate q
while True:
s = xmpz(randrange(1, 2 ** (g)))
a = sha1(to_binary(s)).hexdigest()
zz = xmpz((s + 1) % (2 ** g))
z = sha1(to_binary(zz)).hexdigest()
U = int(a, 16) ^ int(z, 16)
mask = 2 ** (N - 1) + 1
q = U | mask
if is_prime(q, 20):
break
# generate p
i = 0 # counter

12
 j = 2 # offset
while i < 4096:
V = []
for k in range(n + 1):
arg = xmpz((s + j + k) % (2 ** g))
zzv = sha1(to_binary(arg)).hexdigest()
[Link](int(zzv, 16))
W=0
for qq in range(0, n):
W += V[qq] * 2 ** (160 * qq)
W += (V[n] % 2 ** b) * 2 ** (160 * n)
X = W + 2 ** (L - 1)
c = X % (2 * q)
p = X - c + 1 # p = X - (c - 1)
if p >= 2 ** (L - 1):
if is_prime(p, 10):
return p, q
i += 1
j += n + 1

def generate_g(p, q):

while True:
h = randrange(2, p - 1)
exp = xmpz((p - 1) // q)
g = powmod(h, exp, p)
if g > 1:

13
 break
return g

def generate_keys(g, p, q):

x = randrange(2, q) # x < q
y = powmod(g, x, p)
return x, y

def generate_params(L, N):

p, q = generate_p_q(L, N)
g = generate_g(p, q)
return p, q, g

def sign(M, p, q, g, x):

if not validate_params(p, q, g):
raise Exception("Invalid params")
while True:
k = randrange(2, q) # k < q
r = powmod(g, k, p) % q
m = int(sha1(M).hexdigest(), 16)
try:
s = (invert(k, q) * (m + x * r)) % q
return r, s
except ZeroDivisionError:
pass

14
def verify(M, r, s, p, q, g, y):
if not validate_params(p, q, g):
raise Exception("Invalid params")
if not validate_sign(r, s, q):
return False
try:
w = invert(s, q)
except ZeroDivisionError:
return False
m = int(sha1(M).hexdigest(), 16)
u1 = (m * w) % q
u2 = (r * w) % q
# v = ((g ** u1 * y ** u2) % p) % q
v = (powmod(g, u1, p) * powmod(y, u2, p)) % p % q
if v == r:
return True
return False

def validate_params(p, q, g):

if is_prime(p) and is_prime(q):
return True
if powmod(g, q, p) == 1 and g > 1 and (p - 1) % q:
return True
return False

def validate_sign(r, s, q):

if r < 0 and r > q:

15
 return False
if s < 0 and s > q:
return False
return True

if __name__ == "__main__":
N = 160
L = 1024
p, q, g = generate_params(L, N)
x, y = generate_keys(g, p, q)

text = "MISIS rocks"

M = [Link](text, "ascii")
r, s = sign(M, p, q, g, x)
if verify(M, r, s, p, q, g, y):
print('All ok')
print(M, r, s, p, q, g, y, x, sep='\n')

OUTPUT:
All ok
b'MISIS rocks'
316663883592048797909031068647598628574706145195
438503341344952346595892657867234386863226945430
16143199838574983565885292968653565170639641797362166962281142844616339579212
16964813581754928367024658962587230782481443888097341922296323009230013860708
26204095490214380337819228211830186153946827047386486741526200974842815285720
74419538446013741436026121903373912226817062984057622934548600945543840654953
3
1274173197782580502938673165389731434121329742063
44930426288766819560756543496089396644635319265019852656003771758983294622579
43613383762563179161883164953255999091198714913015759078348232449784751079095
64

16
02462103425748820065457174916651186587042741861981711518594511694601295524279
996722230783916312242844086454775067666949444111366221492933762735721340079
15176255270221304062363065189437637274756420416802608471142946347489714182153
86517119483865079910947915202667975951637841574572517650365394601646889710125
63980284231203818562083263525238983790434464076848450598995195620371717432923
53653187279342145720800959048872883683844429331763152612846698386437319386095
1
583991616242816475751693639525944714332970306091

RESULT:

17
Thus,The Digital Signature Standard(DSS) has been implemented using python code and the
output has been verified successfully.

[Link]:
Date: Implementation of RSA

AIM:
To implement RSA (Rivest–Shamir–Adleman) algorithm by using python.

PROGRAM:
def power(base, expo, m):
res = 1
base = base % m
while expo > 0:
if expo & 1:
res = (res * base) % m
base = (base * base) % m
expo = expo // 2
return res
# Function to find modular inverse of e modulo phi(n)
# Here we are calculating phi(n) using Hit and Trial Method
# but we can optimize it using Extended Euclidean Algorithm
def modInverse(e, phi):
for d in range(2, phi):
if (e * d) % phi == 1:
return d
return -1

18
def generateKeys():
p = 7919
q = 1009

n=p*q
phi = (p - 1) * (q - 1)

# Choose e, where 1 < e < phi(n) and gcd(e, phi(n)) == 1

e=0
for e in range(2, phi):
if gcd(e, phi) == 1:
break

# Compute d such that e * d ≡ 1 (mod phi(n))

d = modInverse(e, phi)

return e, d, n

# Function to calculate gcd

def gcd(a, b):
while b != 0:
a, b = b, a % b
return a

# Encrypt message using public key (e, n)

19
def encrypt(m, e, n):
return power(m, e, n)

# Decrypt message using private key (d, n)

def decrypt(c, d, n):
return power(c, d, n)

# Main execution
if __name__ == "__main__":

# Key Generation
e, d, n = generateKeys()

print(f"Public Key (e, n): ({e}, {n})")

print(f"Private Key (d, n): ({d}, {n})")

# Message
M = 123
print(f"Original Message: {M}")

# Encrypt the message

C = encrypt(M, e, n)
print(f"Encrypted Message: {C}")

# Decrypt the message

decrypted = decrypt(C, d, n)
print(f"Decrypted Message: {decrypted}")

20
OUTPUT:
Public Key (e, n): (5, 7990271)
Private Key (d, n): (1596269, 7990271)
Original Message: 123
Encrypted Message: 3332110
Decrypted Message: 123

RESULT:

21
Thus,The RSA algorithm has been implemented using python code and the output has been
verified successfully.

[Link]:
Date: SHA algorithm

AIM:
To Calculate the message digest of a text using the SHA algorithm.

PROGRAM_1:
import sys

MAX_64BIT = 0xffffffffffffffff

class SHA512():
def __init__(self, mode = 'MODE_SHA_512', verbose = 0):
assert mode in ['MODE_SHA_512_224', 'MODE_SHA_512_256',
'MODE_SHA_384', 'MODE_SHA_512']
[Link] = mode
[Link] = verbose
[Link]
self.NUM_ROUNDS = 80
self.H = [0] * 8
self.t1 = 0
self.t2 = 0
self.a = 0
self.b = 0
self.c = 0
self.d = 0
self.e = 0
self.f = 0
self.g = 0
self.h = 0
self.w = 0
self.W = [0] * 16
self.k = 0

22
 self.K = [0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f,
0xe9b5dba58189dbbc, 0x3956c25bf348b538, 0x59f111f1b605d019,
0x923f82a4af194f9b, 0xab1c5ed5da6d8118, 0xd807aa98a3030242,
0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235,
0xc19bf174cf692694, 0xe49b69c19ef14ad2, 0xefbe4786384f25e3,
0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65, 0x2de92c6f592b0275,
0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f,
0xbf597fc7beef0ee4, 0xc6e00bf33da88fc2, 0xd5a79147930aa725,
0x06ca6351e003826f, 0x142929670a0e6e70, 0x27b70a8546d22ffc,
0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6,
0x92722c851482353b, 0xa2bfe8a14cf10364, 0xa81a664bbc423001,
0xc24b8b70d0f89791, 0xc76c51a30654be30, 0xd192e819d6ef5218,
0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8,
0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99,
0x34b0bcb5e19b48a8, 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb,
0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3, 0x748f82ee5defb2fc,
0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915,
0xc67178f2e372532b, 0xca273eceea26619c, 0xd186b8c721c0c207,
0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, 0x06f067aa72176fba,
0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b,
0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc,
0x431d67c49c100d4c, 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,
0x5fcb6fab3ad6faec, 0x6c44198c4a475817]

def init(self):
if [Link] == 'MODE_SHA_512_224':
self.H = [0x8c3d37c819544da2, 0x73e1996689dcd4d6,
0x1dfab7ae32ff9c82, 0x679dd514582f9fcf,
0x0f6d2b697bd44da8, 0x77e36f7304c48942,
0x3f9d85a86a1d36c8, 0x1112e6ad91d692a1]

elif [Link] == 'MODE_SHA_512_256':

self.H = [0x22312194fc2bf72c, 0x9f555fa3c84c64c2,
0x2393b86b6f53b151, 0x963877195940eabd,
0x96283ee2a88effe3, 0xbe5e1e2553863992,

23
 0x2b0199fc2c85b8aa, 0x0eb72ddc81c52ca2]

elif [Link] == 'MODE_SHA_384':

self.H = [0xcbbb9d5dc1059ed8, 0x629a292a367cd507,
0x9159015a3070dd17, 0x152fecd8f70e5939,
0x67332667ffc00b31, 0x8eb44a8768581511,
0xdb0c2e0d64f98fa7, 0x47b5481dbefa4fa4]

elif [Link] == 'MODE_SHA_512':

self.H = [0x6a09e667f3bcc908, 0xbb67ae8584caa73b,
0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
0x510e527fade682d1, 0x9b05688c2b3e6c1f,
0x1f83d9abfb41bd6b, 0x5be0cd19137e2179]

def next(self, block):

self._W_schedule(block)
self._copy_digest()
if [Link]:
print("State after init:")
self._print_state(0)

for i in range(self.NUM_ROUNDS):
self._sha512_round(i)
if [Link]:
self._print_state(i)

self._update_digest()

def get_digest(self):
if [Link] == 'MODE_SHA_512_224':
return self.H[0:3] # FIX THIS!

elif [Link] == 'MODE_SHA_512_256':

return self.H[0:4]

elif [Link] == 'MODE_SHA_384':

return self.H[0:6]

