DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND

DATA SCIENCE

III Year- VI Semester

LAB MANUAL

CCS354 -NETWORK SECURITY

Academic Year 2024-2025

(2021 Regulation)
CCS354 NETWORKS SECURITY
Course Objectives:
 To learn the fundamentals of cryptography.
 To learn the key management techniques and authentication approaches.
 To learn the key management techniques and authentication approaches.
 To understand the application layer security standards.
 To learn the real time security practices.
List of Experiments:
1. Implementing symmetric key algorithms –DES.
2. Implementing asymmetric key algorithms and Implementing Key exchange
algorithms.
3. Implement the SIGNATURE SCHEME - Digital Signature Standard.
4. Installation of Wire shark, tcp dump and observe data transferred in client-
server communication using UDP/TCP and identify the UDP/TCP datagram.
5. Check message integrity and confidentiality using SSL.
6. Experiment Eavesdropping, Dictionary attacks, MITM attacks .
7. Experiment with Sniff Traffic using ARP Poisoning.
8. Demonstrate intrusion detection system using any tool.
9. Explore network monitoring tools.
10. Study to configure Firewall, VPN.
 Department of AI &DS
VI SEM – NS

CCS354-NETWORK SECURITY
S.NO DATE NAME OF EXPERIMENTS MARKS SIGN

10

11

12
 Exp.No: 1
Implement Symmetric Key Algorithms.
Date:

Aim:
To implement Symmetric key algorithms using java code.
Algorithm:
Step 1: Create a class to create symmetric key.
Step 2: In the secret key function, Create a new instance of secure random class.
Step 3: Pass the String to key generator and initialize with 256 bits.
Step 4: After running the program, encoded symmetric key will be displayed.
Program:
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;
import java.util.Scanner;

public class SymmetricEncryptionExample {

// AES Encryption method

public static String encryptAES(String data, String key) throws Exception {
SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encryptedData = cipher.doFinal(data.getBytes());
return Base64.getEncoder().encodeToString(encryptedData);
}

// AES Decryption method

public static String decryptAES(String encryptedData, String key) throws Exception {
SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] decodedData = Base64.getDecoder().decode(encryptedData);
byte[] originalData = cipher.doFinal(decodedData);
return new String(originalData);
}

// DES Encryption method

public static String encryptDES(String data, String key) throws Exception {
SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), "DES");
Cipher cipher = Cipher.getInstance("DES");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encryptedData = cipher.doFinal(data.getBytes());
return Base64.getEncoder().encodeToString(encryptedData);
 }

// DES Decryption method

public static String decryptDES(String encryptedData, String key) throws Exception {
SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), "DES");
Cipher cipher = Cipher.getInstance("DES");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] decodedData = Base64.getDecoder().decode(encryptedData);
byte[] originalData = cipher.doFinal(decodedData);
return new String(originalData);
}

// Triple DES (3DES) Encryption method

public static String encryptTripleDES(String data, String key) throws Exception {
SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), "DESede");
Cipher cipher = Cipher.getInstance("DESede");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encryptedData = cipher.doFinal(data.getBytes());
return Base64.getEncoder().encodeToString(encryptedData);
}

// Triple DES (3DES) Decryption method

public static String decryptTripleDES(String encryptedData, String key) throws Exception {
SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), "DESede");
Cipher cipher = Cipher.getInstance("DESede");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] decodedData = Base64.getDecoder().decode(encryptedData);
byte[] originalData = cipher.doFinal(decodedData);
return new String(originalData);
}

public static void main(String[] args) {

Scanner scanner = new Scanner(System.in);

// Input for algorithm choice

System.out.println("Choose Encryption Algorithm (AES, DES, TripleDES): ");
String algorithm = scanner.nextLine().toUpperCase();

// Input for key and data

System.out.println("Enter the encryption key (16 characters for AES, 8 for DES, 24 for TripleDES):
");
String key = scanner.nextLine();
System.out.println("Enter the data to encrypt: ");
String data = scanner.nextLine();

try {
String encryptedData = "";
 String decryptedData = "";

switch (algorithm) {
case "AES":
if (key.length() != 16) {
System.out.println("AES requires a 16-character key.");
return;
}
encryptedData = encryptAES(data, key);
decryptedData = decryptAES(encryptedData, key);
break;
case "DES":
if (key.length() != 8) {
System.out.println("DES requires an 8-character key.");
return;
}
encryptedData = encryptDES(data, key);
decryptedData = decryptDES(encryptedData, key);
break;
case "TRIPLEDES":
if (key.length() != 24) {
System.out.println("TripleDES requires a 24-character key.");
return;
}
encryptedData = encryptTripleDES(data, key);
decryptedData = decryptTripleDES(encryptedData, key);
break;
default:
System.out.println("Invalid algorithm selected.");
return;
}

// Displaying results
System.out.println("Encrypted Data: " + encryptedData);
System.out.println("Decrypted Data: " + decryptedData);

} catch (Exception e) {
e.printStackTrace();
} finally {
scanner.close();
}
}
}
Output:
Choose Encryption Algorithm (AES, DES, TripleDES):
aes
Enter the encryption key (16 characters for AES, 8 for DES, 24 for TripleDES):
1234567890123456
Enter the data to encrypt:
Hello, World!

Encrypted Data: VlnfESr1I26OykccSZpZyQ==

Decrypted Data: Hello, World!

Result:
Thus, the java program for symmetric key algorithms have been executed successfully.
 Exp.No: 2(a)
Implement Asymmetric Key Algorithms.
Date:

Aim:
To implement Asymmetric key algorithms using java code.
Algorithm:
Step 1: Create a class to create asymmetric key.
Step 2: Generate private and public keys using RSA algorithm.
Step 3: Pass the String to key generator and initialize with 2408 bits.
Step 4: After running the program, encoded asymmetric key will be displayed.
Program:
import java.security.*;
import javax.crypto.Cipher;
import java.util.Base64;

public class RSAExample {

// Method to generate RSA Key Pair
(Public and Private Key)
public static KeyPair generateKeyPair()
throws NoSuchAlgorithmException {
KeyPairGenerator keyPairGenerator =
KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048); //
RSA key size (2048-bit)
return
keyPairGenerator.generateKeyPair();
}

