CNS Lab Manual 2019 course

Department of Information Technology

Dhole Patil College of Engg Pune

LAB MANUAL
OF
Computer Network
Security Lab
(2019 Course)

Department
Of
Information Technology
 Department of Information Technology

VISION

To build versatile human resources in Information Technology professionally competent and capable of

functioning in global environment for secure and seamless services to society.

MISSION

* To Develop IT Engineers in intra and multitasking domains with Modern Technologies.

* To Explore IT Innovations through Collaborative learning and Partnerships with Institutions and Industries.

* To evolve start-ups and strive for holistic development of stakeholders.

* To strengthen institutional ethical responsibility for the needs of the society.

* To augment IT skills through a continuous education program for lifelong learning.

1
 PROGRAM OUTCOME (PO)
Students are expected to know and be able to–
Engineering An ability to apply knowledge of mathematics, computing, science,
PO1 knowledge engineering and technology.
Problem An ability to define a problem and provide a systematic solution with the
PO2 analysis help of conducting experiments, analyzing the problem and interpreting
the data.
Design / An ability to design, implement, and evaluate software or a software
PO3 Developmentof /hardware system, component, or process to meet desired needs
Solutions within realistic constraints.
Conduct An ability to identify, formulate, and provide essay schematic solutionsto
Investigation of complex engineering /Technology problems.
PO4 Complex
Problems
Modern Tool An ability to use the techniques, skills, and modern engineering
PO5 Usage technology tools, standard processes necessary for practice as a IT
professional.
The An ability to apply mathematical foundations, algorithmic principles, and
Engineer computer science theory in the modeling and design of computer- based
PO6 and Society systems with necessary constraints and assumptions.

Environment An ability to analyze and provide solution for the local and global
PO7 and impactof information technology on individuals, organizations and
Sustainability society.
Ethics An ability to understand professional, ethical, legal, security and
PO8 social issues and responsibilities.
Individual and An ability to function effectively as an individual or as a team memberto
PO9 Team Work accomplish a desired goal(s).
Communication An ability to engage in life-long learning and continuing professional
Skills development to cope up with fast changes in the technologies /tools with
PO10 the help of electives, profession along animations and extra- curricular
activities.
Project An ability to communicate effectively in engineering community at large
Management by means of effective presentations, report writing, paper publications,
PO11 and demonstrations.
Finance
Life-long An ability to understand engineering, management, financial aspects,
PO12 Learning performance, optimizations and time complexity necessaryfor
professional practice.

Teaching Scheme: Examination Scheme:

Practical:04 Hours/Week Credits: 02 OR:50 Marks
TW:25 Marks
Prerequisites:
1. Fundamentals of Computer Networks
Course Objectives:
1. To design and implement small size network and to understand various
networking commands.
2. To learn various client/server environments to use application layer protocols.
3. To understand network layer routing protocols and its implementations.
4. To understand the network security by using public key
cryptography algorithms.
Course Outcomes:
By the end of the course, students should be able to
1. Design and configure small size network and associated networking commands.
2. Understand various client/server environments to use application layer protocols
3. Use basic cryptographic techniques in software and system design
4. Apply methods for authentication, access control, intrusion detection
Guidelines for Instructor
 The faculty member should prepare the laboratory manual for all the experiments
and it should be made available to students and laboratory instructor/Assistant
Guidelines for Student

 Student should submit term work in the form of handwritten journal based
on specified list of assignments.
 Practical Examination will be based on the term work.
 Candidate is expected to know the theory involved in the experiment.
 The practical examination should be conducted if and only if the journal of
the candidate is complete in all respect.
 List of Assignments
Page
Sr. No. Tile of Assignment
no.
Group A: Computer Network
Using a Network Simulator (e.g. packet tracer) Configure Router
for…
a) Configure a router using router commands and Configure Routing
1 Information Protocol (RIP). 4-9
b) Configure Access Control lists – Standard & Extended.
c) Network Address Translation: Static, Dynamic & PAT (Port Address
Translation)
Using a Network Simulator (e.g. packet tracer) Configure Routing
Protocols,
a) Configure EIGRP – Explore Neighbor-ship Requirements and
Conditions, its K Values Metrics Assignment and Calculation.
2 10-12
b) OSPF – Explore Neighbor-ship Condition and Requirement, Neighbor-
ship states, OSPF Metric Cost Calculation.
c) WLAN with static IP addressing and DHCP with MAC security and
filters.
Socket Programming in C/C++ on Linux.
3 a) TCP Client, TCP Server 13-24
b) UDP Client, UDP Server
Introduction to server administration (server administration commands
and their applications) and configuration of below Server:
4 19-25
(Study/Demonstration Only)
a) FTP b) Web Server
Group B: Network Security
Implement a client and a server on different computers using python.
5 Perform the communication between these two entities by using RSA 26-32
cryptosystem.
Implement a client and a server on different computers using python.
6 Perform the authentication of sender between these two entities by using 33-38
RSA digital signature cryptosystem.
Implement a client and a server on different computers using python.
Perform the encryption of message of sender between these two entities
7 by using DES Algorithm and use Diffie Hellman method for exchange
39-42
of
keys.
Use the snort intrusion detection package to analyze traffic and create a
43-46
8 signature to identify problem traffic.