24
 elif [Link] == 'MODE_SHA_512':
return self.H

def _copy_digest(self):
self.a = self.H[0]
self.b = self.H[1]
self.c = self.H[2]
self.d = self.H[3]
self.e = self.H[4]
self.f = self.H[5]
self.g = self.H[6]
self.h = self.H[7]

def _update_digest(self):
self.H[0] = (self.H[0] + self.a) & MAX_64BIT
self.H[1] = (self.H[1] + self.b) & MAX_64BIT
self.H[2] = (self.H[2] + self.c) & MAX_64BIT
self.H[3] = (self.H[3] + self.d) & MAX_64BIT
self.H[4] = (self.H[4] + self.e) & MAX_64BIT
self.H[5] = (self.H[5] + self.f) & MAX_64BIT
self.H[6] = (self.H[6] + self.g) & MAX_64BIT
self.H[7] = (self.H[7] + self.h) & MAX_64BIT

def _print_state(self, round):

print("State at round 0x%02x:" % round)
print("t1 = 0x%016x, t2 = 0x%016x" % (self.t1, self.t2))
print("k = 0x%016x, w = 0x%016x" % (self.k, self.w))
print("a = 0x%016x, b = 0x%016x" % (self.a, self.b))
print("c = 0x%016x, d = 0x%016x" % (self.c, self.d))
print("e = 0x%016x, f = 0x%016x" % (self.e, self.f))
print("g = 0x%016x, h = 0x%016x" % (self.g, self.h))
print("")

def _sha512_round(self, round):

self.k = self.K[round]
self.w = self._next_w(round)

25
 self.t1 = self._T1(self.e, self.f, self.g, self.h, self.k, self.w)
self.t2 = self._T2(self.a, self.b, self.c)
self.h = self.g
self.g = self.f
self.f = self.e
self.e = (self.d + self.t1) & MAX_64BIT
self.d = self.c
self.c = self.b
self.b = self.a
self.a = (self.t1 + self.t2) & MAX_64BIT

def _next_w(self, round):

if (round < 16):
return self.W[round]

else:
tmp_w = (self._delta1(self.W[14]) +
self.W[9] +
self._delta0(self.W[1]) +
self.W[0]) & MAX_64BIT
for i in range(15):
self.W[i] = self.W[(i+1)]
self.W[15] = tmp_w
return tmp_w

def _W_schedule(self, block):

for i in range(16):
self.W[i] = block[i]

def _Ch(self, x, y, z):

return (x & y) ^ (~x & z)

def _Maj(self, x, y, z):

return (x & y) ^ (x & z) ^ (y & z)

def _sigma0(self, x):

26
 return (self._rotr64(x, 28) ^ self._rotr64(x, 34) ^ self._rotr64(x, 39))

def _sigma1(self, x):

return (self._rotr64(x, 14) ^ self._rotr64(x, 18) ^ self._rotr64(x, 41))

def _delta0(self, x):

return (self._rotr64(x, 1) ^ self._rotr64(x, 8) ^ self._shr64(x, 7))

def _delta1(self, x):

return (self._rotr64(x, 19) ^ self._rotr64(x, 61) ^ self._shr64(x, 6))

def _T1(self, e, f, g, h, k, w):

return (h + self._sigma1(e) + self._Ch(e, f, g) + k + w) & MAX_64BIT

def _T2(self, a, b, c):

return (self._sigma0(a) + self._Maj(a, b, c)) & MAX_64BIT

def _rotr64(self, n, r):

return ((n >> r) | (n << (64 - r))) & MAX_64BIT

def _shr64(self, n, r):

return (n >> r)

def compare_digests(digest, expected):

if (digest != expected):
print("Error:")
print("Got:")
print(digest)
print("Expected:")
print(expected)
else:
print("Test case ok.")

27
# If executed tests the ChaCha class using known test vectors.
#-------------------------------------------------------------------
def main():
print("Testing the SHA-512 Python model.")
print("---------------------------------")
print

# Single block message.

TC1_block = [0x6162638000000000, 0x0000000000000000, 0x0000000000000000,
0x0000000000000000,
0x0000000000000000, 0x0000000000000000, 0x0000000000000000,
0x0000000000000000,
0x0000000000000000, 0x0000000000000000, 0x0000000000000000,
0x0000000000000000,
0x0000000000000000, 0x0000000000000000, 0x0000000000000000,
0x0000000000000018]

my_sha512 = SHA512(mode = 'MODE_SHA_512', verbose=1);

TC1_expected = [0xDDAF35A193617ABA, 0xCC417349AE204131,
0x12E6FA4E89A97EA2, 0x0A9EEEE64B55D39A,
0x2192992A274FC1A8, 0x36BA3C23A3FEEBBD, 0x454D4423643CE80E,
0x2A9AC94FA54CA49F]
my_sha512.init()
my_sha512.next(TC1_block)
my_digest = my_sha512.get_digest()
compare_digests(my_digest, TC1_expected)

my_sha512 = SHA512(mode = 'MODE_SHA_512_224', verbose=1);

TC2_expected = [0x4634270F707B6A54, 0xDAAE7530460842E2,
0x0E37ED265CEEE9A4, 0x3E8924AA00000000]
my_sha512.init()
my_sha512.next(TC1_block)
my_digest = my_sha512.get_digest()
compare_digests(my_digest, TC2_expected)

28
 my_sha512 = SHA512(mode = 'MODE_SHA_512_256', verbose=1);
TC3_expected = [0x53048E2681941EF9, 0x9B2E29B76B4C7DAB,
0xE4C2D0C634FC6D46, 0xE0E2F13107E7AF23]
my_sha512.init()
my_sha512.next(TC1_block)
my_digest = my_sha512.get_digest()
compare_digests(my_digest, TC3_expected)

my_sha512 = SHA512(mode = 'MODE_SHA_384', verbose=1);

TC4_expected = [0xCB00753F45A35E8B, 0xB5A03D699AC65007,
0x272C32AB0EDED163, 0x1A8B605A43FF5BED,
0x8086072BA1E7CC23, 0x58BAECA134C825A7]
my_sha512.init()
my_sha512.next(TC1_block)
my_digest = my_sha512.get_digest()
compare_digests(my_digest, TC4_expected)

#-------------------------------------------------------------------
# __name__
# Python thingy which allows the file to be run standalone as
# well as parsed from within a Python interpreter.
#-------------------------------------------------------------------
if __name__=="__main__":
# Run the main function.
[Link](main())

OUTPUT_1:
Testing the SHA-512 Python model.
---------------------------------
State after init:
State at round 0x00:
t1 = 0x0000000000000000, t2 = 0x0000000000000000
k = 0x0000000000000000, w = 0x0000000000000000
a = 0x6a09e667f3bcc908, b = 0xbb67ae8584caa73b

29
c = 0x3c6ef372fe94f82b, d = 0xa54ff53a5f1d36f1
e = 0x510e527fade682d1, f = 0x9b05688c2b3e6c1f
g = 0x1f83d9abfb41bd6b, h = 0x5be0cd19137e2179

State at round 0x00:

t1 = 0xb37b0cfa1b97e8a0, t2 = 0x4334c1bea164f555
k = 0x428a2f98d728ae22, w = 0x6162638000000000
a = 0xf6afceb8bcfcddf5, b = 0x6a09e667f3bcc908
c = 0xbb67ae8584caa73b, d = 0x3c6ef372fe94f82b
e = 0x58cb02347ab51f91, f = 0x510e527fade682d1
g = 0x9b05688c2b3e6c1f, h = 0x1f83d9abfb41bd6b

State at round 0x01:

t1 = 0x8765f88a49d017cf, t2 = 0x8bbb003fb1b714f1
k = 0x7137449123ef65cd, w = 0x0000000000000000
a = 0x1320f8c9fb872cc0, b = 0xf6afceb8bcfcddf5
c = 0x6a09e667f3bcc908, d = 0xbb67ae8584caa73b
e = 0xc3d4ebfd48650ffa, f = 0x58cb02347ab51f91
g = 0x510e527fade682d1, h = 0x9b05688c2b3e6c1f

State at round 0x02:

t1 = 0x244203b46d9ed0d7, t2 = 0xc78df852b29ec11c
k = 0xb5c0fbcfec4d3b2f, w = 0x0000000000000000
a = 0xebcffc07203d91f3, b = 0x1320f8c9fb872cc0
c = 0xf6afceb8bcfcddf5, d = 0x6a09e667f3bcc908
e = 0xdfa9b239f2697812, f = 0xc3d4ebfd48650ffa
g = 0x58cb02347ab51f91, h = 0x510e527fade682d1

State at round 0x03:

t1 = 0xa13dce53256bd006, t2 = 0xb945fceb5a993e7c
k = 0xe9b5dba58189dbbc, w = 0x0000000000000000
a = 0x5a83cb3e80050e82, b = 0xebcffc07203d91f3
c = 0x1320f8c9fb872cc0, d = 0xf6afceb8bcfcddf5
e = 0x0b47b4bb1928990e, f = 0xdfa9b239f2697812
g = 0xc3d4ebfd48650ffa, h = 0x58cb02347ab51f91

State at round 0x04:

t1 = 0x7daafb917731f4ed, t2 = 0x38d599a7da2e5373
k = 0x3956c25bf348b538, w = 0x0000000000000000
a = 0xb680953951604860, b = 0x5a83cb3e80050e82
c = 0xebcffc07203d91f3, d = 0x1320f8c9fb872cc0
e = 0x745aca4a342ed2e2, f = 0x0b47b4bb1928990e
g = 0xdfa9b239f2697812, h = 0xc3d4ebfd48650ffa

30
State at round 0x05:
t1 = 0x83d5093fbb5508fa, t2 = 0x2b8231c284e980d3
k = 0x59f111f1b605d019, w = 0x0000000000000000
a = 0xaf573b02403e89cd, b = 0xb680953951604860
c = 0x5a83cb3e80050e82, d = 0xebcffc07203d91f3
e = 0x96f60209b6dc35ba, f = 0x745aca4a342ed2e2
g = 0x0b47b4bb1928990e, h = 0xdfa9b239f2697812

State at round 0x06:

t1 = 0x6e9c7c18349f2e19, t2 = 0x55eadef4461cd952
k = 0x923f82a4af194f9b, w = 0x0000000000000000
a = 0xc4875b0c7abc076b, b = 0xaf573b02403e89cd
c = 0xb680953951604860, d = 0x5a83cb3e80050e82
e = 0x5a6c781f54dcc00c, f = 0x96f60209b6dc35ba
g = 0x745aca4a342ed2e2, h = 0x0b47b4bb1928990e

State at round 0x07:

t1 = 0x2c72a72520ebdd88, t2 = 0x54212a70bf19721b
k = 0xab1c5ed5da6d8118, w = 0x0000000000000000
a = 0x8093d195e0054fa3, b = 0xc4875b0c7abc076b
c = 0xaf573b02403e89cd, d = 0xb680953951604860
e = 0x86f67263a0f0ec0a, f = 0x5a6c781f54dcc00c
g = 0x96f60209b6dc35ba, h = 0x745aca4a342ed2e2

State at round 0x08:

t1 = 0x19bfa7003e63b7a2, t2 = 0xd82cfe540e54da83
k = 0xd807aa98a3030242, w = 0x0000000000000000
a = 0xf1eca5544cb89225, b = 0x8093d195e0054fa3
c = 0xc4875b0c7abc076b, d = 0xaf573b02403e89cd
e = 0xd0403c398fc40002, f = 0x86f67263a0f0ec0a
g = 0x5a6c781f54dcc00c, h = 0x96f60209b6dc35ba

