Jayawant Shikshan Prasarak Mandal

CS4103B

Cyber Security and Forensic

Laboratory Manual

Computer Engineering
Author: - Prof. A. U. Bhosale

© JSPM Group of Institutes, Pune. All Rights Reserved. All the information in this
Course Manual is confidential. Participants shall refrain from copying, distributing,
misusing or disclosing the content to any third parties any circumstances
whatsoever.

1|Page
Table of Contents
Sr . No. Topic Page. No.
A. Vision, Mission 3

B. PEOs and Pos 5

C. PSOs 8

D. Course Objectives and its mapping with POs and PSOs 11

E. Lab Plan
F. List of Experiments
1. Learn to install wine / virtual box or any other equivalent Software on the 9
host os.

Perform an experiment to grab a banner with telnet and perform the task 13
2. using netcat utility

3. Perform an experiment for port scanning with nmap, superscan Or any 16

other software

4. Perform an experiment on active and passive finger Printing using 20

xprobe2 and nmap.

5. Performa an experiment to demonstrate how to sniff for router Traffic by 28

using the tool wire shark.

6. Perform an experiment how to use dumpsec. 31

7. Write a program in C++ /Python to analyze email header. 33

8. Write a program to Implement a fingerprint recognition using Java 35

Programming

9. Implement a program to generate and verify CAPTCHA image. 38

G. References 40

2|Page
COMPUTER ENGINEERING DEPARTMENT
Vision of Department

To create quality computer professionals through an excellent

academic environment.

Mission of Department

1. To empower students with the fundamentals of Computer

Engineering for being successful professionals.
2. To motivate the students for higher studies, research, and
entrepreneurship by imparting quality education.
3. To create social awareness among the students.

3|Page
Program Educational Objectives (PEOs) of Department

PEO I: Graduate shall have successful professional careers,

lead and manage teams.

PEO II: Graduate shall exhibit disciplinary skills to resolve real

life problems.

PEO III: Graduate shall evolve as professionals or researchers

4|Page
COMPUTER ENGINEERING DEPARTMENT
Program Outcomes

Engineering Graduates will be able to:

1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering fundamentals,

and an engineering specialization to the solution of complex engineering problems.

2. Problem analysis: Identify, formulate, review research literature, and analyze complex engineering
problems reaching substantiated conclusions using first principles of mathematics, natural sciences, and
engineering sciences.

3. Design/development of solutions: Design solutions for complex engineering problems and design
system components or processes that meet the specified needs with appropriate consideration for the
public health and safety, and the cultural, societal, and environmental considerations.

4. Conduct investigations of complex problems: Use research-based knowledge and research methods
including design of experiments, analysis and interpretation of data, and synthesis of the information to
provide valid conclusions.

5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern
engineering and IT tools including prediction and modeling to complex engineering activities with an
understanding of the limitations.

6. The engineer and society: Apply reasoning informed by the contextual knowledge to assess societal,
health, safety, legal and cultural issues and the consequent responsibilities relevant to the professional
engineering practice.

7. Environment and sustainability: Understand the impact of the professional engineering solutions in
societal and environmental contexts, and demonstrate the knowledge of, and need for sustainable
development.

8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and norms of
the engineering practice.

9. Individual and team work: Function effectively as an individual, and as a member or leader in
diverse teams, and in multidisciplinary settings.

10. Communication: Communicate effectively on complex engineering activities with the

engineeringcommunity and with society at large, such as, being able to comprehend and write effective
reports anddesign documentation, make effective presentations, and give and receive clear instructions.

11. Project management and finance: Demonstrate knowledge and understanding of the engineering
and management principles and apply these to one’s own work, as a member and leader in a team, to
manage projects and in multidisciplinary environments.

12. Life-long learning: Recognize the need for, and have the preparation and ability to engage in
independent and life-long learning in the broadest context of technological change.

5|Page
 JSPM’s
RAJARSHI SHAHU COLLEGE OF ENGINEERING
TATHAWADE, PUNE-33
(An Autonomous Institute affiliated to Savitribai Phule Pune University, Pune)

COMPUTER ENGINEERING DEPARTMENT

Program Specific Outcomes (PSOs):
A graduate of the Computer Engineering Program will demonstrate

PSO1: Domain Specialization:

The ability to understand, analyze and develop computer programs related to
algorithms, system software, multimedia, web design, data science, and
networking for efficient design of computer-based systems.

PSO2: Problem-Solving Skills:

Applying standard practices and strategies in software project development using
open-ended programming environments to deliver advanced computing systems.

PSO3: Professional Career and Entrepreneurship:

The ability to employ modern computer languages, operating environments, and
platforms in creating innovative career paths to be an entrepreneur.