Extra Assignment

Write a Java program to perform encryption and decryption 3 using the

9 following algorithms: Ceaser Cipher, Substitution Cipher, Hill Cipher.
47-50
 RUBRICS FOR LABORATORY ASSESSMENT
1. Attendance
Assessment Poor (1) Good (3) Very Good (4) Excellent (5)
Outcome Satisfactory(2)
Dimensions

1.Attendance with Passive Very little Good Individual Individual and self -
Involvement of observer involvement Involvement in Involvement in Involvement in
Student (5M ) performing performing performing experiment
experiment
experiment

2. Viva
Assessment Poor (1) Satisfactory(2) Good (3) Very Good Excellent (5)
Outcome (4)
Dimensions

1.Preparation and No Little Prepared Well Very well Advance Knowledge

Basic Knowledge preparation Knowledge prepared
(5M )
2.Program Not Partially Executed Executed Executed with
development and Executed executed without additional
execution (5M) additional modification
modification
3.Punctuality and Attendance Attendance Regular attendance Regular 90-100 %
Ethics (5M) Below 50% 50% to 75% 75-00% and attendance 80- attendance,
and not And follows the 90% and follows all
follows the
following sometimes instruction and try instructionsand
instruction and
the lab copies the to perform on his try to perform execute the
instructions program own on his own program on his
own

3. Presentation
Assessment Poor (1) Good (3) Very Good Excellent (5)
Outcome Satisfactory(2) (4)
Dimensions
Journal Presentation (5M) Not Completed well Very well
Prepared Incomplete documentation docum documented
ented
Outcome: Student will be able to
Apply knowledge to real life examples and develop practical approach
Design Basic Application.

Note: Students with poor marks should repeat the assignment

 ASSIGNMENT NO.1

TITLE
 Using a Network Simulator (e.g. packet tracer) Configure Router for…
PROBLEM STATEMENT
a) Configure a router using router commands and Configure Routing Information Protocol (RIP).
OBJECTIVES
 To understand various networking commands
 To design and implement small size network
 To Configure Routing Information Protocol (RIP).
THEORY

CONFIGURING THE ROUTER IN PACKET TRACER

Computers are connected with routers using a copper straight-through cable. After forming the
network, to check network connectivity a simple PDU is transferred from PC0 to PC1. The
network simulation status is successful. From this network, it can be observed that the router
handles data transfers between multiple devices. A router that is turned off doesn’t work very well!
Click on your router to bring up the configuration menu and verify that it is turned on.When on,
there will be a small green light below the switch as seen in the diagram.

Next we have to open the Ethernet ports to allow communication.

Procedure: Assigning IP address to Router Interface

1. Select the router and Click on CLI (Command Line Interface).

2. Press ENTER to start configuring Router1.
3. Type enable to get to privileged mode (this gives you more options in configuring the router)
4. Type configure terminal (or conf t for short or config terminal for short) to access the
configuration menu.
5. Type interface GigabitEthernet0/0 to access Ehternet port or Interface
6. Type ip address 192.168.10.1 255.255.255.0 to assign an IP address and subnet mask to the
interface.
7. Type no shutdown(no shut for short) to open the interface up (turn on)
8. Type exit to go to previous menu or press Ctrl+Z
Other commands
Sr. No. Command Purpose
1 ping ip-address To check connectivity between
two devices
2 Router (config) #hostname Router Specifies the name for the router.
3 To Enter Priviledge mode
Router> enable
4 Router# configure terminal To Enters global configuration
mode
5 Router(config)# interface To access interface
GigabitEthernet 0/0

Procedure: Assigning IP address to PC

1. Select the PC,

2. Go to the desktop

3. Select IP Configuration

4. Assign an IP address, Default gateway, Subnet Mask

 Outputs

Assigning IP address to Router Interface

Assigning IP address to PC

PING COMMAND:
CONFIGURING THE ROUTING INFORMATION PROTOCOL (RIP)
Routing Information Protocol (RIP) is a dynamic routing protocol that uses hop count as a routing
metric to find the best path between the source and the destination network. It is a distance-vector
routing protocol that has an AD value of 120 and works on the Network layer of the OSI model. RIP
uses port number 520.
Hop Count
Hop count is the number of routers occurring in between the source and destination network. The
path with the lowest hop count is considered as the best route to reach a network and therefore
placed in the routing table. RIP prevents routing loops by limiting the number of hops allowed in a
path from source and destination. The maximum hop count allowed for RIP is 15 and a hop count of
16 is considered as network unreachable.

Features of RIP
1. Updates of the network are exchanged periodically.

2. Updates (routing information) are always broadcast.

3. Full routing tables are sent in updates.

4. Routers always trust routing information received from neighbor routers.

Step 1: Build the network topology

Step 2: Configure IP addresses on the PCs and the routers.

Router 1
R1(config)#

R1(config)#int fa0/0

R1(config-if)#ip address 10.0.0.1 255.0.0.0

R1(config-if)#no shut

R1(config-if)#

R1(config-if)#int serial 0/0

R1(config-if)#ip add 192.168.1.1 255.255.255.0

R1(config-if)#no shut
 CNS Lab

Router 2
R2(config)#

R2(config)#int fa0/0

R2(config-if)#ip add 10.0.0.2 255.0.0.0

R2(config-if)#no shut

R2(config-if)#

R2(config-if)#int serial 0/0

R2(config-if)#ip add 192.168.2.1 255.0.0.0

R2(config-if)#no shut

IP configuration on PCs

Click PC->Desktop->IP Configuration. On each PC assign these addresses:

PC1: IP address: 192.168.1.2 Subnet mask 255.255.255.0 Default Gateway 192.168.1.1

PC2: IP address: 192.168.2.2 Subnet mask 255.255.255.0 Default Gateway 192.168.2.1

And now:

3. Configure RIP on the routers

Router 1(Output)

R1(config)#

R1(config)#router rip

R1(config-router)#network 10.0.0.0

R1(config-router)#network 192.168.1.0

R1(config-router)#Ctrl+Z
 CNS Lab

Router 2(Output)

R2(config)#

R2(config)#router rip

R2(config-router)#network 10.0.0.0

R2(config-router)#network 192.168.2.0

R2(config-router)#Ctrl+Z

Now Ping PC2 from PC1 to further confirm that connectivity is really established between the two
subnets.
 CNS Lab

PROBLEM STATEMENT
b) Configure a Access Control lists – Standard & Extended.
THEORY

STANDARD AND EXTENDED ACCESS LIST:

Access-list (ACL) is a set of rules defined for controlling network traffic and reducing network
attacks. ACLs are used to filter traffic based on the set of rules defined for the incoming or outgoing
of the network.