State at round 0x09:

t1 = 0x50b1e443cba5e285, t2 = 0x30c64906920eac7e
k = 0x12835b0145706fbe, w = 0x0000000000000000
a = 0x81782d4a5db48f03, b = 0xf1eca5544cb89225
c = 0x8093d195e0054fa3, d = 0xc4875b0c7abc076b
e = 0x00091f460be46c52, f = 0xd0403c398fc40002
g = 0x86f67263a0f0ec0a, h = 0x5a6c781f54dcc00c

State at round 0x0a:

t1 = 0x0eedec0f635f9c89, t2 = 0x5a97603b3d92bed0
k = 0x243185be4ee4b28c, w = 0x0000000000000000

31
a = 0x69854c4aa0f25b59, b = 0x81782d4a5db48f03
c = 0xf1eca5544cb89225, d = 0x8093d195e0054fa3
e = 0xd375471bde1ba3f4, f = 0x00091f460be46c52
g = 0xd0403c398fc40002, h = 0x86f67263a0f0ec0a

State at round 0x0b:

t1 = 0xc6c5a4233a74f689, t2 = 0x1444f540bd973821
k = 0x550c7dc3d5ffb4e2, w = 0x0000000000000000
a = 0xdb0a9963f80c2eaa, b = 0x69854c4aa0f25b59
c = 0x81782d4a5db48f03, d = 0xf1eca5544cb89225
e = 0x475975b91a7a462c, f = 0xd375471bde1ba3f4
g = 0x00091f460be46c52, h = 0xd0403c398fc40002

State at round 0x0c:

t1 = 0xdc071a9e3b8737b4, t2 = 0x823a06a54c913460
k = 0x72be5d74f27b896f, w = 0x0000000000000000
a = 0x5e41214388186c14, b = 0xdb0a9963f80c2eaa
c = 0x69854c4aa0f25b59, d = 0x81782d4a5db48f03
e = 0xcdf3bff2883fc9d9, f = 0x475975b91a7a462c
g = 0xd375471bde1ba3f4, h = 0x00091f460be46c52

State at round 0x0d:

t1 = 0x0492a254a205e05e, t2 = 0x3f91f3dc83574c42
k = 0x80deb1fe3b1696b1, w = 0x0000000000000000
a = 0x44249631255d2ca0, b = 0x5e41214388186c14
c = 0xdb0a9963f80c2eaa, d = 0x69854c4aa0f25b59
e = 0x860acf9effba6f61, f = 0xcdf3bff2883fc9d9
g = 0x475975b91a7a462c, h = 0xd375471bde1ba3f4

State at round 0x0e:

t1 = 0x1dc6b214c9bc43d6, t2 = 0xdccfccd8bbe43c52
k = 0x9bdc06a725c71235, w = 0x0000000000000000
a = 0xfa967eed85a08028, b = 0x44249631255d2ca0
c = 0x5e41214388186c14, d = 0xdb0a9963f80c2eaa
e = 0x874bfe5f6aae9f2f, f = 0x860acf9effba6f61
g = 0xcdf3bff2883fc9d9, h = 0x475975b91a7a462c

State at round 0x0f:

t1 = 0xcc70e29f65c892b7, t2 = 0x3e6f99e74b4f89be
k = 0xc19bf174cf692694, w = 0x0000000000000018
a = 0x0ae07c86b1181c75, b = 0xfa967eed85a08028
c = 0x44249631255d2ca0, d = 0x5e41214388186c14
e = 0xa77b7c035dd4c161, f = 0x874bfe5f6aae9f2f
g = 0x860acf9effba6f61, h = 0xcdf3bff2883fc9d9

32
State at round 0x10:
t1 = 0xcfadab27b1bde164, t2 = 0xfb4a6f1aabc223d3
k = 0xe49b69c19ef14ad2, w = 0x6162638000000000
a = 0xcaf81a425d800537, b = 0x0ae07c86b1181c75
c = 0xfa967eed85a08028, d = 0x44249631255d2ca0
e = 0x2deecc6b39d64d78, f = 0xa77b7c035dd4c161
g = 0x874bfe5f6aae9f2f, h = 0x860acf9effba6f61

State at round 0x11:

t1 = 0xb059ed22d2a747b5, t2 = 0x96cbd101c82a56b6
k = 0xefbe4786384f25e3, w = 0x00030000000000c0
a = 0x4725be249ad19e6b, b = 0xcaf81a425d800537
c = 0x0ae07c86b1181c75, d = 0xfa967eed85a08028
e = 0xf47e8353f8047455, f = 0x2deecc6b39d64d78
g = 0xa77b7c035dd4c161, h = 0x874bfe5f6aae9f2f

State at round 0x12:

t1 = 0x2ed2e0eb07e15ba8, t2 = 0x0d7860190eace333
k = 0x0fc19dc68b8cd5b5, w = 0x0a9699a24c700003
a = 0x3c4b4104168e3edb, b = 0x4725be249ad19e6b
c = 0xcaf81a425d800537, d = 0x0ae07c86b1181c75
e = 0x29695fd88d81dbd0, f = 0xf47e8353f8047455
g = 0x2deecc6b39d64d78, h = 0xa77b7c035dd4c161

State at round 0x13:

t1 = 0xe6691c56ae585a09, t2 = 0xb3d6987cdc5e74fd
k = 0x240ca1cc77ac9c65, w = 0x00000c0060000603
a = 0x9a3fb4d38ab6cf06, b = 0x3c4b4104168e3edb
c = 0x4725be249ad19e6b, d = 0xcaf81a425d800537
e = 0xf14998dd5f70767e, f = 0x29695fd88d81dbd0
g = 0xf47e8353f8047455, h = 0x2deecc6b39d64d78

State at round 0x14:

t1 = 0x80c1cc2ab3c5baa5, t2 = 0x0d03e23aa2d77db0
k = 0x2de92c6f592b0275, w = 0x549ef62639858996
a = 0x8dc5ae65569d3855, b = 0x9a3fb4d38ab6cf06
c = 0x3c4b4104168e3edb, d = 0x4725be249ad19e6b
e = 0x4bb9e66d1145bfdc, f = 0xf14998dd5f70767e
g = 0x29695fd88d81dbd0, h = 0xf47e8353f8047455

State at round 0x4b:

t1 = 0x398b8e24ada913c1, t2 = 0xd9232801e0512a53

33
k = 0x431d67c49c100d4c, w = 0x82269d4a883a3d99
a = 0x12aeb6268dfa3e14, b = 0xfdd4a30e168c4ae5
c = 0xe6b8cb8dfa3475ab, d = 0xe7d913b6678e78ef
e = 0xf660943b276786f7, f = 0x83a35dbe2a64fc26
.
.
.
.
.
.
.
.
State at round 0x4d:
t1 = 0xe13ef462948a9785, t2 = 0xb4943cee49e35cc7
k = 0x597f299cfc657e2a, w = 0x464af5671d71c12e
a = 0x95d33150de6df44c, b = 0x055b73814cf102b4
c = 0x12aeb6268dfa3e14, d = 0xfdd4a30e168c4ae5
e = 0xc7f7bff08ebf0d30, f = 0xc4b149710f5d6a71
g = 0xf660943b276786f7, h = 0x83a35dbe2a64fc26

State at round 0x4e:

t1 = 0xcc31ff0bb5e3c5b1, t2 = 0x86d41533ae65b54f
k = 0x5fcb6fab3ad6faec, w = 0xe449b68198ec611c
a = 0x5306143f64497b00, b = 0x95d33150de6df44c
c = 0x055b73814cf102b4, d = 0x12aeb6268dfa3e14
e = 0xca06a219cc701096, f = 0xc7f7bff08ebf0d30
g = 0xc4b149710f5d6a71, h = 0xf660943b276786f7

State at round 0x4f:

t1 = 0x06a42a9d142d82de, t2 = 0xf8a0ad4470703cd5
k = 0x6c44198c4a475817, w = 0x92aeeed1a7bcf7d2
a = 0xff44d7e1849dbfb3, b = 0x5306143f64497b00
c = 0x95d33150de6df44c, d = 0x055b73814cf102b4
e = 0x1952e0c3a227c0f2, f = 0xca06a219cc701096
g = 0xc7f7bff08ebf0d30, h = 0xc4b149710f5d6a71

34
PROGRAM_2:

# Python 3 code to demonstrate

# SHA hash algorithms.

import hashlib

# initializing string
str = "GeeksforGeeks"

# encoding GeeksforGeeks using encode()

# then sending to SHA256()
result = hashlib.sha256([Link]())

# printing the equivalent hexadecimal value.

print("The hexadecimal equivalent of SHA256 is : ")
print([Link]())

print ("\r")

# initializing string
str = "GeeksforGeeks"

# encoding GeeksforGeeks using encode()

# then sending to SHA384()
result = hashlib.sha384([Link]())

# printing the equivalent hexadecimal value.

print("The hexadecimal equivalent of SHA384 is : ")
print([Link]())

print ("\r")

# initializing string
str = "GeeksforGeeks"

# encoding GeeksforGeeks using encode()

# then sending to SHA224()
result = hashlib.sha224([Link]())

35
# printing the equivalent hexadecimal value.
print("The hexadecimal equivalent of SHA224 is : ")
print([Link]())

print ("\r")

# initializing string
str = "GeeksforGeeks"

# encoding GeeksforGeeks using encode()

# then sending to SHA512()
result = hashlib.sha512([Link]())

# printing the equivalent hexadecimal value.

print("The hexadecimal equivalent of SHA512 is : ")
print([Link]())

print ("\r")

# initializing string
str = "GeeksforGeeks"

# encoding GeeksforGeeks using encode()

# then sending to SHA1()
result = hashlib.sha1([Link]())

# printing the equivalent hexadecimal value.

print("The hexadecimal equivalent of SHA1 is : ")
print([Link]())

36
OUTPUT:
The hexadecimal equivalent of SHA256 is :
f6071725e7ddeb434fb6b32b8ec4a2b14dd7db0d785347b2fb48f9975126178f

The hexadecimal equivalent of SHA384 is :

d1e67b8819b009ec7929933b6fc1928dd64b5df31bcde6381b9d3f90488d253240490460c0a5a1a8
73da8236c12ef9b3

The hexadecimal equivalent of SHA224 is :

173994f309f727ca939bb185086cd7b36e66141c9e52ba0bdcfd145d

The hexadecimal equivalent of SHA512 is :

0d8fb9370a5bf7b892be4865cdf8b658a82209624e33ed71cae353b0df254a75db63d1baa35ad99f2
6f1b399c31f3c666a7fc67ecef3bdcdb7d60e8ada90b722

The hexadecimal equivalent of SHA1 is :

4175a37afd561152fb60c305d4fa6026b7e79856

RESULT:

37
Thus,The SHA-1 algorithm has been implemented using python code and the output has been
verified successfully.

[Link]:
Date: Playfair Cipher algorithm

AIM :
To implement playfair cipher technique algorithm using python code.