6|Page
 CO Description

CO1 Comprehend basic concepts different types of firewalls, packet filters, NAT and VPN
CO2 Illustrate concepts of different types of web vulnerabilities tools
CO3 Comprehend concept of different types of network traffic tools.
CO4 Illustrate concepts Digital Investigation Methods.

Sub code CO PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO PO PO PSO PSO PSO
10 11 12 1 2 3
Subject
CS4103B CO1 2 2 1 3 2 3

Cyber CO2 3 2 2 1 3 2 3 1
Security & CO3 3 3 2 2 2 3 2 2 2

Forensic CO4 3 3 2 2 2 1 1 1

2.7 2.5 1.75 1 2.5 2.5 1.75 1

Average Mapping 2.5

7|Page
 EXPERIMENT NO: 01

Learn to install wine / virtual box or any other equivalent Software

on the host os.

8|Page
 Aim:

Learn to install wine / virtual box or any other equivalent Software on the host os.

Objective:

i) It allows users to extend their existing computer to run multiple operating systems including
Microsoft Windows, Mac OS X, Linux, and Oracle Solaris, at the same time.
ii) Support legacy applications.

S/W requirement:

 An x86 64-bit processor, most recent Intel or AMD processor will work.
 2GB RAM minimum/ 4GB RAM recommended.
 300MB of available disk space for the application PLUS.
 At least 25 GB of disk space for the VM .

Theory:

Introduction:
The techniques and features that VM VirtualBox provides are useful in the following scenarios:

 Running multiple operating systems simultaneously-VirtualBox enables you to run more than one OS at a time.
This way, you can run software written for one OS on another, such as Windows software on Linux or a Mac, without
having to reboot to use it. Since you can configure what kinds of virtual hardware should be presented to each such
OS, you can install an old OS such as DOS or OS/2 even if your real computer's hardware is no longer supported by
that OS.

 Easier software installations-Software vendors can use virtual machines to ship entire software configurations. For
example, installing a complete mail server solution on a real machine can be a tedious task. With VirtualBox, such a
complex setup, often called an appliance, can be packed into a virtual machine. Installing and running a mail server
becomes as easy as importing such an appliance into VirtualBox.

 Testing and disaster recovery-Once installed, a virtual machine and its virtual hard disks can be considered
a container that can be arbitrarily frozen, woken up, copied, backed up, and transported between hosts.

Using virtual machines enables you to build and test a multi-node networked service, for example. Issues with
networking, operating system, and software configuration can be investigated easily.

The main components of the VirtualBox Manager window are as follows:

 The machine list- The left pane of the VirtualBox Manager window lists all your virtual machines. If you have not
yet created any virtual machines, this list is empty.

 The Details pane- The pane on the right displays the properties of the currently selected virtual machine. If you do not
have any machines yet, the pane displays a welcome message.

The process of VirtualBox installation

9|Page
Enable CPU virtualization features

Deploying a New VM

Once you have installed VirtualBox, open the application. You can see the graphical user interface of VirtualBox
which is unified for all supported host operating systems. You can also use the command line interface and
VBoxManage if needed.

There are Three ways to Install Virtual Box

1) Install VirtualBox from Ubuntu Repository

Open the terminal and run this command.

sudo apt install VirtualBox

To check if it is installed.

We use the `dpkg` command which is used to manage installed packages on Debain-based system like
Ubuntu.
dpkg -l | grep virtualbox

2) Install VirtualBox using GUI (Graphical User Interface)

To download VirtualBox, go to the official site virtualbox.org and download the latest version for
Linux.

3) Installing VirtualBox using Oracle’s repository

Step 1: Run this command in your terminal

sudo gpg --dearmor -o /usr/share/keyrings/oracle-virtualbox-2016.gpg
Step 2: Run this command in your terminal (
sudo add-apt-repository
Step 3: Update the package list.
Step 4: Command for installation of virtualbox
sudo apt-get install virtualbox

Conclusion: T h u s virtual box is installed to run multiple operating systems.

10 | P a g e
 EXPERIMENT NO: 02

Perform an experiment to grab a banner with telnet and perform the task
using netcat utility

11 | P a g e
Aim:
Perform an experiment to grab a banner with telnet and perform the task using netcat utility.
Objective:
Banner grabbing is a method used by attackers and security teams to obtain information about
network computer systems and services running on open ports.

