Scribd
Upload
112 views

Arid Agriculture University, Rawalpindi: Final Exam FALL2020 (Paper Duration 24 Hours) To Be Filled by Teacher

The document is a final exam for a Network Management and Security course taken at Pir Mehr Ali Shah Arid Agriculture University in Rawalpindi, Pakistan. It contains questions about password authentication schemes, generating a password wordlist using personal information, and analyzing HTTP traffic in Wireshark. The student provides multi-part answers explaining denial of service attacks, impersonation attacks, parallel session attacks, replay attacks, and forward secrecy for the first question. For the second question, the student outlines steps to create a wordlist and crack a password using a user's pet names. For the third question, the student analyzes highlighted packets, lists an HTTP filter, explains the difference between DNS and HTTP protocols, and provides a screenshot of HTTP traffic

Uploaded by

Danish Raja
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
112 views

Arid Agriculture University, Rawalpindi: Final Exam FALL2020 (Paper Duration 24 Hours) To Be Filled by Teacher

The document is a final exam for a Network Management and Security course taken at Pir Mehr Ali Shah Arid Agriculture University in Rawalpindi, Pakistan. It contains questions about password authentication schemes, generating a password wordlist using personal information, and analyzing HTTP traffic in Wireshark. The student provides multi-part answers explaining denial of service attacks, impersonation attacks, parallel session attacks, replay attacks, and forward secrecy for the first question. For the second question, the student outlines steps to create a wordlist and crack a password using a user's pet names. For the third question, the student analyzes highlighted packets, lists an HTTP filter, explains the difference between DNS and HTTP protocols, and provides a screenshot of HTTP traffic

Uploaded by

Danish Raja
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Pir Mehr Ali Shah

Arid Agriculture University, Rawalpindi


Office of the controller of Examinations
Final Exam (Practical)/ FALL2020 (Paper Duration 24 hours)
To be filled by Teacher

Course No.: ……… CS-684………… Course Title: Network Management and Security
Total Marks:……….20…………………… Date of Exam: 08-02-2021
Degree: …………BSIT…………………………. Semester: 7th Section: A / B
Marks
Q.No. 1 2 3 4 5 6 7 8 9 10 Obtained/
TotalMarks
Marks
Obtaine /20
d
Total Marks in Words:
Name of the teacher: Mr. Shakeel Ahmad / Mr. Mahmood Bashir
Who taught the course: Signature of teacher / Examiner:

To be filled by Student

Registration No.: …………17-Arid-1991………… Name.: …………Muhammad Danish Hassan……………

Answer the following questions.

Q.No.1. (Marks 04)


a) An ideal password authentication scheme must withstand a number of
attacks. Describe five of these attacks.

Answer:

1. Denial of Service Attacks


An attacker can update bogus confirmation data of a legitimate user for the next login
phase. After that, the legitimate user will not be able to login successfully anymore.

2. Forgery Attacks (Impersonation Attacks)


An attacker attempts to alter intercepted communications to disguise the legitimate user
and login to the system.

3. Parallel Session Attacks


Without knowing a user’s password, an attacker can take on the appearance of the
legitimate user by making a legitimate login message out of some intruded communication
between the user and the server.
4. Replay Attacks
Having detained previous communications, an attacker can replay the intercepted messages
to spoof the legitimate user to login to the system.

5. Forward Secrecy
It must be guaranteed that the previously generated passwords in the system are secure
regardless of whether the system’s secret key has been revealed in public coincidentally or is
stolen.

Q.No.2. (Marks 06)


A user has pets TOMY and JACK. How we can target that user using this information to
generate password of length 12. And use this wordlist to crack his account password.
Write down all steps.
Your Commands must fulfill all possibilities
Answer:

Creation of Wordlist
We are going to create wordlist using crunch
Cracking of Password

Step # 1

Step # 2

Step # 3

Step # 4

Step # 5

Q.No.3. (Marks 10)


1. Start up the Wireshark program (select an interface and press start to capture packets).
2. Start up your favorite browser (ceweasel in Kali Linux).
3. In your browser, go to PMAS-Arid Agriculture University homepage by typing
www.uaar.edu.pk.

4. After your browser has displayed the www.uaar.edu.pk page, stop Wireshark packet
capture by selecting stop in the Wireshark capture window. This will cause the Wireshark
capture window to disappear and the main Wireshark window to display all packets and
answer the following questions
1. If a packet is highlighted by black, what does it mean for the packet?
2. What is the filter command for listing all outgoing http traffic?
3. Why does DNS use Follow UDP Stream while HTTP use Follow TCP Stream?
4. Apply http.host== www.uaar.edu.pk filter for http traffic and paste the screenshot,
clearly displaying the http steam content of www.uaar.edu.pk.
Answer:

1. If a packet is highlighted by black, what does it mean for the packet?


 If a packet is highlighted by black, it means the wireshark identifies the packets
with errors i.e they could have been delivered out of order.

2. What is the filter command for listing all outgoing http traffic?
 tcp.port == 80 || udp.port == 80

3. Why does DNS use Follow UDP Stream while HTTP use Follow TCP Stream?
 DNS uses UDP because it is much faster. TCP is slow as it requires 3-way
handshake. The load on DNS servers is also an important factor. DNS servers
(since they use UDP) don’t have to keep connections. Furthermore, DNS
requests are generally very small and fit well within UDP segments.
 HTTP uses TCP instead of UDP because it guarantees delivery via a three-way
handshake and re-transmission of lost packets. It uses TCP because the files,
images, web pages which we get from the remote host should not be dropped
on the way and it should be delivered in order to the HTTP client.

4. Apply http.host== www.uaar.edu.pk filter for http traffic and paste the screenshot,
clearly displaying the http steam content of www.uaar.edu.pk

You might also like