PROGRAM:
def playfair_cipher(plaintext, key, mode):

alphabet = 'abcdefghiklmnopqrstuvwxyz'

key = [Link]().replace(' ', '').replace('j', 'i')

key_square = ''

for letter in key + alphabet:

if letter not in key_square:

key_square += letter

plaintext = [Link]().replace(' ', '').replace('j', 'i')

if len(plaintext) % 2 == 1:

plaintext += 'x'

digraphs = [plaintext[i:i+2] for i in range(0, len(plaintext), 2)]

def encrypt(digraph):

a, b = digraph

row_a, col_a = divmod(key_square.index(a), 5)

row_b, col_b = divmod(key_square.index(b), 5)

38
 if row_a == row_b: # Same row

col_a = (col_a + 1) % 5

col_b = (col_b + 1) % 5

elif col_a == col_b: # Same column

row_a = (row_a + 1) % 5

row_b = (row_b + 1) % 5

else: # Rectangle

col_a, col_b = col_b, col_a

return key_square[row_a*5 + col_a] + key_square[row_b*5 + col_b]

def decrypt(digraph):

a, b = digraph

row_a, col_a = divmod(key_square.index(a), 5)

row_b, col_b = divmod(key_square.index(b), 5)

if row_a == row_b: # Same row

col_a = (col_a - 1) % 5

col_b = (col_b - 1) % 5

elif col_a == col_b: # Same column

row_a = (row_a - 1) % 5

row_b = (row_b - 1) % 5

else: # Rectangle

col_a, col_b = col_b, col_a

return key_square[row_a*5 + col_a] + key_square[row_b*5 + col_b]

result = ''

39
 for digraph in digraphs:

if mode == 'encrypt':

result += encrypt(digraph)

elif mode == 'decrypt':

result += decrypt(digraph)

return result

plaintext = 'i am the fan of nature'

key = 'example key'

ciphertext = playfair_cipher(plaintext, key, 'encrypt')

print("Ciphertext:", ciphertext)

decrypted_text = playfair_cipher(ciphertext, key, 'decrypt')

print("Decrypted text:", decrypted_text)

OUTPUT:
Ciphertext: gpewdmgxoqdoevwoxa
Decrypted text: iamthefanofnaturex

40
RESULT:
Thus,Playfair cipher algorithm has been implemented using python code and the output has
been verified successfully.

[Link]:
Date: Vigenere Cipher algorithm

AIM :
To implement Caeser cipher technique algorithm using python code.

PROGRAM:
# Import sys for system operations and colorama for colored output.

import sys

from colorama import init, Fore

# Initialise colorama

init()

# Function to Encrypt using the Vigenère cipher.

def vigenere_encrypt(plain_text, key):

encrypted_text = ''

# Repeat the key to match the length of the plaintext.

key_repeated = (key * (len(plain_text) // len(key))) + key[:len(plain_text) % len(key)]

# Iterate through each character in the plaintext.

for i in range(len(plain_text)):

# Check if the character is an alphabet letter.

if plain_text[i].isalpha():
41
 # Calculate the shift based on the corresponding key letter.

shift = ord(key_repeated[i].upper()) - ord('A')

# Encrypt uppercase and lowercase letters separately.

if plain_text[i].isupper():

encrypted_text += chr((ord(plain_text[i]) + shift - ord('A')) % 26 + ord('A'))

else:

encrypted_text += chr((ord(plain_text[i]) + shift - ord('a')) % 26 + ord('a'))

else:

# If the character is not an alphabet letter, keep it unchanged.

encrypted_text += plain_text[i]

# Return the final encrypted text

return encrypted_text

# Decryption function for the Vigenère cipher

def vigenere_decrypt(cipher_text, key):

decrypted_text = ''

# Repeat the key to match the length of the ciphertext

key_repeated = (key * (len(cipher_text) // len(key))) + key[:len(cipher_text) % len(key)]

# Iterate through each character in the ciphertext

for i in range(len(cipher_text)):

# Check if the character is an alphabet letter

if cipher_text[i].isalpha():

# Calculate the shift based on the corresponding key letter

shift = ord(key_repeated[i].upper()) - ord('A')

# Decrypt uppercase and lowercase letters separately

if cipher_text[i].isupper():

42
 decrypted_text += chr((ord(cipher_text[i]) - shift - ord('A')) % 26 + ord('A'))

else:

decrypted_text += chr((ord(cipher_text[i]) - shift - ord('a')) % 26 + ord('a'))

else:

# If the character is not an alphabet letter, keep it unchanged

decrypted_text += cipher_text[i]

return decrypted_text

key = "KEY"

plaintext = input('[!] Enter your message: ')

# Encrypt the plaintext using the Vigenère cipher

cipher_text = vigenere_encrypt(plaintext, key)

# Print the results

print(f"[+] Plaintext: {plaintext}")

print(f"{[Link]}[+] Ciphertext: {cipher_text}")

# Ask if user wants to decrypt the message (just to see the functionality.)

ask_to_decrypt = input('\n\n[?] Do you want to decrypt the message?\n[?] Y or N: ').lower()

# If user wants to.

if ask_to_decrypt == 'y':

# Decrypt the ciphertext back to the original plaintext.

decrypted_text = vigenere_decrypt(cipher_text, key)

print(f"{[Link]}[+] Decrypted text: {decrypted_text}")

# If user does not want to.

elif ask_to_decrypt == 'n':

[Link]()

# When an invalid input is entered.

43
else:

print(f"{[Link]}[-] Invalid input.")

OUTPUT:
[!] Enter your message: dinesh
[+] Plaintext: dinesh
[+] Ciphertext: nmlowf

[?] Do you want to decrypt the message?

[?] Y or N: y
[+] Decrypted text: dinesh

RESULT:

44
Thus, vigenere cipher algorithm has been implemented using python code and the output has
been verified successfully.

[Link]:
Date: Installation of Wire shark, tcp dump and observe data
transferred in client- server communication

AIM:
To installation of Wire shark, tcpdump and observe data transferred in client-server
communication using UDP/TCP and identify the UDP/TCP datagram.

INTRODUCTION:
The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free opensource network
protocol analyzer. It is used for network troubleshooting and communication protocol analysis. Wireshark
captures network packets in real time and display them in human-readable format. It provides many
advanced features including live capture and offline analysis, three- pane packet browser, coloring rules
for analysis. This document uses Wireshark for the experiments, and it covers Wireshark installation,
packet capturing, and protocol analysis.

Figure 1: Wireshark in Kali Linux

45
BACKGROUND:

TCP/IP Network Stack:

Figure 2: Encapsulation of Data in the TCP/IP Network Stack

In the CSC 4190 Introduction to Computer Networking (one of the perquisite courses), TCP/IP
network stack is introduced and studied. This background section briefly explains the concept of
TCP/IP network stack to help you better understand the experiments. TCP/IP is the most
commonly used network model for Internet services. Because its most important protocols, the
Transmission Control Protocol (TCP) and the Internet Protocol (IP) were the first networking
protocols defined in this standard, it is named as TCP/IP. However, it contains multiple layers
including application layer, transport layer, network layer, and data link layer. - Application
Layer: The application layer includes the protocols used by most applications for providing user
services. Examples of application layer protocols are Hypertext Transfer Protocol (HTTP),
Secure Shell (SSH), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).

46
  Transport Layer: The transport layer establishes process-to-process connectivity, and it
provides end-to-end services that are independent of underlying user data. To implement
the process-to-process communication, the protocol introduces a concept of port. The
examples of transport layer protocols are Transport Control Protocol (TCP) and User
Datagram Protocol (UDP). The TCP provides flow- control, connection establishment,
and reliable transmission of data, while the UDP is a connectionless transmission model.
 Internet Layer: The Internet layer is responsible for sending packets to across networks.
It has two functions: 1) Host identification by using IP addressing system (IPv4 and
IPv6); and 2) packets routing from source to destination. The examples of Internet layer
protocols are Internet Protocol (IP), Internet Control Message Protocol (ICMP), and
Address Resolution Protocol (ARP). - Link Layer: The link layer defines the networking
methods within the scope of the local network link. It is used to move the packets
between two hosts on the same link. An common example of link layer protocols is
Ethernet.

Packet Sniffer

Packet sniffer is a basic tool for observing network packet exchanges in a computer. As the name
suggests, a packet sniffer captures (“sniffs”) packets being sent/received from/by your computer;
it will also typically store and/or display the contents of the various protocol fields in these
captured packets. A packet sniffer itself is passive. It observes messages being sent and received
by applications and protocols running on your computer, but never sends packets itself. Figure 3
shows the structure of a packet sniffer. At the right of Figure 3 are the protocols (in this case,
Internet protocols) and applications (such as a web browser or ftp client) that normally run on
your computer. The packet sniffer, shown within the dashed rectangle in Figure 3 is an addition
to the usual software in your computer, and consists of two parts. The packet capture library
receives a copy of every link-layer frame that is sent from or received by your computer.
Messages exchanged by higher layer protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all
are eventually encapsulated in link-layer frames that are transmitted over physical media such as
an Ethernet cable. In Figure 1, the assumed physical media is an Ethernet, and so all upper-layer
protocols are eventually encapsulated within an Ethernet frame. Capturing all link-layer frames
thus gives you access to all messages sent/received from/by all protocols and applications
lOMoARcPSD|35465940 20 executing in your computer. The second component of a packet
sniffer is the packet analyzer, which displays the contents of all fields within a protocol message.

47
In order to do so, the packet analyzer must “understand” the structure of all messages exchanged
by protocols. For example, suppose we are interested in displaying the various fields in messages
exchanged by the HTTP protocol in Figure 3. The packet analyzer understands the format of
Ethernet frames, and so can identify the IP datagram within an Ethernet frame. It also
understands the IP datagram format, so that it can extract the TCP segment within the IP
datagram. Finally, it understands the TCP segment structure, so it can extract the HTTP message
contained in the TCP segment. Finally, it understands the HTTP protocol and so, for example,
knows that the first bytes of an HTTP message will contain the string “GET,” “POST,” or
“HEAD”. We will be using the Wireshark packet sniffer [[Link] for these
labs, allowing us to display the contents of messages being sent/received from/by protocols at
different levels of the protocol stack. (Technically speaking, Wireshark is a packet analyzer that
uses a packet capture library in your computer). Wireshark is a free network protocol analyzer
that runs on Windows, Linux/Unix, and Mac computers. Getting Wireshark The Kai Linux has
Wireshark installed. You can just launch the Kali Linux VM and open Wireshark
[Link] can also be downloaded from here:

[Link]

48
 Figure 4:Download Page of Wireshark

Starting Wireshark:

When you run the Wireshark program, the Wireshark graphic user interface will be shown as
[Link], the program is not capturing the packets.