S/W requirement:
 A Personal Computer with a 486/100 MHz CPU or higher
 Microsoft Windows NT 4.0, Windows 2000, Windows XP or Windows 2010
 TCP/IP networking must be installed and configured
Theory

Banner Grabbing

Banner Grabbing is the term used to refer to the technique of grabbing information of a system
available on a certain network and all the services running on its open ports. The Administrator can
use this technique totally or take inventory of the system and its services on their available network.
Banner hacking is often applicable for performing white hat hacking endeavors as well as for grey
hacking. This technique can gain information from banners and configurable text-based welcome
screens from network hosts. These banners and network hosts generally contain information about
the system. One of the important points of banner grabbing is that this technique is intended to be
used by the administrator only. Few examples of service ports that are used for the Banner Grabbing
technique are HyperText Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Service Mail
Transfer Protocol (SMTP). There are two types of techniques available to perform Banner Grabbing.
This section of the article will cover different techniques used for Banner Grabbing. 1.Active Banner
Grabbing: This technique is the most popular and the most widely used technique to do Banner
Grabbing. In this type of Banner Grabbing, the packets are sent to the remote host and then they wait
for the response to analyze the data. The sender can craft or modify the packets according to them. It
involves the opening of a TCP (Transmission
Control Protocol) connection or similar connection between an original host and the remote host.
This type of Banner Grabbing is called active because the sender’s connection is logged into the
remote host. Active Banner Grabbing may not prove secure always as while hacking, IDS (Intrusion
Detection System) can catch the exploitation against the target computer or system. 2.Passive Banner
Grabbing:This technique, on the other hand, have is less risky than Active Banner Grabbing as in
this technique, the high-level exposure to the connection is avoided. As the directed connection to
the host is avoided and other intimidate Software and Systems are used as a gateway to connect.
Passive Banner Grabbing can also tally all the information available on the system and this technique
is much less risky than Active Banner Grabbing.
Banner Grabbing using telnet:
Telnet:
It is the most popular and best tool for using the technique of banner Grabbing. Telnet web tool is the
cross-platform that is available which helps to interact with remote servers for banner grabbing.
Telnet allows querying any service, only by typing telnet IP PORT, where IP represents the IP
address of the network and PORT represents the portal where the remote host is running. For doing
banner grabbing using telnet you need to have telnet installed on your system. If it’s not in then you
can install it by using command sudo apt-get install telnet Also, as we are checking port no 80 for
banner grabbing. So, make sure you have installed Apache server too. If its already installed then
12 | P a g e
Run it before performing banner grabbing.
Command to install apache:
sudo apt-get install apache2
Syntax for Banner grabbing using telnet:
telnet target_IP_address port_no
Netcat is a networking utility that reads and writes data across network connections, using the
TCP/IP protocol. It is designed to be a reliable “back-end” tool that can be used directly, or easily
driven by other programs and scripts. At the same time, it is a feature-rich network debugging and
exploration tool (since it can create almost any kind of connection you would need and has several
interesting built-in capabilities).
It provides access to the following main features:
 Outbound or inbound connections, TCP or UDP, to or from any ports
 Full DNS forward/reverse checking, with appropriate warnings
 Ability to use any local source port
 Ability to use any locally-configured network source address
 Built-in port-scanning capabilities, with randomizer
 Built-in loose source-routing capability
 Can read command line arguments from standard input
 Optional ability to let another program service inbound connections

Conclusion
Thus, we have successfully perform experiment to grab a banner with telnet and perform the task using
netcat utility.

13 | P a g e
 EXPERIMENT NO: 03

Perform an experiment for port scanning with nmap, superscan

Or any other software

14 | P a g e
 Aim:

Perform an experiment for port scanning with nmap, superscan Or any other software .

Objectives:

1) Network exploration
2) Host Discovery
3) Port Scanning
4) Service detection
5) Operating System detection
6) Vulnerabilities Scanning

S/W requirement:

1. A computer with Internet access

2. Nmap (https://nmap.org/)
3. SuperScan (https://www.mcafee.com/enterprise/en-us/downloads/free-tools/superscan.html)
4. A target system (could be a virtual machine or a remote host with permission)

Theory:

Introduction:

Nmap is a security auditing tool used in the security field to actively enumerate a target
system/network. It is one of the most extensively used tools by network administrators and conversely
attackers for reconnaissance (enumeration), the first step in the 5 phases of hacking. Nmap is used to
actively probe the target network for active hosts(host discovery), port scanning, OS detection,
version details, and active services running on the hosts that are up. For this, Nmap uses the technique
of sending packets and analyzing the responses.
Port Scanning is one of the features of Nmap wherein the tool detects the status of the ports on active
hosts in a network. The status of the ports can be open, filtered, or closed. Type Nmap in the
command line to run Nmap. Add necessary switches according to the scanning type to initiate a
specific scan technique.

