Professional Documents
Culture Documents
Aim : Working with sniffers for monitoring network communication. Using Tool
Ethereal.
Ethereal is a GUI network protocol analyzer. It lets us interactively brows a packet data from
a live network or from previously saved capture files.
WORKING WITH ETHEREAL :
Observation :
In this window we can observe what the protocols we captured are and their usage
into percentage.
We can observe.
FIRST PANE :
In the first pane we can view the
i) At what time which pr4otocal is used
ii) And along with their source IP, Destination IP, time, protocol and some Information
about that protocol
EX:
OBSERVATIONS:
1) In the first Address resolution protocol the source broadcast an IP address responds by
telling its Ethernet address to the source.
2) Second one is an up protocol the source is communicating with the destination using
some port numbers.
3) Third on is NetBIOS protocol the source is trying to share ESET from destination
We can ales Observe the same protocol uses some color code.
SECOND PANE :
In this second pane we can know more of the protocols which we selected in the first
pane.
Here detailed information about packet we captured we can know except data.
THIRD PANE :
In the third pane represents the encrypted from o each and every Instruction.
FILTERING :
Start Ethereal
Click capture
Using ‘options’.
Click start
The lice specified capture will be showed in third pain window.
CONVERSATION:
This is optio0n will open new window that displays a list of conversation between two
end points.
In this conversation window we can view Addresses of A&B and packets and Bytes.
And some more information about bytes and packets transferred from a B and
B A.
End Points:
It also displays the no of packets, Bytes transferred to that respective hosts all
this information showed here.
Decode As :
If you have a packet selected present a dialog allowing you to change which dissector
are used to decode this packet.
Click on ‘Analyzer’ after selecting any protocol and click on DecodeAS. Then
‘Ethereal: Decode As ‘window will displayed.
Decode Select the protocol and Apply and then click OK.
DESCRIPTION :
Explanation:
We have to convert it in to binary form first and do as shown in the below flow chart.
KEY GENERATION
11 is equals to 3
0 1 0 1 is equals to 4
That means in the sbox table take the value of 3rd row and 4th column
PROGRAM :
int
key[64]={0,0,0,1,0,0,1,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,1,1,1,0,0,1,1,0,0,1,1,0,1,1,1,0,1,1,1
,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,1};
int
msg[64]={0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,0,0,1,1,1,1,0,0,0,1,0,0,1,1,0,1,0,
1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,1,1,1,1};
int ext[48]={ 32, 1, 2, 3, 4, 5,4, 5, 6, 7, 8, 9,8,
9,10,11,12,13,12,13,14,15,16,17,16,17,18,19,20,21,20,21,22,23,24,25,24,25,26,27,28,29,28,2
9,30,31,32, 1},exto[48];
s8[4][16]={13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7,
1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2,
7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8,
2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11},sboxo[6],sbop[32];
cls[]={1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1};
int r=0;
int temp1[3],temp2[3];
int ip[64]={58,50,42,34,26,18,10,2,60,52,44,36,28,20,12, 4,62,54,46,38,30,22,14,
6,64,56,48,40,32,24,16, 8,57,49,41,33,25,17, 9, 1,59,51,43,35,27,19,11,
3,61,53,45,37,29,21,13, 5,63,55,47,39,31,23,15, 7},ipo1[32],ipo2[32],ipo[64];
int iip[64]={40, 8,48,16,56,24,64,32,39, 7,47,15,55,23,63,31,38, 6,46,14,54,22,62,30,37,
5,45,13,53,21,61,29,36, 4,44,12,52,20,60,28,35, 3,43,11,51,19,59,27,34,
2,42,10,50,18,58,26,33, 1,41, 9,49,17,57,25},iipo[64];
int pc1[56]={57, 49, 41, 33, 25, 17, 9,1 , 58 ,50 ,42 ,34 ,26 ,18,10, 2 ,59 ,51 ,43 ,35 ,27,19,
11 , 3 ,60 ,52 ,44 ,36,63, 55, 47 ,39, 31 ,23, 15,7 , 62 ,54 ,46, 38, 30, 22,14, 6 ,61 ,53 ,45 ,37 ,
29,21, 13 ,5 ,28 ,20 ,12 ,4 };
int pc2[48]={14,17,11,24,1 , 5, 3,28,15, 6,21,10,23,19,12, 4,26, 8,16, 7,27,20,13,
2,41,52,31,37,47,55,30,40,51,45,33,48,44,49,39,56,34,53,46,42,50,36,29,32};
int pc1o1[28],pc1o2[28];
int pc1o[56],pc2o[48];
int xorr[48],sboxr[32],xorr1[32];
void main()
{
void key1();