Standard Access-list –
These are the Access-list which are made using the source IP address only. These ACLs permit or
deny the entire protocol suite. They don’t distinguish between the IP traffic such as TCP, UDP,
HTTPS, etc. By using numbers 1-99 or 1300-1999, the router will understand it as a standard ACL
and the specified address as the source IP address.
Features –

1. Standard Access-list is generally applied close to destination (but not always).

2. In a standard access list, the whole network or sub-network is denied.
3. Standard access-list uses the range 1-99 and extended range 1300-1999.
4. Standard access-list is implemented using source IP address only.
5. If numbered with standard Access-list is used then remember rules can’t be deleted. If one of the
rules is deleted then the whole access list will be deleted.
6. If named with standard Access-list is used then you have the flexibility to delete a rule from the
access list.

Note – Standard Access-list are less used as compared to extended access-list as the entire IP
protocol suite will be allowed or denied for the traffic as it can’t distinguish between the different IP
protocol traffic.
 CNS Lab

Configuration –

Here is a small topology in which there are 3 departments namely sales, finance, and marketing. The
sales department has a network of 172.16.40.0/24, the Finance department has a network of
172.16.50.0/24, and the marketing department has a network of 172.16.60.0/24. Now, want to deny
connection from the sales department to the finance department and allow others to reach that
network.

Now, first configuring numbered standard access – list for denying any IP connection from sales to
finance department.

R1# config terminal

R1(config)# access-list 10 deny 172.16.40.0
Here, like extended access-list, you cannot specify the particular IP traffic to be permitted or denied.
Also, note that wildcard mask has been used (0.0.0.255 which means Subnet mask 255.255.255.0).
10 is used from the number standard access-list range.

R1(config)# access-list 110 permit ip any

 CNS Lab

Now, as you already know there is an implicit deny at the end of every access list which means that
if the traffic doesn’t match any of the rules of the access list then the traffic will be dropped.
By specifying any means that source having any IP address traffic will reach the finance department
except the traffic which it matches the above rules that you have made.

Now, you have to apply the access list on the interface of the router:

R1(config)# int fa0/1

R1(config-if)# ip access-group 10 out
As you remember that the standard access-list is generally applied to the destination and here also if
you apply access-list close to the destination, it will satisfy our need, therefore, outbound to
interface fa0/1 has been applied.

Extended Access-list –
It is one of the types of Access-list which is mostly used as it can distinguish IP traffic therefore the
whole traffic will not be permitted or denied like in standard access-list. These are the ACL that uses
both source and destination IP addresses and also the port numbers to distinguish IP traffic. In this
type of ACL, we can also mention which IP traffic should be allowed or denied. These use range
100-199 and 2000-2699.
Features –
1. Extended access-list is generally applied close to the source but not always.
2. In the Extended access list, packet filtering takes place on the basis of source IP address,
destination IP address, port numbers.
3. In an extended access list, particular services will be permitted or denied.
4. Extended ACL is created from 100 – 199 & extended range 2000 – 2699.
5. If numbered with extended Access-list is used then remember rules can’t be deleted. If one of the
rules is deleted then the whole access list will be deleted.
6. If named with extended Access-list is used then we have the flexibility to delete a rule from the
access list.
 CNS Lab

Configuration –

Here is a small topology in which there are 3 departments namely sales, finance, and marketing. The sales
department has a network of 172.16.10.40/24, the Finance department has a network of
172.16.50.0/24, and the marketing department has a network of 172.16.60.0/24. Now, we want to
deny the FTP connection from the sales department to the finance department and deny telnet to the
Finance department from both the sales and marketing departments.

Now, first configuring numbered extended access – list for denying FTP connection from sales to
finance department.

R1# config terminal

R1(config)# access-list 110 deny host 172.16.40.0 172.16.50.0 eq 21

Here, we first create a numbered Access-list in which we use 110 (used from extended access-list range)
and deny the sales network (172.16.40.0) to make an FTP connection to the finance network
(172.16.50.0).
 CNS Lab

Note – Here, as FTP uses TCP and port number 21. Therefore, we have to specify the permit or deny
the condition according to the need. Also, after eq, we have to use the port number for the specified
application layer protocol.
Now, we have to deny telnet connection to finance department from both sales and Marketing
department which means no one should telnet to finance department. Configuring for the same.

R1(config)# access-list 110

deny tcp any 172.16.50.0 0.0.0.255 eq 23
Here, we have used the keyword any which means 0.0.0.0 0.0.0.0 i.e any IP address from any subnet
mask. As telnet uses port number 23 therefore, we have to specify the port number 23 after eq.

R1(config)# access-list 110 permit ip any any

Now, this is the most important part. As we already know there is an implicit deny at the end of
every access list which means that if the traffic doesn’t match any of the rules of Access-list then the
traffic will be dropped.