Types of Port Status:

 Open: The open status means that the given port is open and is actively running a service.
 Filtered: The filtered status means that the respective port might be hidden behind a firewall and its status
remains unknown.
 Closed: The closed state represents a given port is closed on the host machine.

Different Port Scanning Techniques in Nmap:

The following are the extensively used scanning techniques in Nmap:
1. TCP Connect Scan (-sT): TCP Connect scan uses the concept of a full three-way handshake to discover
whether a given port is open, filtered, or closed according to the response it receives. Nmap sends a TCP request
15 | P a g e
packet to each and every port specified and determines the status of the port by the response it receives. RFC 793
says,
If the connection does not exist (CLOSED) then a reset is sent in response to any incoming segment except
another reset. In particular, SYNs addressed to a non-existent connection are rejected by this means.
 What it essentially means is that if Nmap sends a TCP request to a closed port with its SYN flag set, then it
receives a TCP packet with its RESET FLAG set from the target server. This tells Nmap that the specified port
is “closed”.
 Otherwise, if the port is actually “open”, then Nmap receives a response with SYN/ACK flags set responding
to the packet sent by Nmap with its SYN flag set.
 The third possibility is that if a port is filtered, most of the server’s firewalls are configured to just drop
incoming packets. Nmap doesn’t receive any response back. This essentially means that the given port is
running behind a firewall (i.e “filtered”).
2. TCP SYN Scan (-sS): SYN scans are often called “Half-open” or “Stealth” scans. SYN scan works the same
way as TCP Connect scan with closed and filtered ports i.e receives a RST packet for closed port and no response
for filtered ports. The only difference is in the way they handle the open ports. SYN scan sends a response packet
to the server with its RESET FLAG set(but not ACK which is usually the default in the actual three-way
handshake) after receiving SYN/ACK from the target server. This is to avoid the server from continuously
making requests to establish a connection and thereby reduce the scan time.
This scan type is referred to as a stealth scan due to the following advantages:
 Faster because it doesn’t have to complete the full three-way handshake.
 Some applications often log only those connections that are fully established. So applications listening on
open ports do not log these connections which makes SYN scan “stealthy”.
3. UDP Scan (-sU): UDP unlike TCP, doesn’t perform a handshake to establish a connection before sending data
packets to the target port but rather sends the packets hoping that the packets would be received by the target port.
That is why UDP connections are often called “stateless”. This type of connection is more efficient when speed
dwarfs quality, like in video sharing. As there will be no acknowledgment from the target port whether it has
received the packet, UDP scans become more difficult and very much slower.
 When there’s no response from the target port after sending a UDP packet, it often times means that the port is
either “open” or is running behind a firewall i.e “filtered” in which case the server would just drop the packet
with no response.
 UDP scan can effectively identify closed ports as the target UDP port responds with an ICMP packet with a
message that the port is unreachable.

Procedure:
1. Install Nmap:
a. Download the latest version of Nmap from the official website.
b. Follow the installation instructions specific to your operating system.
c. Verify the installation by opening a command prompt or terminal and typing "nmap" - you
should see the Nmap command-line interface.

2. Install SuperScan:
a. Download SuperScan from the provided link.
b. Run the installer and follow the on-screen instructions to complete the installation.
c. Launch SuperScan to ensure it is installed correctly.

3. Identify the target system:

a. Ensure you have permission to scan the target system.
b. Obtain the target system's IP address or domain name.

16 | P a g e
4. Port Scanning with Nmap:
a. Open a command prompt or terminal.
b. Type the following command to perform a basic port scan on the target system:

nmap <target IP or domain>

c. Analyze the results displayed by Nmap, which will show open, closed, or filtered ports.
d. Experiment with different Nmap scanning techniques and options to gain more insights into
the target system's ports and services.
e. Use the Nmap documentation or online resources to explore advanced scanning techniques.

5. Port Scanning with SuperScan:

a. Launch SuperScan.
b. Enter the target IP or domain in the "Host" field.
c. Configure the scanning options, such as port range and scan type.
d. Click the "Start" button to initiate the scan.
e. Analyze the results obtained from SuperScan, which will provide information about open
and closed ports.
f. Experiment with different scan types and options available in SuperScan to further explore
the target system's ports and services.

Conclusion: By analyzing the scan results, we gain insights into the services running on the target
system and identified potential security vulnerabilities.

17 | P a g e
 EXPERIMENT NO: 04

Perform an experiment on active and passive finger

Printing using xprobe2 and nmap.

18 | P a g e
 Aim :

Perform an experiment on active and passive finger Printing using xprobe2 and nmap.