// Encrypt data using the public key

public static String encrypt(String data,
PublicKey publicKey) throws Exception {
Cipher cipher =
Cipher.getInstance("RSA");

cipher.init(Cipher.ENCRYPT_MODE,
publicKey);
 byte[] encryptedData =
cipher.doFinal(data.getBytes());
return
Base64.getEncoder().encodeToString(encr
yptedData); // Return encrypted data as
Base64 string
}
// Decrypt data using the private key
public static String decrypt(String
encryptedData, PrivateKey privateKey)
throws Exception {
Cipher cipher =
Cipher.getInstance("RSA");

cipher.init(Cipher.DECRYPT_MODE,
privateKey);
byte[] decodedData =
Base64.getDecoder().decode(encryptedDa
ta);
byte[] decryptedData =
cipher.doFinal(decodedData);
return new String(decryptedData); //
Return decrypted data as string
}

public static void main(String[] args) {

try {
// Generate RSA Key Pair (Public
and Private Keys)
KeyPair keyPair =
generateKeyPair();
PublicKey publicKey =
keyPair.getPublic();
PrivateKey privateKey =
keyPair.getPrivate();
 // Original message to be encrypted
and decrypted
String originalData = "This is a
secret message";

// Encrypt the data with the public

key
String encryptedData =
encrypt(originalData, publicKey);
System.out.println("Encrypted
Data: " + encryptedData);

// Decrypt the data with the private

key
String decryptedData =
decrypt(encryptedData, privateKey);
System.out.println("Decrypted
Data: " + decryptedData);

} catch (Exception e) {
e.printStackTrace();
}
}
}

Output:

Encrypted Data:
0UBYQZ9ZGtt2Xg5d6l+p69u6nbU0sctBGpHgFtxMJp+UGeHrl80zzLU30ySM7ryX0nNHhZlUsXqhv7I1jF12jNK
tMlUyauLxe4UKzZdqZ8zNH0MvA6jcvFPg60B8n5uKNbd4h0g6ZJTZVe2mYr19gnYr7h10S8IM+alT4ax8gntptt
US5v7l8P0j/vDd9ubphl9xa7HptP+60nL3GqFA==
Decrypted Data: This is a secret message

Result:
Thus, the java program for asymmetric key algorithms have been executed successfully.
 Exp.No:2(b)
Implement Key Exchange Algorithms.
Date:

Aim:
To implement key exchange algorithms using java code.
Algorithm:
Step 1: Create a class to implement key exchange and a power function to return value of a,b,p.
Step 2: Use Alice and Bob method for key generation.
Step 3: Both the persons will be agreed upon public keys G,P.
Step 4: Consider a prime number P and primitive root for P, G.
Step 5: Alice will choose private key ‘a’ and ‘b’ for Bob.
Step 6: The secret keys are generated after the exchange of keys.

Program:
import java.math.BigInteger;
import java.security.SecureRandom;

public class DiffieHellmanKeyExchange {

// Method to generate public and private keys

public static BigInteger[] generateKeys(BigInteger p, BigInteger g, BigInteger privateKey) {
// Public Key = g^privateKey mod p
BigInteger publicKey = g.modPow(privateKey, p);
return new BigInteger[]{privateKey, publicKey};
}

// Method to calculate the shared secret

public static BigInteger calculateSharedSecret(BigInteger otherPartyPublicKey, BigInteger privateKey,
BigInteger p) {
// Shared Secret = otherPartyPublicKey^privateKey mod p
return otherPartyPublicKey.modPow(privateKey, p);
}

public static void main(String[] args) {

// Define the public parameters (prime number p and base g)
BigInteger p = new BigInteger("23"); // Small prime for demonstration, should be much larger in
practice
BigInteger g = new BigInteger("5"); // Base (generator)

// Generate secure private keys for Alice (Party A) and Bob (Party B)
SecureRandom secureRandom = new SecureRandom();
BigInteger privateKeyA = new BigInteger(10, secureRandom); // Private key for Alice
BigInteger privateKeyB = new BigInteger(10, secureRandom); // Private key for Bob
 // Generate public keys for Alice and Bob
BigInteger[] keysA = generateKeys(p, g, privateKeyA);
BigInteger[] keysB = generateKeys(p, g, privateKeyB);

// Public keys
BigInteger publicKeyA = keysA[1];
BigInteger publicKeyB = keysB[1];

// Display the public keys

System.out.println("Public Key of Alice: " + publicKeyA);
System.out.println("Public Key of Bob: " + publicKeyB);

// Calculate shared secrets

BigInteger sharedSecretA = calculateSharedSecret(publicKeyB, privateKeyA, p);
BigInteger sharedSecretB = calculateSharedSecret(publicKeyA, privateKeyB, p);

// Display the shared secrets calculated by Alice and Bob

System.out.println("Shared Secret calculated by Alice: " + sharedSecretA);
System.out.println("Shared Secret calculated by Bob: " + sharedSecretB);

// Check if the shared secrets match

if (sharedSecretA.equals(sharedSecretB)) {
System.out.println("The shared secret is successfully established!");
} else {
System.out.println("Shared secrets do not match!");
}
}
}

Output:

Public Key of Alice: 5

Public Key of Bob: 18
Shared Secret calculated by Alice: 18
Shared Secret calculated by Bob: 18
The shared secret is successfully established!

Result:
Thus, the java program for key exchange algorithms have been executed successfully.
 Exp.No: 3
Implement Digital Signature Schemes.
Date:

Aim:
To implement Digital Signature Schemes using java code.
Algorithm:
Step 1: Create a class, Accept text from the user.
Step 2: Create an object for keypair generator and initialize it.
Step 3: Generate the pair of keys, get the private key from key pair.
Step 4: Create signature objects and initialize.
Step 5: Add data into the signature and calculate.
Step 6: Print the value.
Program:
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Signature; import
java.util.Scanner;

public class CreatingDigitalSignature

{ public static void main(String args[]) throws Exception
{
Scanner sc = new Scanner(System.in);
System.out.println("Enter some text");
String msg = sc.nextLine();
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("DSA");
keyPairGen.initialize(2048);
KeyPair pair = keyPairGen.generateKeyPair();
PrivateKey privKey = pair.getPrivate();
Signature sign = Signature.getInstance("SHA256withDSA");
sign.initSign(privKey); byte[] bytes = "msg".getBytes();
sign.update(bytes); byte[] signature = sign.sign();
System.out.println("Digital signature for given text: "+new String(signature, "UTF8")); }
}
Output:

Result:
Thus, the java program for Digital Signature Schemes have been executed successfully.
 Exp.No: 4 Installation of Wireshark, TCPdump and observe the data transferred in
clientserver communication using UDP/TCP and Identify the UDP/TCP
Date:
datagram.