By specifying any means that source having any IP address traffic will reach finance department
except the traffic which it matches the above rules that we have made. Now, we have to apply the
access-list on the interface of the router:

R1(config)# int fa0/1

R1(config-if)# ip access-group 110 out
As we remember, we have to apply the extended access-list as close as possible to source but here
we have applied it to close to the destination because we have to block the traffic from both sales
and marketing department, therefore, we have to apply it close to the destination here otherwise we
have to make separate access-list for fa0/0 and fa1/0 inbound.
 CNS Lab

Outputs
 CNS Lab

PROBLEM STATEMENT
c) Configure a Network Address Translation: Static, Dynamic & PAT (Port Address Translation)
THEORY

Network Address Translation(NAT):

To access the Internet, one public IP address is needed, but we can use a private IP address in our
private network. The idea of NAT is to allow multiple devices to access the Internet through a single
public address. To achieve this, the translation of a private IP address to a public IP address is
required. Network Address Translation (NAT) is a process in which one or more local IP address
is translated into one or more Global IP address and vice versa in order to provide Internet access to
the local hosts. Also, it does the translation of port numbers i.e. masks the port number of the host
with another port number, in the packet that will be routed to the destination. It then makes the
corresponding entries of IP address and port number in the NAT table. NAT generally operates on a
router or firewall.
Network Address Translation (NAT) working –
Generally, the border router is configured for NAT i.e the router which has one interface in the local
(inside) network and one interface in the global (outside) network. When a packet traverse outside
the local (inside) network, then NAT converts that local (private) IP address to a global (public) IP
address. When a packet enters the local network, the global (public) IP address is converted to a
local (private) IP address.
If NAT runs out of addresses, i.e., no address is left in the pool configured then the packets will be
dropped and an Internet Control Message Protocol (ICMP) host unreachable packet to the
destination is sent.

Why mask port numbers ?

Suppose, in a network, two hosts A and B are connected. Now, both of them request for the same
destination, on the same port number, say 1000, on the host side, at the same time. If NAT does only
translation of IP addresses, then when their packets will arrive at the NAT, both of their IP addresses
would be masked by the public IP address of the network and sent to the destination. Destination
will send replies to the public IP address of the router. Thus, on receiving a reply, it will be unclear
to NAT as to which reply belongs to which host (because source port numbers for both A and B are
the same). Hence, to avoid such a problem, NAT masks the source port number as well and makes
an entry in the NAT table.
 CNS Lab

NAT inside and outside addresses –

Inside refers to the addresses which must be translated. Outside refers to the addresses which are not
in control of an organization. These are the network Addresses in which the translation of the
addresses will be done.

 Inside local address – An IP address that is assigned to a host on the Inside (local) network. The
address is probably not an IP address assigned by the service provider i.e., these are private IP
addresses. This is the inside host seen from the inside network.

 Inside global address – IP address that represents one or more inside local IP addresses to the
outside world. This is the inside host as seen from the outside network.

 Outside local address – This is the actual IP address of the destination host in the local network
after translation.

 Outside global address – This is the outside host as seen from the outside network. It is the IP
address of the outside destination host before translation.

Network Address Translation (NAT) Types –

There are 3 ways to configure NAT:
 CNS Lab

1. Static NAT – In this, a single unregistered (Private) IP address is mapped with a legally
registered (Public) IP address i.e one-to-one mapping between local and global addresses. This is
generally used for Web hosting. These are not used in organizations as there are many devices
that will need Internet access and to provide Internet access, a public IP address is needed.
Suppose, if there are 3000 devices that need access to the Internet, the organization has to buy
3000 public addresses that will be very costly.

In this, a single private IP address is mapped with a single Public IP address, i.e., a private IP
address is translated to a public IP address. It is used in Web hosting.

Configuration –

Here is a small topology in which there is PC having IP address 192.168.1.1/24, Router R1 having
IP address 192.168.1.2/24 on interface fa0/0, 12.1.1.1/24 on fa0/1, and server having IP address
73.1.1.2/24.

Now, inside local and inside global are shown in the figure. Configuring the static NAT through
command IP nat inside source static INSIDE_LOCAL_IP_ADDRESS
INSIDE_GLOBAL_IP_ADDRESS.

R1(config)# ip nat inside source static 192.168.1.1 12.1.1.1

Now, we have configured the router’s inside interface as IP NAT inside and outside interface as IP
NAT outside.
 CNS Lab

R1(config)# int fa0/0

R1(config-if)# ip nat inside
R1(config)# int fa0/1
R1(config-if)# ip nat outside

Steps to configure static NAT

Static NAT can be configured using the following two steps.

They are:

1. Creating a mapping between the private internal address and public global address using the ip
nat inside source static [private-address] [public-address] global configuration command.
2. After the mapping is made, the interfaces taking part in the NAT translation are configured
as either inside or outside with respect to NAT.

The router interface associated within the LAN is assigned the inside interface using the ip nat
inside interface mode command.

Similarly, the router interface associated with the internet is assigned the outside interface using the ip
nat inside interface mode command.

Configuring static NAT

To configure a static NAT between the private address 172.31.1.2 and publicaddress 200.100.100.2:

 Map the server’s private address 172.31.1.2 to the public routable address 200.100.100.2
using the command ip nat inside source static 172.31.1.2 200.100.100.2.
 Enter the “interface serial s0/0/0/” command and identify the interface as the outside interface
using the command ip nat outside.
 Enter the “interface gigabitethernet g0/0” command and identify it as the inside interface
relative to NAT using the ip nat inside command.
 CNS Lab

Outputs

2. Dynamic NAT – In this type of NAT, an unregistered IP address is translated into a registered
(Public) IP address from a pool of public IP addresses. If the IP address of the pool is not free,
then the packet will be dropped as only a fixed number of private IP addresses can be translated
to public addresses.
Suppose, if there is a pool of 2 public IP addresses then only 2 private IP addresses can be
translated at a given time. If 3rd private IP address wants to access the Internet then the packet
will be dropped therefore many private IP addresses are mapped to a pool of public IP addresses.
NAT is used when the number of users who want to access the Internet is fixed. This is also very
costly as the organization has to buy many global IP addresses to make a pool.
 CNS Lab

In this type of NAT, multiple private IP addresses are mapped to a pool of public IP addresses. It
is used when we know the number of fixed users who want to access the Internet at a given point
in time.