Objective:
Active fingerprinting involves sending specific packets to a target system and analyzing the
responses, while passive fingerprinting relies on capturing network traffic to identify systems.

S/W Requirements:
1. A computer running a Linux operating system (recommended) or a virtual machine with Linux
installed.
2. Xprobe2 and Nmap tools, both of which can be installed using package managers like apt-get or
yum.

Theory:

Passive fingerprinting uses a sniffer (such as Wireshark) to capture traffic sent from a system. It
analyzes this traffic to determine what the server is doing. A key point is that passive fingerprinting
does not send any traffic to the target system but instead just collects the traffic. With this in mind,
passive fingerprinting cannot be done from remote attackers. It can only be done with a sniffer
installed in the network.

If a hacker can determine what type of operating system a targeted computer is running, he or she can
work to exploit the vulnerabilities present in that operating system. OS Fingerprinting is used by
security professionals and hackers for mapping remote networks and determining which
vulnerabilities might be present to exploit. In fact, it is a tactic used by cyber-criminals and even
ethical hackers to figure out what type of operating system is being used by a target computer on a
network. In fact, by analyzing certain protocol flags, options, and data in the packets a device sends
onto the network, hackers can make relatively accurate guesses about the OS that sent those packets.
OS Fingerprinting works only for packets that contain a full-fledged TCP connection; that is the TCP
connection should have a SYN, SYN/ACK, and ACK connection.
There are two Fingerprinting:
 Active
 Passive

Active OS fingerprinting:
Active OS fingerprinting involves actively determining a targeted PC’s OS by sending
carefully crafted packets to the target system and examining the TCP/IP behavior of received
responses. The main reason why an attacker may prefer a passive approach is to reduce the risk of
being caught by an IDS, IPS, or a firewall. Properly configured, implemented, and maintained IDSes,
IPSes, and firewalls can mitigate active fingerprinting. In other words, active fingerprinting is
challenging the target machine to see what happens.
Active fingerprinting works by sending packets to a target and analyzing the packets that are sent
back. Almost all active fingerprinting these days is done with Nmap.
Nmap is usually used by network administrators to monitor the security of their networks. In fact,

25 | P a g e
Nmap is an effective application for both admins and attackers. Nmap sends probes to lots of different
TCP/IP ports, and analyzes what returned. Nmap utilizes scripting that analyzes that data to print out
results that are useful for OS fingerprinting. Running an OS fingerprinting scan in Nmap is as simple
as typing:
“Nmap -A ip_address_or_domain_name_of_target”.

Passive OS fingerprinting:
Passive OS fingerprinting is a more effective way of avoiding detection or being stopped by a
firewall and it examines of passively collected sample of packets from a host. Passive fingerprinting
uses a pcap (packet capture) API. In GNU/Linux and BSD/Unix operating systems, pcap can be found
in the libpcap library, and for Windows, there’s a port of libpcap called WinPcap. Passive
fingerprinting can make a guess of a target’s OS, because different OSes have different TCP/IP
implementations.
Passive OS fingerprinting is less accurate than active OS fingerprinting, but may be a technique
chosen by an attacker or penetration tester who wants to avoid detection. Passive fingerprinting can be
mitigated by assuring that NICs (network interface cards) don’t operate in promiscuous mode.

There are following four important elements that we will look at to determine the operating system
 TTL: What the operating system sets the Time-To-Live on the outbound packet.
 Window Size: What the operating system sets the Window Size at.
 DF: Does the operating system set the Don’t Fragment bit?
 TOS: Does the operating system set the type of Service?

XProbe2 – active: This tool is an active OS Fingerprinting tool with a different approach to operating
system fingerprinting. Xprobe2 relies on fuzzy signature matching, probabilistic guesses and multiple
simultaneous matches, and a signature database.

Procedure:
Active Fingerprinting using Xprobe2

Step 1: Install Xprobe2

1. Open the terminal on your Linux system.
2. Install Xprobe2 by running the following command:

Sudo apt-get install xprobe2

Step 2: Identify Target Systems

1. Choose a target system or multiple systems for fingerprinting. These can be remote systems or
virtual machines within your network.
2. Note down the IP addresses or hostnames of the target systems.
Step 3: Perform Active Fingerprinting
1. Open the terminal and run the following command to initiate active fingerprinting on a target
system:
Sudo xprobe2 <target_ip>
2. Analyze the output to gather information about the target system, such as the operating
system, version, and potentially open ports or services.

26 | P a g e
Passive Fingerprinting using Nmap:
Step 1: Install Nmap
1. Open the terminal on your Linux system.
2. Install Nmap by running the following command:
sudo apt-get install nmap
Step 2: Identify Target Systems
1. Choose the same target system(s) used in the active fingerprinting part.
2. Ensure that the target system(s) are active and accessible on the network.