Figure 5:Initial Graphic User Interface of Wireshark

Then, you need to choose an interface. If you are running the Wireshark on your laptop, you
need to select WiFi interface. If you are at a desktop, you need to select the Ethernet interface
being used. Note that there could be multiple interfaces. In general, you can select any interface
but that does not mean that traffic will flow through that interface. The network interfaces (i.e.,

49
the physical connections) that your computer has to the network are shown. The attached Figure
6 was taken from my computer.

After you select the interface, you can click start to capture the packets as shown in Figure 7.

Figure 6:Capture Interfaces in Wireshark

Figure 7:Capturing Packets in Wireshark

50
 Figure 8:Wireshark Graphical User Interface on Microsoft Windows

The Wireshark interface has five major components:

The command menus are standard pulldown menus located at the top of the window. Of interest
to us now is the File and Capture menus. The File menu allows you to save captured packet data
or open a file containing previously captured packet data, and exit the Wireshark application.
The Capture menu allows you to begin packet capture.

The packet-listing window displays a one-line summary for each packet captured, including the
packet number (assigned by Wireshark; this is not a packet number contained in any protocol’s
header), the time at which the packet was captured, the packet’s source and destination
addresses, the protocol type, and protocol-specific information contained in the packet. The
packet listing can be sorted according to any of these categories by clicking on a column name.
The protocol type field lists the highest- level protocol that sent or received this packet, i.e., the
protocol that is the source or ultimate sink for this packet.

The packet-header details window provides details about the packet selected (highlighted) in
the packet-listing window. (To select a packet in the packet-listing window, place the cursor over
the packet’s one- line summary in the packet-listing window and click with the left mouse
button.). These details include information about the Ethernet frame and IP datagram that
lOMoARcPSD|35465940 24 contains this packet.

51
The amount of Ethernet and IP-layer detail displayed can be expanded or minimized by clicking
on the right- pointing or down- pointing arrowhead to the left of the Ethernet frame or IP
datagram line in the packet details window.

If the packet has been carried over TCP or UDP, TCP or UDP details will also be displayed,
which can similarly be expanded or minimized. Finally, details about the highest-level protocol
that sent or received this packet are also provided.

The packet-contents window displays the entire contents of the captured frame, in both ASCII
and hexadecimal format. Towards the top of the Wireshark graphical user interface, is the packet
display filter field, into which a protocol name or other information can be entered in order to
filter the information displayed in the packet-listing window (and hence the packet-header and
packetcontents windows). In the example below, we’ll use the packet-display filter field to have
Wireshark hide (not display) packets except those that correspond to HTTP messages.

Capturing Packets

After downloading and installing Wireshark, you can launch it and click the name of an interface
under Interface List to start capturing packets on that interface. For example, if you want to
capture traffic on the wireless network, click your wireless interface.

Test Run

Do the following steps:

1. Start up the Wireshark program (select an interface and press start to capture packets).

2. Start up your favorite browser (ceweasel in Kali Linux).

3. In your browser, go to Wayne State homepage by typing [Link].

4. After your browser has displayed the [Link] page, stop Wireshark packet
capture by selecting stop in the Wireshark capture window. This will cause the Wireshark
capture window to disappear and the main Wireshark window to display all packets captured
since you began packet capture see image below:

52
5. Color Coding: You’ll probably see packets highlighted in green, blue, and black. Wireshark
uses colors to help you identify the types of traffic at a glance. By default, green is TCP traffic,
dark blue is DNS traffic, light blue is UDP traffic, and black identifies TCP packets with
problems — for example, they could have been delivered out-of-order.

6. You now have live packet data that contains all protocol messages exchanged between your
computer and other network entities! However, as you will notice the HTTP messages are not
clearly shown because there are many other packets included in the packet capture. Even though
the only action you took was to open your browser, there are many other programs in your
computer that communicate via the network in the background. To filter the connections to the
ones we want to focus on, we have to use the filtering functionality of Wireshark by typing
“http” in the filtering field as shown below: Notice that we now view only the packets that are of
protocol HTTP. However, we also still do not have the exact communication we want to focus
on because using HTTP as a filter is not descriptive enough to allow us to find our connection to
[Link] We need to be more precise if we want to capture the correct set of
packets. 7. To further filter packets in Wireshark, we need to use a more precise filter. By setting
the [Link] [Link], we are restricting the view to packets that have as an http host the
[Link] website. Notice that we need two equal signs to perform the match not just one.
See the screenshot below:

Notice that we now view only the packets that are of protocol HTTP. However, we also still do
not have the exact communication we want to focus on because using HTTP as a filter is not
descriptive enough to allow us to find our connection to [Link] We need to be
more precise if we want to capture the correct set of packets.

53
7. To further filter packets in Wireshark, we need to use a more precise filter. By setting the
[Link] [Link], we are restricting the view to packets that have as an http host the
[Link] website. Notice that we need two equal signs to perform the match not just one.
See the screenshot below:

8. Now, we can try another protocol. Let’s use Domain Name System (DNS) protocol as an
example here.

54
9. Let’s try now to find out what are those packets contain by following of the conversations
(also called network flows), select one of the packets and press the right mouse button (if you are
on Mac use the command button and click), you should see something similar to the screen
below:

Click on Follow UDP Stream and u will see the following screen.

55
10. If we close this window and change the filter back to “[Link] [Link]” and then
follow a packet from the list of packets that match that filter, we should get the something
similar to the following screens. Note that we click on Follow TCP Stream this time.

RESULT:

Installation of Wire shark, tcpdump and observe data transferred in client-server communication
using UDP/TCP and identify the UDP/TCP datagram.

56
 [Link]:
Date: Check message integrity and confidentiality using SSL

AIM:
SSL Session in Details.

PROCEDURE:
Installing & Configuring HTTP with SSL (HTTPS)

Public Key Cryptography (Asymmetric Cryptography)

In public key cryptography, a matching pair of keys is used; one for encryption and the other for
decryption. One of the key is called the public key (can be published or sent over the network and known
to all users). The other is called the private key (kept secretly by the owner).

In some public-key algorithms, such as RSA, both keys can be used for encryption. In other algorithms,
one key is for encryption only and the other for decryption.

Handshaking - Key Exchange

Once the ciphersuit to be used are negotiated and agree-upon, the client andserver will establish a session
key:

1. The client uses server's public key to encrypt a secret and sends to the server.

2. Only the server has the matching private key to decrypt the secret (not the Eavesdroppers).

3. The client and server then use this secret to generate a session key independently and simultaneously.

This session key would then be used for secure communication for this particular communication
session

1. The client generates a 48-byte (384-bit) random number called pre_master_secret, encrypts it using the
verified server's public key and sends it to the server.

2. Server decrypts the pre_master_secret using its own private key. Eavesdroppers cannot decrypt the
pre_master_secret, as they do not possess the server's private key.

3. Client and server then independently and simultaneously create the session key, based on the
pre_master_secret, client_random and server_random. Notice that both the server and client
contribute to the session key, throughthe inclusion of the random number exchange in the hello
messages. Eavesdroppers can intercept client_random

4. Server_random as they are sent in plaintext, but cannot decrypt the pre_master_secret.
57
5. In a SSL/TLS session, the session key consists of 6 secret keys (to thwart crypto-analysis). 3
secret keys are used for client-to-server messages, and the other 3 secret keys are used for server-
to-client messages. Among the 3 secret keys, one is used for encryption (e.g., DES secret key),
one is used for message integrity (e.g., HMAC) and one is used for cipher initialization. (Cipher
initialization uses a random plaintext called Initial Vector (IV) to prime the cipher pump.)

6. Client and server use the pre_master_secret (48-byte random number created by the client and
exchange securely), client_random, server_random, and a pseudo-random function (PRF) to
generate a master_secret. They can use the master_secret, client_random, server_random, and
the pseudo-random function (PRF) to generate all the 6 shared secret keys. Once the secret keys
are generated, the pre_master_secret is no longer needed and should be deleted.

7. From this point onwards, all the exchanges are encrypted using the sessionkey.

8. The client sends Finished handshake message using their newly created session key. Server
responds with a Finished handshake message.

Message Exchange

Client and server can use the agreed-upon session key (consists of 6 secret keys)for secure
exchange of messages. Sending messages:

1. The sender compresses the message using the agreed-upon compression method (e.g., PKZip,
gzip). 2. The sender hashes the compressed data and the secret HMAC key to make an HMAC,
to assure message integrity.

3. The sender encrypts the compressed data and HMAC using encryption/decryption secret key,
to assure message confidentiality.

Retrieve messages:

1. The receiver decrypts the ciphertext using the encryption/decryption secret key to retrieve the
compressed data and HMAC.

2. The receiver hashes the compressed data to independently produce the HMAC. It then verifies
the generated HMAC with the HMAC containedin the message to assure message integrity.

3. The receiver un-compresses the data using the agreed-upon compression method to recover
the plaintext.

OUTPUT :

58
> openssl s_client ?

(Display the available options)

The following command turns on the debug option and forces the protocol to beTLSv1: >
openssl s_client -connect localhost:443 -CAfile [Link] -debug -tls1

Loading 'screen' into random state - done CONNECTED(00000760)

write to 00988EB0 [009952C8] (102 bytes => 102 (0x66))

0000 - 16 03 01 00 61 01 00 00-5d 03 01 40 44 35 27 5c ....a...]..@D5'\

0010 - 5a e8 74 26 e9 49 37 e2-06 3b 1c 6d 77 37 d1 ae Z.t&.I7 ..;.mw7..

0020 - 44 07 86 47 98 fa 84 1a-8d f4 72 00 00 36 00 39 D..G. ...... r..6.9

0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f .8.5. ......3.2./

0040 - 00 07 00 66 00 05 00 04-00 63 00 62 00 61 00 15 . ..f.....c.b.a..

0050 - 00 12 00 09 00 65 00 64-00 60 00 14 00 11 00 08 .....e.d.`......

0060 - 00 06 00 03 01 ..... 0066 –

read from 00988EB0 [00990AB8] (5 bytes => 5 (0x5))0000 - 16 03 01 00

2a ..................................................................*

read from 00988EB0 [00990ABD] (42 bytes => 42 (0x2A))

0000 - 02 00 00 26 03 01 40 44-35 27 cc ef 2b 51 e1 b0 ...&..@D5'..+Q..

0010 - 44 1f ef c4 83 72 df 37-4f 9b 2b dd 11 50 13 87 D. ...r.7O.+..P..

0020 - 91 0a a2 d2 28 b9 00 00-16 ....(....