Configuration –

There is a PC having IP address 192.168.1.1/24, Router R1 having IP address 192.168.1.2/24 on

interface fa0/0, 12.1.1.1/24 on fa0/1, and a server having IP address 73.1.1.2/24.
Now, first configuring the access-list:

R1(config)# access-list 1 permit 192.168.1.0 0.0.0.255

Configuring the nat pool from which a public IP will be selected.

R1(config)# ip nat pool pool1 12.1.1.1 12.1.1.3 netmask 255.255.255.0

Now, enabling Dynamic NAT:

R1(config)# ip nat inside source list 1 pool pool1

At last, we have to configure router interfaces as inside or outside.

R1(config)# int fa0/0

R1(config-if)# ip nat inside
R1(config)# int fa0/1
 CNS Lab

R1(config-if)# ip nat outside

Steps to configure dynamic NAT

Dynamic NAT still requires that both the inside and the outside interfaces be configured.

For allocation, it uses an access control list (ACL) to specify which private addresses are subject to
translation and a NAT pool of registered IP addresses.

1. Create an ACL using the access-list 1 permit address wildcard mask command.
2. Create a NAT pool using the ip nat pool [name] [first-address] [last-address] [netmask]
[subnet mask] global configuration command.

This pool will contain the public addresses for the translation. Because, ISP assigns the public
addresses contiguous to the organizations.

The first address is the least in the given address range. And, the last address is the highest address of
that range.

The netmask identifies the network to which of these addresses belong to, using the ip nat inside
source list [access-list] [number] pool [name] command to bind the ACL and the NAT Pool created.

In this case, the ACL number is 1, and the NAT POOL is LAN.

NOTE: Different ACL numbers and pool names can be created and used, but ACL 1 and pool
name LAN will be used throughout this tutorial for simplicity.

1. Use the ip nat inside interface command to enable the inside interface for NAT translation
2. Use the ip nat outside interface command to enable the outside interface for NAT translation.

Configuring dynamic NAT

An organization is assigned with two public addresses: 200.100.100.1 and 200.100.100.2. It wants to
allow its inernal hosts, in the private network 172.31.1.0 and 255.255.255.0 to reach the internet using
dynamic NAT.
 CNS Lab

Dynamic NAT topology

To configure the dynamic NAT for the network topology above:

 Create an access list that will specify the private addresses that are allowed to be
translated using the access-list 1 permit 172.31.1.0 0.0.0.255.
 Creates a pool that will contain the public addresses to be utilized for translation using the ip
nat pool LAN 200.100.100.1 200.100.100.1 netmask 255.255.255.0.
 Bind the access list and the pool together using the ip inside source list 1 pool LAN. This
allows for the dynamic translation of the private addresses and the public addresses in a
NAT pool named LAN.
 Enter the interface serial 0/0/0/ command and identify it as an outside interface using the ip nat
outside command.
 Enter the interface gigabitethernet g0/0 command and identify it as the inside interface using
the ip nat inside command.

Outputs
 CNS Lab

3. Port Address Translation (PAT) – This is also known as NAT overload. In this, many local
(private) IP addresses can be translated to a single registered IP address. Port numbers are used to
distinguish the traffic i.e., which traffic belongs to which IP address. This is most frequently used
as it is cost-effective as thousands of users can be connected to the Internet by using only one real
global (public) IP address.
This is also known as NAT overload. In this, many local (private) IP addresses can be translated
to a single public IP address. Port numbers are used to distinguish the traffic, i.e., which traffic
belongs to which IP address. This is most frequently used as it is cost-effective as thousands of
users can be connected to the Internet by using only one real global (public) IP address.

Configuration –

Taking the same topology, There is PC1 having IP address 192.168.1.1/24, Router R1 has IP address
192.168.1.2/24 on interface fa0/0, 12.1.1.1/24 on fa0/1, and the server has IP address 73.1.1.2/24.
Now, first configuring the access-list:

R1(config)# access-list 1 permit 192.168.1.0 0.0.0.255

Configuring the nat pool from which a public IP will be selected.

R1(config)# ip nat pool pool1 12.1.1.1 12.1.1.1 netmask 255.255.255.0

Here, note that the nat pool is shrunk to one IP address only and the IP address used is the outside
interface IP address of the router. If you have additional IP then you can use that also.
 CNS Lab

Now, enabling Dynamic NAT overload (PAT):

R1(config)# ip nat inside source list 1 pool pool1 overload

Or we can also use

R1(config)# ip nat inside source list 1 interface fastEthernet 0/1 overload

At last, we have to configure router interfaces as inside or outside.

R1(config)# int fa0/0

R1(config-if)# ip nat inside
R1(config)# int fa0/1
R1(config-if)# ip nat outside

How NAT protect you:-

-It hides the IP address of any devices on your network from the outside world giving them all a
single address.

-It requires every incoming packet of information to have been asked for by a device. if a malicious
data packet isn’t on the list of expected communications it gets rejected.

-Some firewalls can use whitelisting to block unauthorized outgoing traffic so if you do contract a
piece of malware your firewall may prevent it from communicating with your device.

Advantages of NAT –
 NAT conserves legally registered IP addresses.
 It provides privacy as the device’s IP address, sending and receiving the traffic, will be hidden.
 Eliminates address renumbering when a network evolves.

Disadvantage of NAT –
 Translation results in switching path delays.
 Certain applications will not function while NAT is enabled.
 Complicates tunneling protocols such as IPsec.
 CNS Lab

 Also, the router being a network layer device, should not tamper with port numbers(transport
layer) but it has to do so because of NAT.