Aim:
To install wireshark, TCPdump and observe the data transferred in client-server
communication using UDP/TCP and Identify the UDP/TCP datagram.
Wireshark:
Wireshark is an open-source tool for profiling network traffic and analyzing packets. Such
tool is often referred as a network analyzer, network protocol analyzer or sniffer.
It is used to understand how communication takes place across a network and to analyze what went
wrong when an issue in communication arises.
It captures network traffic from ethernet, Bluetooth, wireless (IEEE.802.11), token ring, and frame
relay connections, among others, and stores that data for offline analysis.
Wireshark allows you to filter the log before the capture starts or during analysis, For example, you
can set a filter to see TCP traffic between two IP addresses, or you can set it only to show you the packets
sent from one computer. The filters in Wireshark are one of the primary reasons it has become the
standard tool for packet analysis. Installation of Wireshark:
Step 1: Your first step is to head to the Wireshark download page
https://www.wireshark.org/download.html and locate the Windows installer.

Step 2: You will be presented with the Wireshark wizard to guide you through the installation. Click
“Next.”
Step 3: Next, you can review, agree to the license agreement, and click “Noted” to continue. Step 4:
You will be asked what components you want to install. You can make your choice and then click “Next.”
 Step 5: Choose a directory to install Wireshark in, showing you the space required to install it.
Step 6: Install Ncap.
Ncap is an open-source library for packet capture and network analysis which allows
Wireshark to capture and analyze network traffic effectively. It enhances Wireshark's capabilities by
providing optimized packet capture.

Step 7: The next screen will ask if you want to install USBPcap, an open-source USB packet
capture utility that lets you capture raw USB traffic, helping analyze and troubleshoot USB devices,
this is not mandatory.
Click “Install” to begin the installation.
Step 8: Wireshark will now begin the installation process. A window will pop up during
installation to install cap.
Step 9: Ncap will begin the installation; click “Next” once complete.
Step 10: Wireshark will now complete its installation. Once complete, you can click “Next.”
Step 11: On the last window, click “Finish” to complete the setup.
Step 12: Wireshark will now be installed, and you can begin packet capturing.
 When you install the wireshark program, the wireshark GUI with no data will be displayed.
Select one of the wireshark interface, eth0, eth1 will be displayed. Click “Start”for interface eth0
to begin the Packet capture.
All packets being sent/received from/by the computer are now being captured by wireshark.
Click ”Start”.
Wireshark User Interface:
The wireshark interface has 5 major components;
 The Command menus are the standard pulldown menus located at top.
 The Packet listing window displays a one-line summary for each packet captured, it includes
Packet number, Packet captured time, Packet’s source & destination address, Protocol type,
Protocol specific information.
 The Packet header details window provides about packet selected in the packet listing
window. It includes details about Ethernet frame and IP datagram of the packet. If the packet
has been carried over by TCP/UDP, that details will also be displayed.
 Packet contents window display entire contents of the captured frame in both ASCII and
hexadecimal format.
 In the Packet display filter field, the protocol name or other information can be entered to
filter the information displayed in packet listing window.
Capturing Packets:
After installing and downloading wireshark, Launch it and click the name of an interface
under Inyerface List to start capturing packets.
Test Run:
Start any browser Start the wireshark software  Select an interface  Stop wireshark
packet capture once the browser has been displayed.
Colour coding: Packets will be highlighted in blue, green, black which helps to identify the types of
traffic.
Green TCP traffic, Dark Blue  DNS traffic, Light Blue  UDP traffic, Black  TCP
packets with problems.
Inspecting Packets:
Click on any packet and go to the bottom pane.
Inspecting Packet flow:
We have a live packet data that contains all protocol message exchanged between your
computer and other network entities.
To filter the connection and to get a clear data type “http” in the filtering field. Note that
directly typing the destination will not work as wireshark doesn’t have ability to discern the protocols
field.
 To get more precise data set http.host==www.netwoksecurity.edu Right
click on any packet  Select “Follow UDP Stream”.
Close the window, change filter back to “http.host==www.networksecurity.edu” follow a
packet from the list that matches the filter.Use “Contains with other protocols.”
TCPdump:
TCP (Transmission Control Protocol) facilitates the transmission of packets from source to
destination.
Tcpdump is a command line utility that allows you to capture and analyze network traffic going
through your system. It is often used to help troubleshoot network issues, as well as a security tool.
It is a network monitoring and management utility that captures and records TCP/IP data on the run
time. Tcpdump is designed to provide statistics about the number of packets received and captured at
the operating node for network performance analysis, debugging and diagnosing network
bottlenecks and other network-oriented tasks.
Identifying UDP/TCP datagram:
IP packets have 8-bit header (Protocol for v4 and Next Header in v6) which determines which
transport-layer protocol is used in the payload. For example, if it's 6, the payload is a TCP segment,
and if it's 17 then that is an UDP.
TCP is connection-oriented while UDP is connectionless.
TCP sends data in a particular sequence, whereas there is no fixed order for UDP protocol.

Result:
Thus, the installation of Wireshark, TCPdump and observing the data transferred in client-server
communication using UDP/TCP and Identifying the UDP/TCP datagram has been executed
successfully.
 Exp.No: 5
Check message Integrity and Confidentiality using SSL.
Date:

Aim:
To check message Integrity and Confidentiality using SSL with java code.
Algorithm:
Step 1: Create a class and Load the keystore.
Step 2: Initialize the SSL context.
Step 3: Create SSL server socket and Accept the client connection.
Step 4: Create I/O streams to receive and send messages  Close the connection.
Step 5: In the client side, load the truststore.
Step 6: Create and initialize SSL socket, SSL factory
Step 7: Create I/O streams to receive and send messages  Close the connection.
Program:
import javax.net.ssl.*;
import java.io.*;
import java.security.KeyStore;

public class SSLCommunication {

// Method to create an SSL context with the specified keystore and truststore
private static SSLContext createSSLContext(String keyStorePath, String trustStorePath, char[]
password) throws Exception {
// Load the key store (contains private key)
KeyStore keyStore = KeyStore.getInstance("JKS");
FileInputStream keyStoreFile = new FileInputStream(keyStorePath);
keyStore.load(keyStoreFile, password);

// Load the trust store (contains trusted certificates)

KeyStore trustStore = KeyStore.getInstance("JKS");
FileInputStream trustStoreFile = new FileInputStream(trustStorePath);
trustStore.load(trustStoreFile, password);

// Set up key manager factory to manage the private key

KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password);

// Set up trust manager factory to manage the trust certificates

TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);

// Initialize SSL context with key and trust managers

SSLContext sslContext = SSLContext.getInstance("TLS");
 sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(),
null);

return sslContext;
}

public static void main(String[] args) {

try {
// SSL keystore and truststore paths and password
String keyStorePath = "server.jks"; // Server keystore containing private key
String trustStorePath = "clientTrustStore.jks"; // Truststore containing trusted server certificate
char[] password = "changeit".toCharArray();

// Create SSL context

SSLContext sslContext = createSSLContext(keyStorePath, trustStorePath, password);

// Create SSL server socket to listen on port 8443

SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket)
sslServerSocketFactory.createServerSocket(8443);
System.out.println("Server is waiting for client connection...");

// Accept client connection

SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
System.out.println("Client connected securely");

// Create input/output streams for secure communication

BufferedReader reader = new BufferedReader(new
InputStreamReader(sslSocket.getInputStream()));
PrintWriter writer = new PrintWriter(sslSocket.getOutputStream(), true);

// Read message from the client

String clientMessage = reader.readLine();
System.out.println("Received from client: " + clientMessage);

// Send a secure response back to the client

writer.println("Message received securely over SSL/TLS");

// Close the connection

reader.close();
writer.close();
sslSocket.close();
sslServerSocket.close();

} catch (Exception e) {
e.printStackTrace();
}
}
}
Output:

Server Side (Output):

Server is waiting for client connection...