Step 3: Perform Passive Fingerprinting

1. Open the terminal and run the following command to initiate passive fingerprinting using
Nmap:
sudo nmap -O <target_ip>
2. Analyze the output to gather information about the target system, such as the operating system,
version, and potentially open ports or services.

Conclusion: Thus students have successfully explored the use of Xprobe2 and Nmap tools for
active and passive fingerprinting.

27 | P a g e
 EXPERIMENT NO: 05

Perform an experiment to demonstrate how to sniff for router

Traffic by using the tool wire shark.

28 | P a g e
Aim:

Perform an experiment to demonstrate how to sniff for router Traffic by using the tool wire shark.

Objective:
Wireshark tool is used to trace connections of suspect network transactions and identify bursts of
network traffic.

S/W Requirements:
 64-bit AMD64/x86-64 or 32-bit x86 CPU architecture.
 At least 500 MB available RAM. It requires more RAM to process Larger capture files.
 At least 500 MB of available disk space. The capture files require extra disk space.
 It requires a minimum resolution of 1280 × 1024 or higher.

Theory:
Wireshark is a free opensource network protocol analyzer. It is used for network troubleshooting
and communication protocol analysis. Wireshark captures network packets in real time and display
them in human-readable format. It provides many advanced features including live capture and
offline analysis, three-pane packet browser, coloring rules for analysis. This document uses
Wireshark for the experiments, and it covers Wireshark installation, packet capturing, and protocol
analysis.
The screen/interface of the Wireshark is divided into five parts:
o First part contains a menu bar and the options displayed below it. This part is at the top of the
window. File and the capture menus options are commonly used in Wireshark. The capture
menu allows to start the capturing process. And the File menu is used to open and save a
capture file.
o The second part is the packet listing window. It determines the packet flow or the captured
packets in the traffic. It includes the packet number, time, source, destination, protocol, length,
and info. We can sort the packet list by clicking on the column name.
o Next comes the packet header- detailed window. It contains detailed information about the
components of the packets. The protocol info can also be expanded or minimized according to
the information required.
o The bottom window called the packet contents window, which displays the content in ASCII
and hexadecimal format.
o At last, is the filter field which is at the top of the display. The captured packets on the screen
can be filtered based on any component according to your requirements. For example, if we
want to see only the packets with the HTTP protocol, we can apply filters to that option.
Capturing Packets
After downloading and installing Wireshark, you can launch it and click the name of an interface
under Interface List to start capturing packets on that interface. For example, if you want to capture
traffic on the wireless network, click your wireless interface.

Test Run Do the following steps:

1. Start up the Wireshark program (select an interface and press start to capture packets).
2. Start up your favorite browser (ceweasel in Kali Linux).
3. In your browser, go to Wayne State homepage by typing www.wayne.edu.
29 | P a g e
 4. After your browser has displayed the http://www.wayne.edu page, stop Wireshark packet capture
by selecting stop in the Wireshark capture window. This will cause the Wireshark capture window
to disappear and the main Wireshark window to display all packets captured
5. Color Coding: You’ll probably see packets highlighted in green, blue, and black. Wireshark uses
colors to help you identify the types of traffic at a glance. By default, green is TCP traffic, dark blue
is DNS traffic, light blue is UDP traffic, and black identifies TCP packets with problems — for
example, they could have been delivered out-of-order.
6. You now have live packet data that contains all protocol messages exchanged between your
computer and other network entities! However, as you will notice the HTTP messages are not
clearly shown because there are many other packets included in the packet capture. Even though the
only action you took was to open your browser, there are many other programs in your computer
that communicate via the network in the background. To filter the connections to the ones we want
to focus on, we have to use the filtering functionality of Wireshark by typing “http” in the filtering
field.
Colour coding in Wireshark:
The packets in the Wireshark are highlighted with blue, black, and green color. These colors help
users to identify the types of traffic. It is also called as packet colorization. The kinds of coloring
rules in the Wireshark are temporary rules and permanent rules.
o The temporary rules are there until the program is in active mode or until we quit the program.
o The permanent color rules are available until the Wireshark is in use or the next time you run
the Wireshark.

Installation of Wireshark Software:

Below are the steps to install the Wireshark software on the computer:
o Open the web browser.
o Search for 'Download Wireshark.'
o Select the Windows installer according to your system configuration, either 32-bt or 64-bit.
Save the program and close the browser.
o Now, open the software, and follow the install instruction by accepting the license.
o The Wireshark is ready for use.