Steps to configure PAT with multiple public addresses

1. Create an ACL using the access-list 1 permit [address][ wildcard mask].

2. Create a NAT pool using the ip nat pool [name] [first-address] [last-address] [netmask]
[subnet mask] global configuration command. This pool will contain the public addresses to be
used for the translation.
3. The ip nat inside source list [ACL] [number] pool [name] overload The full command is ip nat
inside source list 1 pool LAN overload.
4. Use the ip nat inside interface command to enable the inside interface for NAT translation
5. Use the ip nat outside interface command to enable the outside interface for NAT translation.

Configuring PAT with multiple public addresses

An organization is assigned to two public addressees: 200.100.100.1 and 00.100.100.2, and it

wants to allow its internal hosts, in the private network 172.31.1.0 - 255.255.255.0 to reach the
internet using PAT.

PAT topology

To configure PAT for the network topology above, the following steps are applied:

1. Create an ace list that will specify which private addresses are allowed to be translated
using the access-list 1 permit 172.31.1.0 0.0.0.255
2. ip nat pool LAN 200.100.100.1 200.100.100.1 [netmask] 255.255.255.0 creates a pool that
contains the public addresses to be used for translation.
3. Bind the access list and the pool together using the ip inside source list 1 pool LAN overload.
This allows for the dynamic mapping of the private addresses and the public address in the
NAT pool named LAN. The overload keyword used here is the only configuration
difference between PAT and dynamic NAT.
4. Enter the interface serial 0/0/0/ to identify the interface as the outside interface using the ip nat
outside command.
 CNS Lab

5. Enter gigabitethernet g0/0 using the interface gigabitethernet g0/0 command and identify it as
the inside interface relative to NAT with the ip nat inside command.

Outputs

PAT with multiple public address configuration

 CNS Lab

PAT with single public address

Steps to configure PAT with a single address

If an organization is assigned a single public address by an ISP. Then, PAT can be configured with a
little changes when compared to PAT with multiple addresses.

In this situation, a NAT pool is not created, but an outside interface used for the translation is used in
place of the NAT pool as mentioned in step 3 above.

1. Create an ACL using the access-list 1 permit [address] [wildcard mask].

2. PAT is enabled using the ip nat inside source list [ACL] [number] interface [interface-
type/number] overload. The interface used for this is an outside interface, and it’s
configured as the single public address assigned to the organization by an ISP.
3. Use the ip nat inside interface command to enable the inside interface for Nat translation.
4. Use the ip nat outside interface command to enable the outside interface for NAT translation.

Configuring PAT with one public address

An organization is assigned one public address 200.100.100.1, and it wants to allow its internal hosts
in the private network 172.31.1.0 - 255.255.255.0 to reach the internet using PAT.

PAT topology with one public address

To configure PAT for the topology above, the following steps will be applied:

1. Create an ace list that will specify which private addresses are allowed to be translated,
using the access-list 1 permit 172.31.1.0 0.0.0.255 command.
2. Bind the access list and the outside interface together using the ip inside source list 1 interface
s0/0/0 overload.
3. Enter the interface serial 0/0/0/ command to identify it as an outside interface relative to NAT
using the: ip nat outside command.
4. Enter the interface gigabitethernet g0/0 command and identify it as an inside interface relative
to NAT using the ip nat inside command.
 CNS Lab

Outputs

PAT with one public address configuration

 CNS Lab

ASSIGNMENT NO.2

TITLE
 Using a Network Simulator (e.g. packet tracer) Configure Routing Protocols
PROBLEM STATEMENT

a) Configure EIGRP – Explore Neighbor-ship Requirements and Conditions, its K Values

Metrics Assignment and Calculation.
OBJECTIVES
 To understand Distance Vector Routing and how to Configure Enhanced Interior Gateway
Routing Protocol (EIGRP).
 To design and implement small size network
THEORY

Enhanced Interior Gateway Routing Protocol (EIGRP) is an hybrid routing protocol possessing
characteristics of both distance-vector and and link-state routing protocols. It was a proprietary Cisco
routing protocol but Cisco decided to convert it to an open standard in 2013.

What are IGRP and EIGRP?

 The major disadvantage of RIP is that it is unable to route traffic if the destination is away
from 15 hops. More over RIP fail to identify less populated path as it sticking with Hop count
metric, only consider less number Hops. RIP doesn‟t check whether the path is populated or
busy.
 (E)IGRP excludes this all the limitations of RIP, It can be used for larger network more than 15
hops! (255 maximum hop count)
 Assure stable routing even in very large or composite networks. No routing loops
should happen.
 Quick reaction to variations in network topology.
 Low overhead, means requires small bandwidth to operate.

For EIGRP, routing metric is calculated using bandwidth, delay, reliability and load.
 CNS Lab

EIGRP Neighborhood establishment

Before exchanging routing information, routers that run EIGRP must first become neighbors. EIGRP
Routers send hello packets to the multicast address of 224.0.0.10 to dynamically discover
neighbors on directly attached networks.

In order for routers in a network to become neighbors:

 They must be configured with the same ASN (Autonomous System Number). An autonomous system
number is a group of EIGRP-enabled routers that should become EIGRP neighbors and exchange
routes.
 The routers must also be using the same parameters to calculate metric. These parameters are
called K values (components of metric). Just as we’ve seen, the K values are bandwidth, delay,
reliability and load.

By default, the only parameters used to calculate EIGRP metric are bandwith and delay.The other
two parameters are disabled by default; so the network admin has to enable them on the router when
desired for use.

EIGRP tables Explained

Each EIGRP router uses three tables to store routing information.

Neighborhood table -which stores information about EIGRP neighbors? Remember we said that
routers need first to become neighbors before they can exchange routing information. A neighborhood
table is thus used to keep neighborhood information such as the IP address of the neighbor, the local
interface on which hellos were received; the hold down timer and others neighbor information.