Client connected securely

Received from client: Hello, secure server!

Client Side (Output):

Received from server: Message received securely over SSL/TLS

Result:
Thus, the java program to check message Integrity and Confidentiality using SSL have been executed
successfully.
 Exp.No: 6
Experiment Eavesdropping, Dictionary Attack, MITM Attacks.
Date:

Aim:
To experiment Eavesdropping, Dictionary Attack, MITM Attacks.
EAVESDROPPING:
Eavesdropping refers to the unauthorised and unseen intervention of a private, live conversation.
Sniffing or Eavesdropping pertains to the act of acquiring or intercepting data by capturing the
communication flow within a network using a packet sniffer tool.
This technique involves monitoring the packets of information passing through the network,
allowing unauthorized access to sensitive data, akin to theft or unauthorized interception of
information.
During the transmission of data across networks, if the data packets lack encryption, they become
vulnerable to interception, enabling unauthorized parties to read the contents of these network packets
with the use of a sniffer.

Categories of Network Sniffing:

Active and Passive Sniffing attacks are two distinct categories of network sniffing techniques
used by attackers to intercept and analyze data traffic.
1. Active Sniffing:
Active Sniffing is performed through a Switch and it is easy to detect.
It involves more direct interaction with the network traffic. Instead of just observing and
capturing data, the attacker actively injects or modifies packets within the communication flow.
2.Passive Sniffing:
Passive Sniffing is performed through a Hub which is difficult to detect.
 It involves silently capturing and monitoring network traffic without altering or modifying the
data being transmitted. The attacker’s presence is relatively discreet, as they do not actively
participate in the communication process.
They just observe the data that flows through the network, looking for sensitive/crucial
information that is not encrypted.
Experimenting Eavesdropping:
Step 1: Launch the Wireshark software on your computer and choose the ‘eth0’ option, In your web
browser, input the URL we want to capture login credentials from.

Step 2: Input the login credentials, which are ‘test’, and then click on the login button.
Step 3: Then by entering ‘http’ in the filter section, the captured packets using the HTTP protocol
will be shown. Choose ‘Follow’ to access additional options, then select ‘http stream’ from the
available choices.
Step 4: Explore the provided information, and you will uncover the login credentials.

Output:

DICTIONARY ATTACK:
A Dictionary Attack is an attack vector used by the attacker to break in a system, which is
password protected, by putting technically every word in a dictionary as a form of password for that
system. This attack vector is a form of Brute Force Attack.
Like the brute force attack, the dictionary attack aims to break in by logging in using username
and password combinations. It is only inefficient as far as its overall success rate: automated scripts
can do this in a matter of seconds.
A hacker will look for applications and websites that don’t lock a user out quickly for incorrect
username and password combinations and don’t require other forms of authentication when signing
in. Sites that allow simple passwords are especially vulnerable.
Suppose the target website or application does not adequately monitor suspicious behavior like
this or has lax password rules. In that case, the website runs a high risk of data disclosure resulting
from a dictionary attack.
Leaked password databases have become a common feature of modern dictionary attacks.
Attempting to log in with username and password combinations used multiple times elsewhere makes
these dictionary attacks much more successful and potentially harder to detect on the application or
website’s end.
Working of Dictionary attack:
Like the brute force attack, the dictionary attack aims to break in by logging in using username
and password combinations. It is only inefficient as far as its overall success rate: automated scripts
can do this in a matter of seconds.
A hacker will look for applications and websites that don’t lock a user out quickly for incorrect
username and password combinations and don’t require other forms of authentication when signing
in. Sites that allow simple passwords are especially vulnerable.
Leaked password databases have become a common feature of modern dictionary attacks.
MITM ATTACKS:
A man-in-the-middle attack (MitM) is a form of data eavesdropping and theft where an attacker
intercepts data from a sender to the recipient, and then from the recipient back to the sender.
It’s called a “man in the middle” because the attacker’s device sits between the sender and
recipient and relays messages silently without making either party aware of the eavesdropping.
The attacker is typically situated on the same network as the targeted user, but eavesdropping can
be done on a remote network if data crosses the path where an attacker is located.
The goal of an attack is to steal personal information, such as login credentials, account details
and credit card numbers. Targets are typically the users of financial applications, SaaS businesses,
ecommerce sites and other websites where logging in is required.

Types of Man-in-the-Middle Attacks:

 ● Email Hijacking → attackers gain access to a user’s email account and watch transactions to
and from the account.
● Wi-Fi Eavesdropping→ a passive way to deploy MITM attacks, Wi-Fi eavesdropping
involves cyber hackers setting up public Wi-Fi connections, typically with an unsuspecting name.
● Session Hijacking → session hijacking is when an attacker gains access to an online session
via a stolen session key or stolen browser cookies.
● DNS Spoofing →an attacker engages in DNS spoofing by altering a website’s address record
within a DNS (domain name server) server.
● IP Spoofing → similar to DNS spoofing, IP Spoofing sees an attacker attempt to divert traffic
to a fraudulent website with malicious intent.
Defence and Detection of MITM attack:
MITM attacks can be prevented or detected by two means:
Authentication and Tamper Detection.
Authentication provides some degree of certainty that a given message has come from a
legitimate source.
Tamper detection merely shows evidence that a message may have been altered.
Working of MITM attack:
The man-in-the-middle attack process has a two-stage approach: interception and decryption.
(i)Interception:
During the interception step, the cybercriminal attempts to put themselves between the client and
server, typically a user and web application. Depending on the type of man-in-the-middle attack, there
are a few ways the attacker could approach this:
● Creating a non-secure Wi-Fi network or hotspot in a crowded area for people to connect and view
their information.
● Accessing a Wi-Fi network, typically by taking advantage of a weak password or by installing a
packet sniffer to analyze traffic and scan for vulnerabilities, points of entry, and ideal targets.
● Creating a fake website with spoofed DNS and routing the user through phishing or redirecting
them from the intended HTTPS site.
● Manipulating IP protocols to persuade users to change passwords or log in to an app.
 (ii)Decryption:
After targets are determined and fall for the bait, cybercriminals use data capture tools to transmit
any login information and web activity back to them and decrypt it into readable text. During the
decryption phase, the intercepted data becomes usable to the criminal.
For example, the cybercriminal will take login credentials captured from the fake website
and use them on the actual one. From there, they could change the user's password, steal vital
financial information, or use the credentials for longer-term initiatives such as a company network or
a more severe attack.
Man in the middle attack prevention:
Blocking MITM attacks requires several practical steps on the part of users, as well as a
combination of encryption and verification methods for applications.