Conclusion: Thus students have successfully demonstrated sniffing for router Traffic by using the
tool wire shark.

30 | P a g e
 EXPERIMENT NO: 06

Perform an experiment how to use dumpsec.

31 | P a g e
Aim :
To perform an experiment how to use dumpsec.

Objective:
Dumpsec is used to identify and fix security holes or weaknesses in systems.

S/W Requirements:
1. Windows 7, 8, 8.1, and 10.
2. Microsoft .NET Framework
3. DumpSec Executable
Theory:
DumpSec is a graphical tool which allows you to dump the permissions (DACLs) and audit settings
(SACLs) for the file system, registry, printers and shares in a concise, readable listbox format, so that
holes in system security are readily apparent. DumpSec also dumps user, group and replication
information.
Procedure:
1. Download and Install: First, download the DumpSec tool from a trusted source. Ensure that you
have administrative privileges on your Windows system. Once downloaded, run the installer and
follow the on-screen instructions to install DumpSec.

2. Launch DumpSec: After the installation is complete, you can launch DumpSec by either finding it
in the Start menu or running the DumpSec executable file.

3. Configure DumpSec Options: Upon launching DumpSec, you will see a user interface with various
options and settings. Review and configure the options according to your requirements. Some
common options include selecting the target system or domain, specifying the output file format
(HTML, CSV, etc.), and choosing which permissions or security settings to include in the report.

4. Connect to Target System: DumpSec requires administrative privileges to access security

information on the target system. Ensure that you are running DumpSec with administrative rights or
run it as an administrator. If prompted, provide the necessary credentials to connect to the target
system or domain.

5. Run the Scan: Once you have configured the options and connected to the target system, you can
initiate the scan by clicking on the "Scan" or "Start" button. DumpSec will begin collecting
information about security settings, permissions, user accounts, group memberships, and more.

6. View and Save the Report: After the scan is complete, DumpSec will generate a report based on the
configured options. You can view the report within the DumpSec interface or save it to a file in your
preferred format (HTML, CSV, etc.). Specify the output file location and click on the "Save" or
"Export" button.
7. Analyze and Interpret the Report: Open the saved report file using a compatible application (web
browser, spreadsheet software, etc.) to analyze and interpret the collected security information. The
report will provide detailed insights into user accounts, group memberships, file and folder
permissions, registry settings, and more.

Conclusion: Thus students have successfully demonstrated dumpsec tool.

32 | P a g e
 Experiment No: 07

Write a program in C++ /Python to analyze email header.

33 | P a g e
Aim: Write a program in C++ /Python to analyze email header.

Objectives: E-mail header analysis, users can identify if an e-mail is legitimate or a scam.

S/W Requirements: C++ /Python

Theory:
The email header gives you the sender's detailed information - authentication status, return path,
sender IP address, and much more. Without this information, you might struggle to find the sender's
details and if the email is safe to open or not.
You can analyze the time and route of the email from the sender's mail server to your inbox with
headers.
When a user sends an email, it travels through several Mail Transfer Agents (MTAs) before reaching
the intended recipient.
The information under the Received from section can help you track the email route — allowing them
to check all the MTAs the email passed through to arrive at its destination.

Components of an email header:

1. Authentication check

This section shows the status of email authentication protocols - SPF, DKIM, and DMARC. If all
three authentications are shown as passed, the email provider validates the sender's IP address.

2. Return Path
If an email fails to land in the intended inbox or bounces, it will be delivered to the address mentioned
in the return path section. The return path can be the same as the sender's address, but it might make
sense to have an email that will collect bounces and do something if there is high volume.

3. Received from
This section shows the SMTP hop or the path email took when it was sent by the sender server and
reached your inbox.
4. Transport layer security (TLS)

TLS is a protocol that encrypts and delivers email securely. It helps prevent eavesdropping between
mail servers – keeping the messages private while moving between email providers.

5. Authenticated received chain (ARC)

ARC encapsulates all the authentication pieces.

Conclusion: Thus implemented a program to analyze email header.

34 | P a g e
 Experiment No: 08

Write a program to Implement a fingerprint recognition using

Java Programming

35 | P a g e
Aim: Write a program to implement a fingerprint recognition using Java Programming

Objectives: To implement a fingerprint recognition system using Java programming, utilizing image
processing techniques and pattern recognition algorithms.

S/W Requirements: java(JDK)

Theory:
The fingerprint recognition problem can be grouped into two sub-domains: one is fingerprint
verification and the other is fingerprint identification.