002a - read from 00988EB0 [00990AB8] (5 bytes => 5 (0x5))0000 - 16

02 05 ....

read from 00988EB0 [00990ABD] (517 bytes => 517 (0x205)) 0000 - 0b 00 02

01 00 01 fe 00-01 fb 30 82 01 f7 30 82 ..........0...0.

0010 - 01 60 02 01 01 30 0d 06-09 2a 86 48 86 f7 0d 01 .`...0...*.H....

0020 - 01 04 05 00 30 4d 31 0b-30 09 06 03 55 04 06 13 ....0M1.0...U...
0030 - 02 55 53 31 10 30 0e 06-03 55 04 0b 13 07 74 65 .US1.0...U. .....te
0040 - 73 74 31 30 31 31 0c 30-0a 06 03 55 04 03 13 03 st1011.0...U....
0050 - 63 68 63 31 1e 30 1c 06-09 2a 86 48 86 f7 0d 01 chc1.0...*.H....
0060 - 09 01 16 0f 63 68 63 40-74 65 73 74 31 30 31 2e ........................ chc@test101.

59
 0070 - 63 6f 6d 30 1e 17 0d 30-34 30 32 32 36 30 36 35
com0....040226065 0080 - 36 35 34 5a 17 0d 30 35-30 32 32 35 30 36 35 36 654Z
0502250656 0090 - 35 34 5a 30 3b 31 0b 30-09 06 03 55 04 06 13 02
54Z0;1.0...U.... 00a0 - 55 53 31 0c 30 0a 06 03-55 04 03 13 03 63 68 63
US1.0...U...... chc 00b0 - 31 1e 30 1c 06 09 2a 86-48 86 f7 0d 01 09 01 16
1.0...*.H....... 00c0 - 0f 63 68 63 40 74 65 73-74 31 30 31 2e 63 6f 6d
.chc@[Link] 00d0 - 30 81 9f 30 0d 06 09 2a-86 48 86 f7 0d 01 01 01
0..0...*.H...... 00e0 - 05 00 03 81 8d 00 30 81-89 02 81 81 00 cd e4 9
e ......0......... 00f0 - 7c b6 d2 34 4e d3 53 46-25 c7 53 88 25 60 e6
46

0100 - db 64 3a 73 61 92 ac 23-92 cd 2c 94 a9 8f c6 7f .d:sa..#..,.....

0110 - 47 73 c0 d9 8d 34 b7 2c-dd c9 86 bd 82 6f ce ac Gs...4.,.....o..
0120 - d8 e2 ba 0f e5 f5 3a 67-2c 89 1a 1b 03 eb 21 85 ......:g,...... !.
0130 - 28 e3 29 98 84 ed 46 75-82 fa 0f 30 a3 a9 a5 71 (.)...Fu...0. ....q
0140 - 46 4c d6 0d 17 c4 19 fd-44 fb e2 18 46 a6 9d ab FL......D...F...
0150 - 91 de 6b a1 7f fe 30 06-28 5d d8 d3 29 00 c3 1d ..k...0.(]..)...
0160 - 4c 13 00 61 8f f3 85 51-f5 68 d8 69 25 02 03 01 L..a...Q.h.i%...
0170 - 00 01 30 0d 06 09 2a 86-48 86 f7 0d 01 01 04 05 ..0...*.H.......
0180 - 00 03 81 81 00 29 fd bf-5a ed 70 8f 53 a4 e9 14 .....)..Z.p.S...
0190 - 4c 5e ba 84 c6 54 1b f2-c0 3c c4 30 0f 7f 12 80 L^...T...

01a0 - 4e 01 b7 fd 39 50 f1 41-0d d8 aa 77 d9 87 25 1a N...9P.A...w..%.

01b0 - 1e e2 97 88 4f 53 75 c8-70 22 6a 01 61 0f 51 3e.................. ...... OSu.p"j.a.Q>
01c0 - 13 19 9c 64 f2 76 14 e8-85 25 23 a2 11 c4 8c f8 ...d.v...%
01d0 - 23 2c d1 c3 d3 71 3a e6-71 54 10 07 dc 72 ff ee #,...q:.qT...r..
01e0 - e8 3e cf 8e 77 73 e9 9f-f5 9a 90 60 4d a0 aa 03 .>..ws.....`M...
01f0 - 32 1f 11 6f 2e 9a 5f 3c-77 05 22 0c 81 bf 29 96 2.. o.._ 5 (0x5))
0000 - 16 03 01 01 8d .....

read from 00988EB0 [00990ABD] (397 bytes => 397 (0x18D)) 0000 - 0c 00 01
89 00 80 e6 96-9d 3d 49 5b e3 2c 7c f1 .......................................................=I[.,|.
0010 - 80 c3 bd d4 79 8e 91 b7-81 82 51 bb 05 5e 2a 20 ....y.....Q..^*
0020 - 64 90 4a 79 a7 70 fa 15-a2 59 cb d5 23 a6 a6 ef [Link].p...Y..#...
0030 - 09 c4 30 48 d5 a2 2f 97-1f 3c 20 12 9b 48 00 0e ..0H../..< ..H..
0040 - 6e dd 06 1c bc 05 3e 37-1d 79 4e 53 27 df 61 1e n..... >[Link]'.a

read from 00988EB0 [00990AB8] (5 bytes => 5 (0x5))

Server certificate

60
-----BEGIN CERTIFICATE-----
MIIB9zCCAWACAQEwDQYJKoZIhvcNAQEEBQAwTTELMAkGA1UEBh
MCVVMxEDAOBgNV
BAsTB3Rlc3QxMDExDDAKBgNVBAMTA2NoYzEeMBwGCSqGSIb3DQEJ
ARYPY2hjQHRl
c3QxMDEuY29tMB4XDTA0MDIyNjA2NTY1NFoXDTA1MDIyNTA2NTY1
NFowOzELMAkG
A1UEBhMCVVMxDDAKBgNVBAMTA2NoYzEeMBwGCSqGSIb3DQEJA
RYPY2hjQHRlc3Qx
MDEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN5J58 ttI0TtNTRiXH
U4glYOZG22Q6c2GSrCOSzSyUqY/Gf0dzwNmNNLcs3cmGvYJvzqzY4roP5f U6ZyyJ
GhsD6yGFKOMpmITtRnWC+g8wo6mlcUZM1g0XxBn9RPviGEamnauR3mu hf/4wBihd
2NMpAMMdTBMAYY/zhVH1aNhpJQIDAQABMA0GCSqGSIb3DQEBBA
UAA4GBACn9v1rt
cI9TpOkUTF66hMZUG/LAPMQwD38SgE4Bt/05UPFBDdiqd9mHJRoe4peIT1N1yHAi
agFhD1E+ExmcZPJ2FOiFJSOiEcSM+CMs0cPTcTrmcVQQB9xy/+7oPs+Od3Ppn/Wa
kGBNoKoDMh8Rby6aXzx3BSIMgb8plq3LOxiu
-----END CERTIFICATE-----
subject=/C=US/CN=chc/emailAddress=chc@[Link]
issuer=/C=US/OU=test101/CN=chc/emailAddress=chc@[Link] ---

HTTP/1.1 200 OK Date: Tue, 02 Mar 2004 [Link] GMT Server: Apache/1.3.29 (Win32)
mod_ssl/2.8.16 OpenSSL/0.9.7cLast-Modified: Sat, 07 Feb 2004 [Link] GMT ETag: "0-23-
4024c3a5" Accept-Ranges: bytes ContentLength: 35 Connection: close Content-Type: text/html

Home page on main server

read from 00988EB0 [00990AB8] (5 bytes => 5 (0x5))

Result:
Thus the confidentiality and Integrity using SSL was verified.

[Link]:
Date: Experiment Eavesdropping, Dictionaryattacks, MITM

61
 Attack

AIM:
To implement Eavesdropping,Dictionary attacks,MITM attcks using python code.

PROGRAM:
# Dictionary attacks

import hashlib

common_passwords = ["password", "password123", "letmein", "qwerty", "123456", "abc123",

"admin", "welcome", "monkey", "sunshine"]

password_variations = ["", "123", "1234", "12345", "123456", "!", "@", "#", "$", "%", "^", "&",
"*", "(", ")", "-", "_", "+", "=", "/", "\\", "|", "[", "]", "{", "}", "<", ">"]

hashed_password = hashlib.sha256(b"mypass12#@").hexdigest()

for password in common_passwords:

for variation in password_variations:

possible_password = password + variation

hashed_possible_password = hashlib.sha256(possible_password.encode()).hexdigest()

if hashed_possible_password == hashed_password:

print(f"Password found: {possible_password}")

break

else:

continue

break

else:

print("Password not found")

OUTPUT:
Password not found

62
#MITM Attack

import random

# public keys are taken

# p is a prime number

# g is a primitive root of p

p = int(input('Enter a prime number : '))

g = int(input('Enter a number : '))

class A:

def __init__(self):

# Generating a random private number selected by alice

self.n = [Link](1, p)

def publish(self):

# generating public values

return (g**self.n)%p

def compute_secret(self, gb):

# computing secret key

return (gb**self.n)%p

class B:

def __init__(self):

63
# Generating a random private number selected for alice

self.a = [Link](1, p)

# Generating a random private number selected for bob

self.b = [Link](1, p)

[Link] = [self.a,self.b]

def publish(self, i):

# generating public values

return (g**[Link][i])%p

def compute_secret(self, ga, i):

# computing secret key

return (ga**[Link][i])%p

alice = A()

bob = A()

eve = B()

# Printing out the private selected number by Alice and Bob

print(f'Alice selected (a) : {alice.n}')

print(f'Bob selected (b) : {bob.n}')

print(f'Eve selected private number for Alice (c) : {eve.a}')

print(f'Eve selected private number for Bob (d) : {eve.b}')

# Generating public values

ga = [Link]()

64
gb = [Link]()

gea = [Link](0)

geb = [Link](1)

print(f'Alice published (ga): {ga}')

print(f'Bob published (gb): {gb}')

print(f'Eve published value for Alice (gc): {gea}')

print(f'Eve published value for Bob (gd): {geb}')

# Computing the secret key

sa = alice.compute_secret(gea)

sea = eve.compute_secret(ga,0)

sb = bob.compute_secret(geb)

seb = eve.compute_secret(gb,1)

print(f'Alice computed (S1) : {sa}')

print(f'Eve computed key for Alice (S1) : {sea}')

print(f'Bob computed (S2) : {sb}')

print(f'Eve computed key for Bob (S2) : {seb}')

OUTPUT:

Enter a prime number : 227

65
Enter a number : 14
Alice selected (a) : 23
Bob selected (b) : 105
Eve selected private number for Alice (c) : 196
Eve selected private number for Bob (d) : 168
Alice published (ga): 201
Bob published (gb): 8
Eve published value for Alice (gc): 144
Eve published value for Bob (gd): 48
Alice computed (S1) : 214
Eve computed key for Alice (S1) : 214
Bob computed (S2) : 192
Eve computed key for Bob (S2) : 192

RESULT:
Hence, implementation Eavesdropping,Dictionary attacks,MITM attcks using python code has
been executed successfully.