✦ Avoiding WiFi connections that aren’t password protected.

✦ Paying attention to browser notifications reporting a website as being unsecured.

✦ Immediately logging out of a secure application when it’s not in use.

✦ Not using public networks (e.g., coffee shops, hotels) when conducting sensitive
transactions.

Result:
Thus, Eavesdropping, Dictionary Attack, MITM Attacks have been implemented successfully.
 Exp.No: 7
Experiment with Sniff Traffic using ARP Poisoning.
Date:

Aim:
To Experiment Sniff Traffic using ARP Poisoning.
ARP Poisoning:
Address Resolution Protocol (ARP) poisoning is an attack that involves sending spoofed ARP
messages over a local area network. It’s also known as ARP spoofing, ARP poison routing and ARP
cache poisoning.
ARP poisoning is a type of man-in-the-middle attack that can be used to stop network traffic,
change it, or intercept it. The technique is often used to initiate further offensives, such as session
hijacking or denial-of-service.
The relationship between a given MAC address and its IP address is kept in a table known as the
ARP cache. When a packet heading towards a host on a LAN gets to the gateway, the gateway uses
ARP to associate the MAC or physical host address with its correlating IP address.
The host then searches through its ARP cache. If it locates the corresponding address, it is
used to convert the format and packet length. Otherwise, ARP will send out a request packet that asks
other machines on the local network if they know the correct address. When a machine replies with
the address, the ARP cache is updated.
ARP Poisoning Countermeasures:
We can use several methods to prevent ARP poisoning, each with its own positives and
negatives. These include static ARP entries, encryption, VPNs, packet sniffing, Poisoning detection
software, OS security,etc.
Static ARP entries:
This solution involves a lot of administrative overhead and is only recommended for
smaller networks. It involves adding an ARP entry for every machine on a network into each
individual computer.
Mapping the machines with sets of static IP and MAC addresses helps to prevent
spoofing attacks, because the machines can ignore ARP replies.
Encryption:
Protocols such as HTTPS and SSH can also help to reduce the chances of a successful
ARP poisoning attack. When traffic is encrypted, the attacker would have to go to the additional step
of tricking the target’s browser into accepting an illegitimate certificate.
VPN: If it is just a single person making a potentially dangerous connection, such as using public wifi
at an airport, then a VPN will encrypt all of the data that travels between the client and the exit server.
Operating System Security:
This measure is dependent on the OS been used. The following are the basic
techniques used by various operating systems.
 Linux: These work by ignoring unsolicited ARP reply packets.
 Microsoft Windows: The ARP cache behavior can be configured via the registry. The
following list includes some of the software that can be used to protect networks against sniffing;
AntiARP- provides protection against both passive and active sniffing
Agnitum Outpost Firewall-provides protection against passive sniffing
XArp- provides protection against both passive and active sniffing
 Mac OS: ArpGuard can be used to provide protection. It protects against both active
and
passive sniffing.
Sniff Traffic:
Network sniffing is the process of intercepting data packets sent over a network. This can be
done by the specialized software program or hardware equipment. Sniffing can be used to;
• Capture sensitive data such as login credentials
• Eavesdrop on chat messages
• Capture files have been transmitted over a network.
Types of Sniffing:
Passive sniffing is intercepting packages transmitted over a network that uses a hub. It is
called passive sniffing because it is difficult to detect. It is also easy to perform as the hub sends
broadcast messages to all the computers on the network.
Active sniffing is intercepting packages transmitted over a network that uses a switch. There
are two main methods used to sniff switch linked networks, ARP Poisoning, and MAC flooding.
Sniff Traffic using ARP Poisoning:
Step 1: Open the command prompt and Enter the command. ipconfig
/all

Detailed information about all the network connections available on your computer will be
displayed. The results shown below are for a broadband modem to show the MAC address and IPv4
format and wireless network to show IPv6 format.
Step 2: apr command calls the ARP configure program located in Windows/System32 directory
-a is the parameter to display to contents of the ARP cache.
arp –a

Step 3: Static entries are added manually and are deleted when the computer is restarted.
Step 4: After getting the IP/MAC address, enter the following command.
arp –s 192.168.1.38 60-36-DD-A6-C5-43
Step 5: To view the ARP cache
arp –a
 The IP address has been resolved to the MAC address we provided and it is of a static type.
Step 6: Command to remove an entry.
arp –d 192.168.1.38

ARP poisoning works by sending fake MAC addresses to the switch.

Result:
Thus, the Sniff Traffic using ARP Poisoning have been executed successfully.
 Exp.No: 8
Demonstrate Intrusion Detection system using any tool.
Date:

Aim:
To implement Intrusion Detection System using Snort tool.
Intrusion Detection System:
An intrusion detection system (IDS) is a network security tool that monitors network traffic
and devices for known malicious activity, suspicious activity or security policy violations.
It observes network traffic for malicious transactions and sends immediate alerts when it is
observed.
Each illegal activity or violation is often recorded either centrally using a SIEM system or
notified to an administration.
Working of an IDS:
 An IDS (Intrusion Detection System) monitors the traffic on a computer network to detect
any suspicious activity.
 It analyzes the data flowing through the network to look for patterns and signs of
abnormal behavior.
 The IDS compares the network activity to a set of predefined rules and patterns to
identify any activity that might indicate an attack or intrusion.
 If the IDS detects something that matches one of these rules or patterns, it sends an alert
to the system administrator.
 The system administrator can then investigate the alert and take action to prevent any
damage or further intrusion.
IDS Detection Methods:

• Signature-based detection system:

A signature-based IDS monitors inbound network traffic, looking for specific patterns and
sequences that match known attack signatures. While it is effective for this purpose, it is incapable of
detecting unidentified attacks with no known patterns.