int i,j,k,n,l,r1,c,d,j2,j1;
clrscr();
/*INITIAL PERMITATION VALUES*/
j=0;
for(i=0;i<64;i++)
{ if(i<32)
{
ipo1[i]=msg[ip[i]-1];
/*printf("%d",ipo1[i]);*/
}
else
{
ipo2[j++]=msg[ip[i]-1];
}
}
for(r=0;r<16;r++)
{
j2=0;
for(j=i*6;j<((i*6)+6);j++)
sboxo[j2++]=xorr[(j)];
r1=sboxo[0]*2+sboxo[5]*1;
c=sboxo[1]*8+sboxo[2]*4+sboxo[3]*2+sboxo[4]*1;
if(i==0)
d=s1[r1][c];
else if(i==1)
d=s2[r1][c];
else if(i==2)
d=s3[r1][c];
else if(i==3)
d=s4[r1][c];
else if(i==4)
d=s5[r1][c];
else if(i==5)
d=s6[r1][c];
else if(i==6)
d=s7[r1][c];
else if(i==7)
d=s8[r1][c];
/*BINARY CONVERTION*/
for(l=0;d>0;l++)
{
n=d%2;
d=d/2;
sboxo[l]=n;
}
if(l<4)
for(;l<4;l++)
sboxo[l]=0;
for(j2=3;j2>=0;j2--,k++)
{
sboxr[k]=sboxo[j2];
}
}
for(i=0;i<32;i++)
{
pfr[i]=sboxr[pf[i]-1];
}
printf("\n");
for(i=0;i<32;i++)
{
if(pfr[i]==ipo1[i])
xorr1[i]=0;
else
xorr1[i]=1;
}
for(i=0;i<32;i++)
{
ipo1[i]=ipo2[i];
ipo2[i]=xorr1[i];
}
j=0;
scanf("%d",&i);
}
printf("\n final output\n");
j=0;
for(i=0;i<64;i++)
{
if(i<32)
ipo[i]=ipo2[i];
else
ipo[i]=ipo1[j++];
}
printf("\n");
for(i=0;i<64;i++)
{
iipo[i]=ipo[iip[i]-1];
printf("%d",iipo[i]);
}
}
void key1()
{
int i=0,j=0,k=0,l=0;
if(r==0)
{
for(i=0;i<56;i++)
{
pc1o[i]=key[pc1[i]-1];
if(i<28)
{
pc1o1[i]=key[pc1[i]-1];
}
else
{
pc1o2[j]=key[pc1[i]-1];
j++;
}}}
for(i=0;i<cls[r];i++)
temp1[i]=pc1o1[i];
for(i=0;i<28-cls[r];i++)
pc1o1[i]=pc1o1[i+cls[r]];
for(j=0;j<cls[r];j++,i++)
pc1o1[i]=temp1[j];
for(i=0;i<cls[r];i++)
temp2[i]=pc1o2[i];
for(i=0;i<28-cls[r];i++)
pc1o2[i]=pc1o2[i+cls[r]];
for(j=0;j<cls[r];j++,i++)
pc1o2[i]=temp2[j];
j=0;
for(i=0;i<56;i++)
{
if(i<28)
pc1o[i]=pc1o1[i];
else
pc1o[i]=pc1o2[j++];
}
printf("\n key : %d\n",r+1);
for(i=0;i<48;i++)
{
pc2o[i]=pc1o[pc2[i]-1];
printf("%d",pc2o[i]);
}}
Output:
Key1:0001101100000010111011111111100111000001110010
Key2:011110011010111011011001110110111100100100111100101
Key3:010101011111110010001010010000101100111110011001
Key4:011100101010110111010110110110110011010100011101
Key5:011111001110110000000111101011010100111010100
Key6:011000111010010100111110010100000111101100101111
Key7:111011001000010010110111111110110000110001011110
Key8:11110111100010100011101011000001001111011111111011
Key9:111000001101101111101011110110111001111000000
Key10:1011000111110011010001111011110111010010001100100111
Key11:001000001010111111101001111011110110100111000010
Key12:01110101011100011111010110010100011001111110100
Key13:1001011111000101111010001111110101011101001000001
Key14:0101111101000001110110111111100101110011100111010
Key15:101111111001000110001101001111010011111100001010
Key16:110010110011110110001011000011100001011111110101
1000010111101000000100110101010000001111000010101011010000000101
AIM: Using GNU PGP sign the created document and transmit over network, verify the
signature and decrypted the received data .
Procedure:
For creating key, we use .GPA software open GPA, go to “Keys” and selected “new
key”.
Key contains both public part and private part. Public key is mailed and private key is
pass phrase.
The user whom we want to communicate also sends his this public key.
Now if party ‘n’ first generates his message in text format, now he signs the message
and then encrypt the message with party b’ has downloaded through interned.
Then the encrypted message in text. asc gpg format is sent to part B through inter w.
Now, party ‘b’ receives the file through interned and imports the file into the GUN
software by click is open file, select required path click import.
Now part ‘b’ decrypts the message by using his private key then he will get original
file
Before encryption:-
Hai
How are you
After Encryption
While we generate two keys we need to encrypt file & it will be sat to second keys
owner
New, the receiver will den to encrypted msg and perform decryption to original file.
Like this we can provide authentication, confidentiality to the data that transfers
through the network.
Then enter the IP address of the host which you want to scan.
Then the system scans the network for the host and display the details like.
What ports are in use, what is state of the ports, what service is going on and version.
Device type
OS details and so on.
PORTS/HOSTS:
This option displays only the ports information.