[Link]:
Date: Perform an Experiment to Sniff Traffic using
ARP Poisoning

66
AIM :
To experiment eavesdropping, Dictionary attacks, MIMT attacks.

PROCEDURE :
Step 1 − Install the VMware workstation and install the Kali Linux operating system.

Step 2 − Login into the Kali Linux using username pass “root, toor”.

Step 3 − Make sure you are connected to local LAN and check the IP address by typing the command
ifconfig in the terminal.

Step 4 − Open up the terminal and type “Ettercap –G” to start the graphical version of Ettercap.

Step 5 − Now click the tab “sniff” in the menu bar and select “unified sniffing” and click OK to
select the interface. We are going to use “eth0” which means Ethernet connection.

67
Step 6 − Now click the “hosts” tab in the menu bar and click “scan for hosts”. Itwill start
scanning the whole network for the alive hosts.

Step 7 − Next, click the “hosts” tab and select “hosts list” to see the number of hosts available
in the network. This list also includes the default gateway address. We have to be careful when
we select the targets.

Step 8 − Now we have to choose the targets. In MITM, our target is the host machine, and the
route will be the router address to forward the traffic. In an MITM attack, the attacker intercepts
the network and sniffs the packets. So, we will add the victim as “target 1” and the router address
as “target 2.”

In VMware environment, the default gateway will always end with “2” because “1” is assigned
to the physical machine.

Step 9 − In this scenario, our target is “[Link]” and the router is “[Link]”. So
we will add target 1 as victim IP and target 2 as router IP.

68
Step 10 − Now click on “MITM” and click “ARP poisoning”. Thereafter, checkthe option “Sniff
remote connections” and click OK

Step 11 − Click “start” and select “start sniffing”. This will start ARP poisoningin the network
which means we have enabled our network card in “promiscuousmode” and now the local traffic
can be sniffed.

Note − We have allowed only HTTP sniffing with Ettercap, so don’t expect HTTPS packets to
be sniffed with this process.

Step 12 − Now it’s time to see the results; if our victim logged into some websites. You can see
the results in the toolbar of Etterc.

RESULT :
Thus the experiment for Eavesdropping, Dictionary attacks, MITM attacks was done
successfully.

[Link]:
69
 Date: Demonstration of Intrusion Detection System(IDS)

AIM:
To demonstrate Intrusion Detection System (IDS) using Snort software tool.

STEPS ON CONFIGURING AND INTRUSION DETECTION:

1. Download Snort from the [Link] website. ([Link]

2. Download Rules([Link] You must register to get the rules. (You should
download these often)

3. Double click on the .exe to install snort. This will install snort in the “C:\Snort” [Link] is important to
have WinPcap ([Link] installed

4. Extract the Rules file. You will need WinRAR for the .gz file.

5. Copy all files from the “rules” folder of the extracted folder. Now paste the rules into “C:\Snort\rules”
folder.

6. Copy “[Link]” file from the “etc” folder of the extracted folder. You must paste it into “C:\ Snort\
etc” folder. Overwrite any existing file. Remember if you modify your [Link] file and download a
new file, you must modify it for Snort to work.

7. Open a command prompt ([Link]) and navigate to folder “C:\Snort\bin” folder. ( at the Prompt, type
cd\snort\bin)

8. To start (execute) snort in sniffer mode use following command:

snort -dev -i 3

-i indicates the interface number. You must pick the correct interface number. In my case, it is 3. -dev is
used to run snort to capture packets on your network.

To check the interface list, use following command: snort –W

70
Finding an interface

You can tell which interface to use by looking at the Index number and finding Microsoft. As you can
see in the above example, the other interfaces are for VMWare. To run snort in IDS mode, you will need
to configure the file “[Link]” according to your network environment.

To specify the network address that you want to protect in [Link] file, look for the following line. var
HOME_NET [Link]/24 (You will normally see any here)

You may also want to set the addresses of DNS_SERVERS, if you have some on your network.

Example:

example snort

Change the RULE_PATH variable to the path of rules

folder. var RULE_PATH c:\snort\rules

path to rules

Change the path of all library files with the name and path on your system. and you must change the path
of snort_dynamicpreprocessorvariable. C:\Snort\lib\snort_dynamiccpreprocessor You need to do this to
all library files in the “C:\Snort\lib” folder. The old path might be: “/usr/local/lib/…”. you will need to
replace that path with your system path. Using C:\Snort\lib Change the path of the “dynamicengine”
variable value in the “[Link]” file.

71
Example:

dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll

Add the paths for “include [Link]” and “include [Link]” files. include c:\snort\etc\
[Link] include c:\snort\etc\[Link]

Remove the comment (#) on the line to allow ICMP rules, if it is commented with a #.

include $RULE_PATH/[Link]

You can also remove the comment of ICMP-info rules comment,

if it is commented. include $RULE_PATH/[Link]

To add log files to store alerts generated by snort, search for the “output log” test in [Link] and add
the following line: output alert_fast: [Link]

Comment (add a #) the whitelist $WHITE_LIST_PATH/white_list.rules and the blacklist

Change the nested_ip inner , \ to nested_ip inner

#, \ Comment out (#) following lines

: #preprocessor normalize_ip4

#preprocessor normalize_tcp: ips ecn stream

#preprocessor normalize_ic mp4

#preprocessor normalize_ip6

#preprocessor normalize_icmp6

Save the “[Link]” file. To start snort in IDS mode, run the following command: snort -c c:\snort\etc\
[Link] -l c:\snort\log - i 3

(Note: 3 is used for my interface card) If a log is created, select the appropriate program to open it. You
can use WordPard or NotePad++ to read the file.

To generate Log files in ASCII mode, you can use following command while running snort in IDS mode:
snort -A console -i3 -c c:\Snort\etc\[Link] -l c:\Snort\log -K ascii

Scan the computer that is running snort from another computer by using PING or NMap (ZenMap). After
scanning or during the scan you can check the [Link] file in the log folder to insure it is logging
properly. You will see IP address folders appear.

Snort monitoring traffic –

72
RESULT:

Thus the Intrusion Detection System(IDS) has been demonstrated by using the Open Source
Snort Intrusion Detection Tool.

73
 [Link]:
Date: Network Monitoring Tools

AIM :
To explore about Network monitoring tools

Network monitoring is an essential part of network management. It involves using various tools
to monitor a system network and determine slowness and weak connections, among other issues.
Knowing more about these tools can help you understand them better and use the right ones that
suit your requirements. In this article, we define what network monitoring tools are, provide
details about various tools and discuss about some tips that can help you choose the right tool for
your requirements.

What Are Network Monitoring Tools?

Network monitoring tools are software that you can use to evaluate network connections. These
software programs can help you monitor a network connection and identify network issues,
which may include failing network components, slow connection speed, network outage or
unidentifiable connections. Network management and monitoring tools can also help you resolve
these issues or establish solutions that prevent specific issues from occurring in the future.

Network Monitoring Tools

Here are eight monitoring tools along with their descriptions and features:

1. SolarWinds Network Performance Monitor

SolarWinds Network Performance Monitor is a multi-vendor monitoring tool. It allows users

to monitor multiple vendors' networks at the same time. It also provides network insights for
thorough visibility into the health of the networks. Some prominent features include network
availability monitoring, intelligent network mapping, critical path visualisation, performance
analysis and advanced alerting. SolarWinds also allows users to track VPN tunnel status. It
prompts when a tunnel is available to help users ensure a stable connection between sites.
SolarWinds provides a sevenday free trial, after which users can choose a preferred
subscription plan.

74
2. Auvik

Auvik is a network monitoring and management tool. It offers a quick implementation

process that helps users to set up the tool easily. It also has a clean user interface that makes
it easy to navigate and use. The tool provides in-depth network visibility that enables faster
troubleshooting for network issues. Users can automate network visibility using Auvik. It
provides real-time updates on network issues and configuration changes.

3. Datadog Network Monitoring

Datadog Network Monitoring offers services for on-premises devices and cloud networks. A
highlighting feature of this tool is the visualisations. It offers various graphical
representations of all the network connections on a system. It also allows users to track key
metrics like network latency, connection churn and transmission control protocol (TCP)
retransmits. Users can monitor the health of a network connection at different endpoints at
the application, IP address, port or process ID layers. Other prominent features include
automated log collection and user interface monitoring.

4. Paessler PRTG Network Monitor

Paessler's network connection monitoring tool provides a clean user interface and network
visibility on multiple devices. Users can track the health of different connection types like
local area networks (LAN), wide area network (WAN), servers, websites, applications and
services. The tools also integrate with various technologies, which makes it easier to use it
for different types of applications. It provides distribute monitoring, allowing users to track
network connections on devices in different locations. The tool also provides apps for
mobile platforms that can help users to track network health on mobile phones.

5. ManageEngine OpManager

ManageEngine OpManager is a good network monitoring and managing tool for users that
prefer indepth view of network health and issues. This tool provides over 2000 network
performance monitors that allow users to track and monitor their connections and perform
detailed analyses on issues. It also lOMoARcPSD|35465940 51 provides over 200 dashboard
widgets that can help users customise their dashboard to their own suitability. Other features
include CPU, memory and disk utilisation monitoring on local and virtual machines. It also
allows setting network performance threshold and notifies the user in case of a violation.

75
6. Domotz

Domotz is an expansive tool that provides a list of features for monitoring network
connections. It allows users to customise their network monitoring preferences. Users can
write scripts the retrieve the data they wish to evaluate. It also allows connection to open
ports on remote devices while ensuring network security. Users can also scan and monitor
network connections globally. Domotz also allows to backup and restore network
configuration for switches, firewalls and access points and alerts when there is a change in
the configuration.

7. Checkmk

Checkmk is a tool that allows users to automate it completely. You can customise its
operations and enable it to perform tasks automatically. It also identifies network and
security components without the user requiring manual set up. For example, the tool can
identify a firewall even if the user has not set it up. Its Agent Bakery feature enables users to
manage agents and automate agent updating. This reduces manual effort to monitor network
connections. The tool also includes over 2000 plug-ins for enhancing network monitoring.

8. Progress Whatsup Gold

Progress Whatsup Gold is a basic network monitoring software. It provides a minimal user
interface with essential features like device monitoring, application monitoring, analysing
network traffic and managing configurations. The tool allows users to monitor cloud
devices, inspect suspicious connections, automate configuration backups and identify, and
resolve bandwidth issues.