• Anomaly-based detection system:

The anomaly-based IDS is a relatively newer technology designed to detect unknown attacks,
going beyond the identification of attack signatures. This type of detection instead uses machine
learning to analyze large amounts of network data and traffic.
Anomaly-based IDS creates a defined model of normal activity and uses it to identify anomalous
behavior. However, it is prone to false positives.
Types of IDS:
 1)Network-based intrusion detection system (NIDS):
A network IDS monitors a complete protected network. It is deployed across the
infrastructure at strategic points, such as the most vulnerable subnets. The NIDS monitors all traffic
flowing to and from devices on the network, making determinations based on packet contents and
metadata.
2)Host-based intrusion detection system (HIDS):
A host-based IDS monitors the computer infrastructure on which it is installed. It is
deployed on a specific endpoint to protect it against internal and external threats. The IDS
accomplishes this by analyzing traffic, logging malicious activity and notifying designated
authorities.
3) Protocol-based (PIDS):
A protocol-based intrusion detection system is usually installed on a web server. It
monitors and analyzes the protocol between a user/device and the server.
4)Application protocol-based (APIDS)
An APIDS is a system or agent that usually sits inside the server party. It tracks and
interprets correspondence on application-specific protocols.
5)Hybrid intrusion detection system
A hybrid intrusion detection system combines two or more intrusion detection
approaches. This detection system is more powerful compared to other systems.
Snort:
Snort is based on libpcap(library packet capture), a tool widely used in TCP/IPtraffic sniffers and
analyzers. Through protocol analysis, content searching and matching, Snort detects attack methods,
including denial of service, buffer overflow, CGI attacks, stealthport scans, and SMB probes.
When suspicious behavior is detected, Snort sends a real-time alert to syslog, a separate 'alerts'
file, or to a pop-up window.

Snort is currently the most popular free network intrusion detection software.
It is ease of configuration. Rules are very flexible, easily written, and easily inserted into the rule
base. Another advantage of snort is that it allows for raw packet data analysis.
Installation of Snort:
Step 1: Visit the website https://www.snort.org/downloads and download Snort tool.
Step 2: Select “I agree”  Select Snort, Dynamic modules, Documentation  Next.
Step 3: Choose a destination folder by clicking on Browse button, the default path is “C:/Snort”
Step 4: In command prompt, type the snort path. “cd \snort”
 Step 5: Type “snort –V” in command prompt to check the version of Snort tool.
Step 6: Download the Snort rules from https://www.snort.org/downloads ,Click sign in.
A compressed folder “snortrules-snapshot- 29161.tar.gz” will be downloaded.
Step 7: Open the “snortrules-snapshot-29161.tar” folder and find “rules” folder. Open the “rules”
folder and copy all the rules present inside it.
Step 8: Go to “C:\Snort\rules” and paste all the rules files.
Step 9: To edit the snort.conf file, Go to “C:\Snort\etc” to open the snort.conf file
Step 10: Open the command prompt and type “ipconfig”.

Step 11: Set the network variables of snort.conf file by typing the IP address (10.0.0.2). Set up
the external network address as home network ($HOME_NET).
Step 12: Set up the network address to be protected.
ipvar HOME_NET 10.0.0.2
Step 13: Set up the External Network Address as HOME_NET.
ipvar EXTERNAL_NET $HOME_NET
Step 14: Set the path of the rules files as “C:\Snort\rules” and “C:\Snort\preproc_rules”.
Set the white list and black list path as to “C:\Snort\rules”.
Step 15: Configure the decoder of snort.conf file by setting the path of the log directory as
“C:\Snort\log”
 Configure dynamic loaded libraries by setting the path of the dynamic preprocessor libraries
as “C:\Snort\lib\snort_dynamicpreprocessor”,base preprocessor engine as
“C:\Snort\lib\snort_dynamicengine\sf_engine.dll”.
Step 16: Configure preprocessors by removing the “\” and putting decompress_swf and
decompress_pdf in comments. Also, edit the preprocessor bo in comments. Delete comment from
preprocessor sfportscan.

Step 17: Set path to white list and black list, Create new, Save files in directory.
Step 18: Customize the forward slash “/” with backslash “\”.

Step 19: Customize preprocessor and decoder alerts by replacing the forward slash “/” with
backslash “\”.
Step 20: Open the command prompt and go to “C:\Snort\bin” and type “snort –W” to check the
available interface.

Step 21: Execute the Snort tool in the command prompt by typing “snort –i
2 –c C:\Snort\etc\snort.conf” . i - interface ; c - configuration file.

Step 22: Rules to detect scanning attacks. After running Snort in IDS mode, the next step is to
write rules in “local.rules” file, the following rules can be added to detect SYN attack, UDP scan,
PINK scan, FIN scan, NULL scan, XMAS scan, and TCP scan.
 alert tcp any any -> any any (msg: "SYN attack"; flags: S,12; sid: 10000005;)
 alert udp any any -> 192.168.43.160 any (msg: "UDP Scan"; sid: 10001;rev: 1;)
 alert icmp any any -> 192.168.43.160 any (msg: "PING Scan"; dsize:0;sid:10002; rev: 1;)
 alert tcp any any -> $HOME_NET any (msg: "FIN Scan"; flags: F; sid: 10003;rev: 1;)
 alert tcp any any -> $HOME_NET any (msg: "NULL Scan"; flags: 0; sid: 10004;rev: 1;)
 alert tcp 192.168.43.160 any -> $HOME_NET 22 (msg: "XMAS Scan"; flags: FPU;
sid: 10005;rev: 1;)
 alert tcp 192.168.43.160 any -> 192.168.43.160 any (msg: "TCP Scan"; flags: S,12; sid:
10006;rev: 1;)
 Step 23: Execute Snort in IDS mode by typing “snort –i 1 –c C:\Snort\etc\snort.conf –A console”
in the command prompt and press Enter.
Step 24: Perform network scanning attacks with nmap by typing “nmap –p 1-65535 –v
10.0.0.2” in the command prompt where p is the port number and v is the verbose mode. The network
scanning attacks can be performed with Zenmap tool.