To implement a minutia extractor, a three-stage approach is widely used by researchers. They are
preprocessing, minutia extraction and post processing stage

For the fingerprint image preprocessing stage, Histogram Equalization and Fourier Transform have
been used to do image enhancement . And then the fingerprint image is binarized using the locally
adaptive threshold method . The image segmentation task is fulfilled by a three-step approach: block
direction estimation, segmentation by direction intensity and Region of Interest extraction by
Morphological operations.
Step 1: Setup
1. Install the Java Development Kit (JDK) on your computer if not already installed.
2. Download and install an IDE such as Eclipse or IntelliJ IDEA.
3. Download and install the OpenCV library for Java. Refer to the OpenCV documentation for
installation instructions specific to your operating system.
Step 2: Project Setup
1. Create a new Java project in your IDE.
2. Add the OpenCV library to your project's build path.

36 | P a g e
Step 3: Image Preprocessing
1. Load a fingerprint image from the dataset or capture one using a fingerprint scanner.
2. Convert the image to grayscale using OpenCV.
3. Apply image enhancement techniques such as histogram equalization or noise removal to improve
the quality of the fingerprint image.
4. Perform image binarization to convert the grayscale image into a binary image, separating the
foreground (fingerprint ridges) from the background.
Step 4: Feature Extraction
1. Apply feature extraction algorithms such as Minutiae-based or Ridge-based techniques to identify
and extract distinctive features from the fingerprint image.
2. Implement algorithms to detect and extract minutiae points (ridge endings and bifurcations) or
ridge patterns from the binary fingerprint image.
Step 5: Matching and Recognition
1. Implement a matching algorithm such as Euclidean distance or Hamming distance to compare the
extracted features of the test fingerprint image with the features of the reference (enrolled) fingerprint
images.
2. Calculate a similarity score or distance metric between the test and reference fingerprints to
determine their similarity.
3. Set a threshold value to determine whether the test fingerprint matches any of the reference
fingerprints or not.
Step 6: Evaluation and Testing
1. Evaluate the performance of your fingerprint recognition system using evaluation metrics such as
False Acceptance Rate (FAR), False Rejection Rate (FRR), and Equal Error Rate (EER).
2. Test the system using different fingerprint images from the dataset and measure its accuracy and
efficiency.

Conclusion: Thus successfully implemented fingerprint recognition using Java Programming

37 | P a g e
 Experiment No: 09

Implement a program to generate and verify CAPTCHA image.

38 | P a g e
Aim: Implement a program to generate and verify CAPTCHA image.

Objectives: To implement a program that generates and verifies CAPTCHA images.

S/W Requirements:
1. Python/C++
2. PIL Library
Theory:
CAPTCHA, short for Completely Automated Public Turing test to tell Computers and Humans Apart
is an important test used in many websites to check whether the person accessing the website is a
human or a bot. This is done mainly for security reasons so that bots cannot intrude on the website
and throw false statistics and skew internet traffic.
Its main purpose is to generate tests that are easy for humans, but difficult for bots or other computers
to come up with a solution. They present tests that make use of a user’s cognitive and thinking
abilities.
There are various types of CAPTCHA available. Some of the most common CAPTCHA types are:
 Image-based CAPTCHA: Images are provided to humans and features are distorted in order to
make image recognition for computers difficult.
 Text-based CAPTCHA: A sequence of obscure characters is provided with features distorted
and random noise to make character recognition difficult.
 Audio-based CAPTCHA: An audio recording of spoken characters or clips is provided to
humans which they need to input into the system correctly.
 Behavioral CAPTCHA: Perform specific actions which may be difficult for the bots to
replicate/automate.

Algorithm:
1. Import the necessary libraries.
2. Create a blank image with any colour as background.
3. Define the length of the CAPTCHA and join a string of random words.
4. Customize the font and font size of the resulting text.
5. Calculate the text size and position it in the centre.

Conclusion:
Thus successfully implemented a program that generates and verifies CAPTCHA images.

39 | P a g e
References:

Text Books:
T1. Introduction to Network Security, Thomson Learning, Boston, 2007- Neal Krawetz
T2. Digital Evidence& Computer Crime, Eoghan Casey Bs Ma Ac, ELSEVIER.
T3. Network Security A Hacker’s perspective - Ankit Fadia
Reference Books:
R1. Security in Computing, Prentice Hall- Charles P. Fleeger,
R2. Cryptography and Network Security - William Stallings
R3. Computer Networking a Top Down Approach Featuring the Internet-Kurose, Ross
R4. Guide to Computer Forensics & Investigation, Bill Nelson, Amelia Phillips, christopher Steuart,Cengage Learning.
R5. Handbook of Wireless Networks and Mobile Computing, Wiley India Student Edition

40 | P a g e