Topology table– stores routing information learnt from neighbor routing tables. Every EIGRP
route inside the autonomous system is stored here.The topology table also holds the metrics for each
of the listed EIGRP routes, the feasible successor and the successor routes.

Routing table -Stores only the best routes to reach a remote network.
 CNS Lab

EIGRP configuration on a Router

It is configured using these commands:

1. (config) router eigrp ASN – This command starts EIGRP on the router. In order to become EIGRP
neighbors, routers must be configured with the same AS number. You can use any number between 1
and 65,535

2.(config-router) network SUBNET [WILCARD_MASK]. This command advertises a network directly

connected to the router to other routers.

Let’s configure this on Packet tracer

1. Build the network topology as shown below.

2. Do IP configurations on the PCs and the routers

Router1

R1(config)#

R1(config)#int fa0/0

R1(config-if)#ip add 10.0.0.1 255.0.0.0

 CNS Lab

R1(config-if)#no shut

R1(config-if)#int fa0/1

R1(config-if)#ip address 20.0.0.1 255.0.0.0

R1(config-if)#no shut

Router 2

R2(config)#

R2(config)#int fa0/0

R2(config-if)#ip add 30.0.0.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#int fa0/1

R2(config-if)#ip address 20.0.0.2 255.0.0.0

R2(config-if)#no shutdown

PC IP configuration

Click on PC ->Desktop->IP configuration. Here, fill in static IP addresses.

PC1 IP address: 10.0.0.2 Subnet mask: 255.0.0.0 Default Gateway 10.0.0.1

PC2 IP address: 30.0.0.2 Subnet mask: 255.0.0.0 Default Gateway 30.0.0.1

 CNS Lab

PC1

PC2

3. Configure EIGRP on the routers. Remember to use the same ASN number on both routers. Once
configured, the routers become EIGRP neighbors.
 CNS Lab

Router 1:

R1(config)#

R1(config)#router eigrp 1

R1(config-router)#network 10.0.0.0

R1(config-router)#network 20.0.0.0

R1(config-router)#Ctrl + Z

Router 2:

R2(config)#

R2(config)#router eigrp 1

R2(config-router)#network 20.0.0.0

R2(config-router)#network 30.0.0.0

R2(config-router)#Ctrl + Z

You can see that we’re simply enabling EIGRP on the routers, then advertising networks directly
connected to each router. Simple!

4. Now verify EIGRP configuration.

First let’s verify EIGRP neighborhood relationship of the routers. Lets

do this on Router 1

R1#

R1#show ip eigrp neighbors

Then observe the neighborhood:

 CNS Lab

In the picture above, you can see that R1 has a single neighbor with the IP address of 20.0.0.2

Secondly, we’ll verify whether R1 has received a route to reach the 30.0.0.0/8 network. We can use
the show ip route eigrp command.

Lastly, let’s ping PC2 from PC1. Ping should succeed because. R1 has learnt the route
to 30.0.0.0/8 through EIGRP as denoted by letter D.

Try also to ping PC1 from PC2. Ping should work.

 CNS Lab

Outputs
 CNS Lab

PROBLEM STATEMENT
b) OSPF – Explore Neighbor-ship Condition and Requirement, Neighbor-ship states,
OSPF Metric Cost Calculation
THEORY

Open Shortest Path First(OSPF):

Open Shortest Path First(OSPF) is one of the dynamic routing protocols amongst others such
as EIGRP, BGP and and RIP. It is perhaps one of the most popular link state routing protocols. It is
an open standard, so it can be run on routers from different vendors.

OSPF supports key features such as:

 IPv4 and IPv6 routing

 Classless routing

 Equal cost load balancing,

 Manual route summarization, etc.

OSPF has a default administrative distance of 110. It uses cost as the parameter for determining route
metric. It uses the multicast address of 224.0.0.5 and 224.0.0.6 for communication between OSPF-
enabled neighbors

Routers running OSPF need to establish a neighbor relationship before exchanging routing updates.
Each OSPF router runs the SFP algorithm to calculate the best routes and adds them to the routing
table.

OSPF routers store routing and topology information in three tables.:

 Neighbor table-which stores information about OSPF neighbors.

 Topology table-stores topology structure of the network.

 Routing table-stores the best routes

 CNS Lab

OSPF neighborhood discovery

Routers running OSPF need to establish a neighbor relationship before exchanging routing updates.
OSPF neighbors are dynamically discovered by sending Hello packets out each OSPF-enabled
interface on a router. Hello packets are sent to the multicast address of 224.0.0.5.

OSPF areas

An area is simply a logical grouping of adjacent networks and routers. All routers in the same area
have the same topology table and don’t know about routers in other areas. The main benefits of
using areas in an OSPF network are:

 Routing tables on the routers are reduced.

 Routing updates are reduced.

Each area in an OSPF network must be connected to the backbone area ( also known as area 0 ). All
routers inside an area must have the same area ID .

A router that has interfaces in more than one area (for example area 0 and area 1) is known as an Area
Border Router (ABR). A router that connects an OSPF network to other routing networks (for
example, to an EIGRP network) is called an Autonomous System Border Router (ASBR).

For now we’ll configure basic OSPF. On to it then!

Basic OSPF configuration.

1. Build the network topology.

 CNS Lab

2. Configure IP addresses on PCs and router interfaces.

Router 1

R1(config)#int fa 0/0

R1(config-if)#ip add 10.0.0.1 255.0.0.0

R1(config-if)#no shut

R1(config-if)#

R1(config-if)#int serial 0/0/0

R1(config-if)#ip add 20.0.0.1 255.0.0.0

R1(config-if)#no shut

Router 2

R2(config-if)#int fa0/0

R2(config-if)#ip add 30.0.0.1 255.0.0.0

R2(config-if)#no shut

R2(config-if)#

R2(config-if)#int serial0/0/0

R2(config-if)#ip address 20.0.0.2 255.0.0.0

R2(config-if)#no shut
 CNS Lab

Now do IP configurations for the PCs.