Step 25: The network scanning attacks are detected by Snort IDS as shown.
Result:
Thus, the Intrusion Detection System using Snort tool has been implemented successfully.
 Exp.No: 9
Explore Network Monitoring tools.
Date:

Aim:
To explore the network monitoring tools.
Network Monitoring:
Network monitoring tools gather and analyze network data to provide network administrators
with information related to the status of network appliances, link saturation, the most active devices,
the structure of network traffic or the sources of network problems and traffic anomalies.
Working of Network monitoring tools:
Network monitoring tools collect data in some form from active network devices, such as
routers, switches, load balancers, servers, firewalls, or dedicated probes, which they analyze to paint a
picture of the network’s condition.
Both collection and analysis are equally important functions of network monitoring tools –
network admins need data that is detailed enough for their purposes, and they need comprehensible
output.
With this information in hand, network administrators can act with certainty and resolve network
problems hindering business operations due to degraded service or outages.
When using a network monitoring tool, the first step is to determine which network devices
should be monitored and establish performance metrics. Then, decide on a monitoring interval that
makes sense for your situation.
Once in place, network monitoring tools scan for network issues. Methods can be as simple as a
ping to ensure a host is available. They can also be more extensive, such as monitoring firewall
access, bandwidth usage, resource consumption, uptime, and unexpected changes in network traffic;
making sure switches, routers, servers, firewalls and other endpoints have an acceptable level of
throughput; performing load balancing; and monitoring for high error rates.
These tools offer visualization of the entire network infrastructure with customizable dashboards
that provide real-time performance graphs and other reports showing how the components look and
whether there are unusual parameters that require further investigation.
Network monitoring solutions send email or SMS notifications to network administrators when
they find problems needing attention. They also share alert notifications with various IT operational
tools, such as AIOps systems.

Types of network monitoring tools:

There are three primary types of network monitoring tools.
 1. SNMP-based tools use Simple Network Management Protocol (SNMP) to interact with
network hardware and track the real-time status and use of resources, such as CPU stats, memory
consumption, bytes transmitted and received, and other metrics. SNMP is one of the most widely

used monitoring protocols, along with Microsoft Windows Management Instrumentation (WMI) for
Windows servers and Secure Shell (SSH) for Unix and Linux servers.

2. Flow-based tools monitors traffic flow to provide statistics about protocols and users. Some
also inspect packet sequences to identify performance issues between two IP addresses. These flow
tools capture traffic flow data and send them to a central collector for processing and storage.

3. Active network monitoring solutions inject packets into the network and measure end-to-end
reachability, round-trip time, bandwidth, packet loss, link utilization and more. By conducting and
measuring real-time transactions from a user’s perspective, these solutions enable faster and more
reliable detection of outages and performance degradation.

There are also both agent and agentless network monitoring methods.
• Agent-based monitoring involves installing an agent, a small application or piece of
software, onto the monitored device.
• Agent-less monitoring (using SNMP and SSH protocols) requires no installation; instead,
network monitoring software logs directly into the monitored device.
Purpose of Network monitoring tools:
Network failures can lead to business disruptions, which can mean a loss of customers, employee
productivity and money.
Investing in network monitoring software, whether commercial or open-source, means taking a
proactive approach to keeping your network infrastructure healthy and maximizing uptime instead of
waiting until an end user reports network problems. Because infrastructure monitoring lets you know
precisely where a network problem occurs, there’s time for troubleshooting before the situation leads
to an outage.
Benefits of network monitoring software:
The primary benefit of network monitoring tools is straightforward and easy-to-understand
visibility into an entire network’s connected devices and how data moves between them.
Modern network performance monitoring systems provide baseline information that lets you
automatically compare data and identify any network performance degradation.
An NPM solution requires less time to fix network performance problems. By detecting an issue
earlier we can troubleshoot and fix it much faster, saving time and money.
 Network performance monitoring also provides historical data and allows the troubleshooting of
past network problems so you can avoid similar issues in the future.
Network monitoring solutions give you reliable and flexible management tools and capabilities,
including pre-configured templates for specific vendors—such as Cisco, Juniper, Arista and Aruba,
among others to ensure working. They help you comply with industry standards and government
regulations.
Monitoring tools can also help you track and benchmark your network’s performance metrics.
Network performance monitoring also lets you keep track of networks that are changing, growing
and becoming more complex over time.
Parameters of a network monitoring tool:
1) Map Generation:
Network Maps are utilized by the monitoring tools for the ease of visualization of the
entire network of an organization either as a centralized network system or as a distributed network
where the maps are divided according to the logical separations of the network.
Network device discovery further aids the process of map generation by identifying the devices
present in the network.
There are various approaches used for network mapping: route analysis, SNMP based
approaches and active probing.
2) Network Configuration:
Network configuration is a very important function for precise functioning of the network
infrastructure of any organization.
Administrators ought to be capable of configuring IP addresses of various types of
devices along with other types of configurations like setting up routing protocols for layer 3 devices,
updating existing configuration, adding dynamic manual routes on the fly, etc.
3) Fault Detection And Alerting:
Fault detection include finding, pinpointing and notifying the fault that can occur
anywhere in the network. The fault can be in the device itself which may again be device specific
such as a memory segmentation fault in a router or it can be a common occurrence such as a link
failure/node failure.
Alerting encompasses smart alerts that reduces unnecessary network alerts.
4) Device Discovery:
Device discovery is done using the SNMP protocol. The devices are scanned, added to
the database and imported into the monitoring tool.
Device discovery identifies the type of device along with other details such as the layer in
which it works, average response time, packet loss, operating-system, memory processing power, etc.
5) Network Traffic Trend Prediction:
 It is a proactive approach to ensure the security is not compromised within the network.
Trend prediction is beneficial as it can be used for dynamic bandwidth allocation and
network planning.
It also avoids congestion, identify the core links of the network and notify the user so that
a high alert can be placed over that link.
Top 5 network monitoring tools:
1) SuperOps.ai :
With SuperOps.ai, you get an AI-powered RMM and PSA solution in one tool. Once
deployed, the tool will grant you complete visibility over your clients’ entire asset network. You can
use this to view, track, and manage all of these assets from a single, intuitive dashboard.

2) Atera:
Atera is a cloud-based, Remote IT Management platform that provides a powerful and
integrated solution, for MSPs, IT consultants, and IT departments. With Atera you can monitor
unlimited devices and Networks for a flat low rate.

INFORMATION TECHNOLOGY
 3) NinjaOne (Formerly NinjaRMM):
With Ninja, you get a complete set of tools to monitor, manage, secure, and improve all of
your network devices, Windows, Mac workstations, laptops, and servers regardless of their location.

4) Auvik:
Auvik is a cloud-based solution for network management and monitoring. It is easy to use
and helps you with preventing, detecting, and resolving issues faster. The traffic analysis tools detect
anomalies faster. It provides automated security and performance updates and encrypts network data
with AES-256.