Other Tools For Network Monitoring

Here are three additional tools for network monitoring:

• Fortra Intermapper: This tool enables usersto monitor network connections using network
maps, allowing them to get a holistic view of all the connections. It also provides various colour
codes for different network status, along with real-time notifications through text, email and
sound.

• Nagios Core: Nagios Core is a monitoring engine that works as the primary application for all
Nagios projects, including the Nagios Network Analyser. It integrates with other Nagios
applications and provides users with features like a visual dashboard, custom application
monitoring, automated alert system, advanced user management and network security
monitoring.

76
 • Zabbix: Zabbix provides a thorough network monitoring solution with features like server
monitoring, cloud monitoring, application monitoring and service monitoring. The tool also
includes features like metric collection, business monitoring and root cause analyses of network
issues, and allows users to establish a threshold for connection anomalies.

Tips To Choose A Network Monitoring And Management Tool

Here are some useful tips that you can consider while selecting a tool for network monitoring:

Understand the requirements

Understanding why you require network monitoring software is important in the process. Define
what feature you want and for what purpose. This can help you identify the right tool for your
use. It may also help you choose the correct subscription plan on paid tools.

Browse multiple tools

Once you identify the requirements, consider browsing multiple tools. Visit the websites of the
tools and look for the features you require. Spend time studying the features and understand how
they can be useful to your requirements. You can also identify a few tools and compare their
features to each other.

Consider the budget

Some tools may be free to use, while some may require you to purchase a subscription plan. Paid
tools typically offer a free trial period of up to 30 days. Once you identify which tool you may
like to use see if it is free or requires payment. If it is a paid tool, try exploring its features and
efficiency during the trial period. Consider keeping a backup tool in case the tool that you choose
does not fit your usage.

RESULT:
Thus the network monitoring tools was explored.

77
 [Link]:
Date: Study to configure Firewall, VPN

AIM:

To study the features of firewall in providing network security and to set Firewall Security in
windows.

Firewall in Windows 7

Windows 7 comes with two firewalls that work together. One is the Windows Firewall, and the
other is Windows Firewall with Advanced Security (WFAS). The main difference between them
is the complexity ofthe rules configuration. Windows Firewall uses simple rules that
directlyrelate to a program or a service. The rules in WFAS can be configured based on
protocols, ports, addresses and authentication. By default, both firewalls come with predefined
set of rules that allow us to utilize network resources. This includes things like browsing the
web, receiving e-mails, etc. Other standard firewall exceptions are File and Printer Sharing,
Network Discovery, Performance Logs and Alerts, Remote Administration, Windows Remote
Management, Remote Assistance, Remote Desktop, Windows Media Player, Windows Media
Player Network Sharing Service With firewall in Windows 7 we can configure inbound and
outbound rules.

By default, all outbound traffic is allowed, and inbound responses to that traffic are also allowed.
Inbound traffic initiated from external sources is automatically blocked. When we first connect
to some network, we are prompted to select a network location. This feature is known as
Network Location Awareness(NLA).

This feature enables us to assign a network profile to the connection based on the location.
Different network profiles contain different collections of firewall rules. In Windows 7, different
network profiles can be configured on different interfaces. For example, our wired interface can
have different profile than our wireless interface.

There are three different network profiles available:

• Public

• Home/Work - private network

• Domain - used within a domain

Configuring Windows Firewall

78
To open Windows Firewall we can go to Start > Control Panel > Windows.

Firewall.

By default, Windows Firewall is enabled for both private (home or work)and public networks. It
is also configured to block all connections to programs that are not on the list of allowed
programs. To configure exceptions we can go to the menu on the left and select "Allow a
program or feature trough Windows Firewall" option.

79
To change settings in this window we have to click the "Change settings" button. As you can see,
here we have a list of predefined programs and features that can be allowed to communicate on
private or public networks. For example, notice that the Core Networking feature is allowed on
both private and public networks, while the File and Printer Sharing is only allowed on private
networks. We can also see the details of the items in the list by selecting it and then clicking the
Details button.

Details

If we have a program on our computer that is not in this list, we can manually add it by clicking
on the "Allow another program" button.

Add a Program

Here we have to browse to the executable of our program and then click the Add button. Notice
that we can also choose location types on which this program will be allowed to communicate by
clicking on the "Network location types" button.

Network Locations

Many applications will automatically configure proper exceptions in Windows Firewall when we
run them. For example, if we enable streaming from Media Player, it will automatically
configure firewall settings to allow streaming. The same thing is if we enable Remote Desktop
feature from the system properties window. By enabling Remote Desktop feature we actually
create an exception in Windows Firewall. Windows Firewall can be turned off completely.

80
To do that we can select the "Turn Windows Firewall on or off" option from the menu on the
left.

Firewall Customization

Note that we can modify settings for each type of network location (private or public).
Interesting thing here is that we can block all incoming connections, including those in the list of
allowed programs. Windows Firewall is actually a Windows service. As you know, services can
be stopped and started. If the Windows Firewall service is stopped, the Windows Firewall will
not work.

Firewall Service

In our case the service is running. If we stop it, we will get a warning thatwe should turn on our
Windows Firewall.

Warning

Remember that with Windows Firewall we can only configure basic firewall settings, and this is
enough for most day-to-day users. However, we can't configure exceptions based on ports in
Windows Firewall any more. For that we have to use Windows Firewall with Advanced
Security.

How to Start & Use the Windows Firewall with Advanced Security

The Windows Firewall with Advanced Security is a tool which gives you detailed control over
the rules that are applied by the Windows Firewall. You can view all the rules that are used by
the Windows Firewall, change their properties, create new rules or disable existing ones. In this
tutorial we will share how to open the Windows Firewall with Advanced Security, how to find
your way around it and talk about the types of rules that are available and what kind of traffic
they filter.

81
How to Access the Windows Firewall with Advanced Security

You have several alternatives to opening the Windows Firewall with Advanced Security: One is
to open the standard Windows Firewall window, by going to "Control Panel -> System and
Security -> Windows Firewall". Then, click or tap Advanced settings.

In Windows 7, another method is to search for the word firewall in the Start Menu search box
and click the "Windows Firewall with Advanced Security" result.

In Windows 8.1, Windows Firewall with Advanced Security is not returned in search results and
you need to use the first method shared above foropening it. The Windows Firewall with
Advanced Security looks and works the same both in Windows 7 and Windows 8.1. To continue
our tutorial, we will use screenshots that were made in Windows 8.1.

82
What Are The Inbound & Outbound Rules?

In order to provide the security you need, the Windows Firewall has a standard set of inbound
and outbound rules, which are enabled depending on the location of the network you are
connected to.

Inbound rules are applied to the traffic that is coming from the network and the Internet to your
computer or device. Outbound rules apply to the traffic from your computer to the network or
the Internet.

These rules can be configured so that they are specific to: computers, users, programs, services,
ports or protocols. You can also specify to which type of network adapter (e.g. wireless, cable,
virtual private network) or user profileit is applied to.

In the Windows Firewall with Advanced Security, you can access all rulesand edit their
properties. All you have to do is click or tap the appropriate unit in the left-side panel.

83
The rules used by the Windows Firewall can be enabled or disabled. The ones which are enabled
or active are marked with a green check-box in the Name column. The ones that are disabled are
marked with a gray check-box.

If you want to know more about a specific rule and learn its properties, right click on it and
select Properties or select it and press Properties in thecolumn on right, which lists the actions
that are available for your selection.

What Are The Connection Security Rules?

Connection security rules are used to secure traffic between two computers while it crosses the
network. One example would be a rule which defines that connections between two specific
computers must be encrypted.

Unlike the inbound or outbound rules, which are applied only to one computer, connection
security rules require that both computers have the same rules defined and enabled.

If you want to see if there are any such rules on your computer, click or tap "Connection Security
Rules" on the panel on the left. By default, there are no such rules defined on Windows
computers and devices. They are generally used in business environments and such rules are set
by the network administrator.

84
2.1.1 Configuring Windows Firewall

To open Windows Firewall we can go to Start > Control Panel >windows firewall

Network Locations

Many applications will automatically configure proper exceptions in Windows Firewall when we
run them. For example, if we enable streaming from Media Player, it will automatically
configure firewall settings to allow streaming. The same thing is if we enable Remote Desktop
feature from the system properties window. By enabling Remote Desktop feature we actually
create an exception in Windows Firewall. Windows Firewall can be turned off completely. To do
that we can select the "Turn Windows Firewall on or off" option from the menu on the left.

85
Firewall Customization

Note that we can modify settings for each type of network location (private or public).
Interesting thing here is that we can block all incoming connections, including those in the list of
allowed programs. Windows Firewall is actually a Windows service. As you know, services can
be stopped and started. If the Windows Firewall service is stopped, the Windows Firewall will
not work.

How to Start & Use the Windows Firewall with Advanced Security

The Windows Firewall with Advanced Security is a tool which gives you detailed control over the rules
that are applied by the Windows [Link] can view all the rules that are used by the Windows
Firewall, change their properties, create new rules or disable existing ones. In this tutorial we will share
how to open the Windows Firewall with Advanced Security, howto find your way around it and talk
about the types of rules that are available and what kind of traffic they filter. How to Access the
Windows Firewall with Advanced Security You have several alternatives to opening the Windows
Firewall with Advanced Security

One is to open the standard Windows Firewall window, by going to "Control Panel -> System and
Security -> Windows Firewall". Then, click or tap Advanced settings.

In Windows 7, another method is to search for the word firewall

click the "Windows Firewall with Advanced Security" result

86
What Are The Inbound & Outbound Rules?
In order to provide the security you need, the Windows Firewall has a standard set of inbound
and outbound rules, which are enabled depending on the location of the network you are
connected to. Inbound rules are applied to the traffic that is coming from the network and the
Internet to your computer or device. Outbound rules apply to the traffic from your computer to
the network or the Internet. These rules can be configured so that they are specific to: computers,
users, programs, services, ports or protocols. You can also specify to which type of network
adapter (e.g. wireless, cable, virtual private network) or user profileit is applied to. In the
Windows Firewall with Advanced Security, you can access all rules and edit their properties. All
you have to do is click or tap the appropriate unit in the left-side panel.

The rules used by the Windows Firewall can be enabled or disabled. The ones which are enabled
or active are marked with a green check-box in the Name column. The ones that are disabled are
marked with a gray [Link] you want to know more about a specific rule and learn its
properties, right click on it and select Properties or select it and press Properties in the column on
right, which lists the actions that are available for your selection

[Link] What Does the Windows Firewall with Advanced Security Monitor?
The Windows Firewall with Advanced Security includes some monitoring features as well. In
the Monitoring section you can find the following information: the firewall rules that are active
(both inbound and outbound), the connection security rules that are active and whether there are
any active security associations.

87
You should note that the Monitoring section shows only the active rules for the current network
location.

RESULT:
Study of the features of firewall in providing network security and to set Firewall Security in
windows.

88