TOPLOGY:-
It display the arrangements of hosts in the networks
In view fisheye if the bubbles color in green then the corresponding hosts is said to be
secure.
If the bubbles are in yellow color indicates that the host is partially secure.
The size of the bubble depends on the no of the ports open in that host
Scans:-
In this it display what are the command are use and what is their status.
Host details:-
It shows the details about the particular host like.
Procedure
Reason
This is for use by NTTP server you must create a certificate signing request
-new key rsa:1024 : generates a new private key of type rsa of length 1024 bytes
-keyout hostkey.pem : write out the newly generated private key to file host key.pem
You will want to save this file since you needed it while getting SSL certificate
-nodes: it is an optional parameter not to encrypt the private key this is useful when your server starts
automatically
-outhostcsr.pem : write out CSR to the file hostcsr.pem this is useful when creating a self signed
certificate
A self signed certificate doesn’t give the security provided by a certificate a commercial LA but it will
allow to provide a secure HTTP connection to your website
-days 365 : make the self signed certificate valid for one year
-out hostcert.pem : write out the self signed certificate to the file hostcert.pem
Open SSL has a command that implements a generic SSL or TSL server which listens for
connection on a given port. This is useful if you have a client you want to test with SSl
To run the test server you need a host certificate and corresponding private key
When you run the test server you must specify a port to listen for connection
Note: disable firewall while doing this as the port will be in closed state when firewall is enable.
If you have a server which accepts SSL connection, open SSL has a command that implements
generic SSL or TCL client which connects to a remote host (server). When you run the client you will
see the response from the server ,typically the results of SSL handshake .it is useful diagnostic utility
when you do want to use a full featured client to test the SSL connection.
Buffer:-
A ‘buffer’ is loosely to refer to any area of memory where more than one piece of data
is stored
When extra character string to fill buffer space after it is full. That type of situation is
called buffer overflow
Why It happens:-
Careless programming
An integer where ‘o’ means that you can’t access a particular file but an ‘I’ means you
can
In this case, a hacker would overwrite the ‘o’ with a ‘I’ in order to access the file
The computer OS programmer should check the size of the buffer first before trying to put all
data into it.
Popular languages like c/c++ don’t automatically check the bounds of the
Result: What ever was in the memory location rights after the buffer is over written with the
11th integer.
PROGRAM:
#include<stdio.h>
void main( )
{
sub1( );
}
sub1( )
{
sub2( );
}
sub2( )
{
}
sub2( )
sub1( )
main( )
Attacks:
Denial of service:-
Stack smashing or heap-based attacks the attacker can hijack execution of the
program, and if the program was running with elevated privileges, the attack now has those
privileges.
This is the way many worms spared by tracking a network services into running the a
program the attacker wrote
Data corruption:-
An attacker can change their privilege or other security- related data by overwriting it
in memory.
Program crash:-
A program crash can lead to denial-of-service because the service that program was
providing will not be there until the program is restarted
It example the how the program executes and how the step by step buffer overflow is
explained.
The following example explains about stack overflow written in ‘c’ language.
Spock:-
Demonstrate what is commonly called variable attacks buffer overflow, where the
target is data.
Smashes: demos treats a stack attack “none commonly referred to as “stack smashiy”
Stack guard: - this demo shows how the stack guard compiler can help protect “stack
attacks”.
Bo demo:-
This is a mock attack on a Linux system demonstrate how an attack can get the root
shell.
It s u demo:-
Show the output of it’s, a static analyzer on two different ‘c’, program.
Jumps: - shows how stacks are used to keep track of subroutine calls.
These two offers the ability to sign and / or encrypt the given message.
To get the SSL certificate you need to configure your outlook according to your
email.
In ADVANCED
And finish.
Ip table is a program that comes with Linux distribution that allows administrators to
configure the OS.
so that it allows applications and clients through network and stop unwanted applications
and clients communicating from the net work or specified system.
Generally Ip Linux and the corresponding configuration data available lets/sys condign/ip
table
There are three different places during the process of sending and receiving the packets
that these rules can be applied these three different places are called chains
INPUT
OUTPUT
FORWARD
INPUT: this chain applies rules to packets being received from the network.
OUTPUT: this chain applies to packets being sent from your computer
FORWARD: this chain applies rules to packets that your machine is forwarding to other
on the network.
ACCEPT: This option accepts a allow a packet an allows it to pass either in or out.
DENY: this option doesn`t allow a packet to pass but sends an error message back to its
sender.
DROP: this option completely ignore the packets with out sending any error message to
its sender each chain also has a default ploy i.e. is ACCEPT.
NOTE: if you create a set of rules in ip tables during one session and the reboot your
computer all the rules that you are applies will be lost.
# ip table –D RULENUM1
EXAMPLE:
3). Block any incoming tcp packet on out ether net connection.
4). suppose a new incoming tcp packet bound for port 80 arrives,ip table will see the
accept rules and admit the packet before all encompassing deny rules take effete.
Ip tables can be used to block rowdy use from accessing your net work.
To Block Mc address
Iptables Rules:
Note: - Now execute the script to load the rules into kernel space. That is it. Now we
have got a robust firewall in place. You can check the results by re-running the nmap
command .