5)SolarWinds Network Performance Monitor:

SolarWinds provides the Network Performance monitor that can reduce network outages
and improve performance. It is a scalable solution with smarter scalability for large environments.
Result:
Thus, the network monitoring tools have been explored successfully.
 Exp.No:10
Study to configure Firewall,VPN.
Date:

Aim:
To study the role of firewalls and virtual private networks (VPNs) in providing security to
shared public networks such as the Internet.
Firewall:
A network security device that observes and filters incoming and outgoing network traffic,
adhering to the security policies defined by an organization. Essentially, it acts as a protective wall
between a private internal network and the public Internet.
Firewalls are network security systems that prevent unauthorized access to a network. It can
be a hardware or software unit that filters the incoming and outgoing traffic within a private network,
according to a set of rules to spot and prevent cyberattacks.
A firewall router is a specially programmed router that sits between a site and the rest of the
network. It is a router in the sense that it is connected to two or more physical networks, and it
forwards packets from one network to another, but it also filters the packets that flow through it.
Types of Firewalls:
There are multiple types of firewalls based on their traffic filtering methods, structure, and
functionality. A few of the types of firewalls are:
 Software Firewall
 Hardware Firewall
 Packet Filters
 Stateful Inspection Firewall
 Application Layer Firewall
 Next-generation Firewall
 Circuit-level gateways
 Cloud Firewall Functions of Firewall:
The most important function of a firewall is that it creates a border between an external network
and the guarded network where the firewall inspects all packets (pieces of data for internet transfer)
entering and leaving the guarded network.
Once the inspection is completed, a firewall can differentiate between benign and malicious
packets with the help of a set of pre-configured rules.
This packet form information includes the information source, its destination, and the content.

VPN:
 A virtual private network (VPN) adds security and anonymity to users when they connect to
webbased services and sites, it hides the user’s actual public IP address and “tunnels” traffic between
the user’s device and the remote server.
This makes it more difficult for third parties to track the activities online and steal data. The
encryption takes place in real time.
Working of VPN:
A VPN hides your IP address by letting the network redirect it through a specially configured
remote server run by a VPN host.
This means that if you surf online with a VPN, the VPN server becomes the source of your data.
This means your Internet Service Provider (ISP) and other third parties cannot see which websites
you visit or what data you send and receive online.
VPNs utilize a concept called an IP tunnel, a virtual point-to-point link between a pair of nodes
that are actually separated by an arbitrary number of networks.
The virtual link is created within the router at the entrance of the tunnel by providing it with the
IP address of the router at the far end of the tunnel.
Whenever the router at the entrance of the tunnel wants to send a packet over this virtual link, it
encapsulates the packet inside an IP datagram. The destination address in the IP header is the address
of the router at the far end of the tunnel, whereas the source address is that of the encapsulating router.
Procedure:
1)Create a New Project:
• Start OPNET IT  File  New  Select Project  Name the project <name >_VPN, then
NoFirewall.
• Click Quit on the Startup Wizard.
2)Create and Configure the Network:
Initialize the network:
 Open the Object Palette dialog box. Make sure that the internet_toolbox item is
selected from the pull-down menu on the object palette.
 Add the following objects from the palette to the project workspace. Application
Config, Profile Config, an ip32_cloud, one ppp_ server, three ethernet4_slip8_gtwy routers,
and two ppp_wkstn hosts.
 Rename the objects you added and connect them using PPP_DS1 links.
Configure the nodes:
1.Right-click on the Applications node  Edit Attributes  Assign Default to Application
Definitions attribute.
2.Right-click on the Profiles node  Assign Sample Profiles to Profile Configuration attribute.
3.Right-click on the Server node  Assign All to the Application: Supported Services attribute.
 4.Right-click on the Sales A node  Select Similar Nodes.
a.Right-click on the Sales A node Check the Apply Changes to Selected Objects
check-box.
b.Expand the Application: Supported Profiles attribute  Set rows to 1  Expand the
row 0 hierarchy  Profile Name = Sales Person .

Choose the Statistics:

1.Right-click anywhere in the project workspace and select Choose Individual Statistics.
2.In the Choose Results dialog box, check the following statistics:
a.Global Statistics  DB Query  Response Time (sec).
b.Global StatisticsHTTP  Page Response Time (seconds).
3.Right-click on Sales A, B nodes, and select Choose Individual Statistics. In the Choose Results
dialog box, check the following statistics:
a.Client DB  Traffic Received (bytes/sec).
b.Client Http  Traffic Received (bytes/sec).
The Firewall scenario:
In the network we created, the Sales Person profile allows access to apps like db access,
email, web browsing from server.
Select Duplicate scenarios  name it as Firewall  Edit the attributes in Router C.
Assign ethernet_2_slip8_firewall to model attribute.
Expand the hierarchy of proxy server information  Assign No to Deployed.
The Firewall_VPN Scenario:
In the Firewall scenario, we protected the databases in the server from “any” external access using
a firewall router. Assume that we want to allow the people in the Sales A site to have access to the
databases in the server. Since the firewall filters all database-related traffic regardless of the source of
the traffic, we need to consider the VPN solution.
A virtual tunnel can be used by Sales A to send database requests to the server. The firewall will
not filter the traffic created by Sales A because the IP packets in the tunnel will be encapsulated inside
an IP datagram.
1. In the Firewall scenario, select Duplicate Scenario, name it as Firewall_VPN  Click OK.
2.Remove the link between Router C and the Server.
3.Open the Object Palette dialog box, check the internet_toolbox.
a.Add to the project workspace one ethernet4_slip8_gtwy and one IP VPN Config.
 b.From the Object palette, use two PPP_DS1 links to connect the new router to the Router
C (the firewall) and to the Server.
4.Rename the IP VPN Config object to VPN.

Configure the VPN:

Right-click on the VPN node Edit Attributes.
i. Expand the VPN Configuration hierarchy Set rows to 1 Expand row 0 hierarchy
Edit the value of Tunnel Source Name and write down Router A Edit the value of Tunnel
Destination Name and write down Router D. ii. Expand the Remote Client List hierarchy Set
rows to 1 Expand row 0 hierarchy Edit the value of Client Node Name and write down Sales
A. iii. Click OK and then save your project.

Run the Simulation:

To run the simulation for the three scenarios simultaneously:
1. Go to the Scenarios menu  Select Manage Scenarios.
2. Change the values under the Results column to <collect> (or <recollect>) for the three scenarios.
Configured Firewall VPN:
To view and analyze the results:

1. Select Compare Results from the Results menu.

 2. Expand the Sales A hierarchy  Expand the Client DB hierarchy 
Select the Traffic Received statistic.
3. Change the drop-down menu in the middle-lower part of the Compare
Results dialog
box from As Is to time_average.
4. Press Show and the resulting graph displays.

Result:
Thus, the role of firewalls and virtual private networks (VPNs) in providing security to shared
public networks such as the Internet have been configured successfully.