PC1 IP add 10.0.0.2 Subnet mask 255.0.0.0 Default gateway 10.0.0.1

PC2 IP add 30.0.0.2 Subnet mask 255.0.0.0 Default gateway 30.0.0.1

3. Configure OSPF on the routers.

The configuration is pretty simple and requires only two major steps:

1. Enable OSPF on a router using the router ospf PROCESS_ID in the global configuration mode.

2.Define on which interfaces OSPF will run and what networks will be advertised using
network IP_ADDRESS WILCARD_MASK AREA command in the OSPF configuration mode.

Note that the OSPF process ID doesn’t have to be the same on all routers in order for the routers to
establish a neighbor relationship, but the area parameter has to be the same on all neighboring routers
in order for the routers to become neighbors.

Router 1

R1(config)#

R1(config)#router ospf 1

R1(config-router)#network 10.0.0.0 0.255.255.255 area 0

R1(config-router)#network 20.0.0.0 0.255.255.255 area 0

Router 2

R2(config)#

R2(config)#router ospf 2

R2(config-router)#network 20.0.0.0 0.255.255.255 area 0

R2(config-router)#network 30.0.0.0 0.255.255.255 area 0

As you can see from the above picture,we just need to enable OSPF on the routers which then
advertise the networks directly connected to each of them.

Have in mind: The OSPF process IDs used for the two routers have been made optionally different
but their area numbers must be the same.
 CNS Lab

4. Verify OSPF configuration

First, let’s verify that the routers have established a neighbor relationship by typing the show ip ospf
neighbor command on R1:

Next, to verify that R1 has learnt the route to 30.0.0.0/8 network, we’ll use show ip route
ospf command on R1:

Note that the letter O indicates OSPF routes.

Lastly, verify connectivity. Ping PC2 from PC1. Ping should be successful.

Other OSPF verification commands

 CNS Lab

 show ip ospf neighbors detail

 show ip ospf database

 show ip ospf interface

Outputs
 CNS Lab

PROBLEM STATEMENT
c) WLAN with static IP addressing and DHCP with MAC security and filters.
THEORY

Wireless Router configuration in Cisco Packet Tracer

In our network set up, we have two laptops and a PC which should connect to a LAN provided by one
wireless router. The PC is is used by the network Admin and connects to the LAN via an Ethernet port
of wireless router. The laptops should connect to the same LAN by wireless means, and for this reason
we’ll install wireless adapters on them. Still, we’ll need to connect the LAN to the internet via an ISP
router.

Let’s now do all that step by step.

Wireless LAN configuration

First get into Cisco Packet Tracer and in the physical mode, pick a wireless router and two laptops,a
PC, a generic server and a 2800-series router(or just any other router other than wireless).

Now connect the PC to the Ethernet 1 of the wireless router.

For the laptops, replace the already-installed wired LAN module with a wireless adapter module
(WMP 300N) .

Make sure that you first power off each laptop before you make any replacement then restore the
power back after replacement. That’s easy to do!

Once you have the wireless modules in place, you’ll see the wireless connections come up between the
laptops and the wireless router as shown below.
 CNS Lab

Next, we’re going to do some settings on the wireless router to create a LAN then connect it to the
internet.

To do any configuration on the wireless router, we’ll use its GUI(Graphical User Interface) which we
can access either by:

 Clicking the Wireless Router icon then GUI tab, or

 Using a browser in a PC or laptop in the LAN.

Let’s use the PC to access the router GUI.

We’ll access the router from the PC or the laptops using the router’s LAN interface. The LAN
interface is simply the default gateway of the LAN.

So now, on the ADMIN PC browser, type the IP address of the LAN interface of the wireless router.
(192.168.0.1 by default ), then hit Go.

A login prompt appears. Provide the username (admin) and password (admin) to be allowed into the
GUI of the router.You can always change these settings later.
 CNS Lab

You should now be in the GUI of the router, whichever approach you chose to access it. Just examine
it closely for a moment. On it, you can see several tabs like Setup, Wireless, Security, Access
Restrictions, Application & Gaming, Administration and WRT 300N status.

For this tutorial we’ll focus on setup, wireless and administration tabs. Notice that once you click on
one major tab, other ‘sub-tabs’ will appear.

Wireless Router Administration

We’ll begin with Administration in the GUI. Here we’ll simply change the router’s username and
password.

On the browser of Admin PC, type the IP address of the LAN interface of the wireless
router(192.168.0.1, by default). Hit Go to access the GUI of the router. Provide the
default username(admin) and password(admin). Click OK. You’re now on the GUI of the router.
See it on the figure below.
 CNS Lab

Click on the Administration tab and set a new password for administrative access. Scroll down
and Save settings. You will be prompted for a username and the new password you just set.Type them
and click OK. Wait a bit. A new screen appears confirming settings are successful. You can click
on continue to continue with configurations.
 CNS Lab

To test for the new password entered, close the browser of Admin PC and try to to access the GUI
again using the browser. You’ll now provide the new password you’ve just set.

The admin username and password are important, as only a network admin(or a user with admin
rights) is able to log into the router and manage its settings.

Let’s now move on to another setup.

LAN Setup and Internet Setup

To configure addresses for the LAN and internet connectivity, we’ll use Setup tab.

Network Setup

Network setup means LAN setup. Already, we have a PC and three laptops in the LAN.We’ll assign
the them IP addresses either statically or dynamically (using a DHCP pool set up in the wireless
router).

The default LAN network address given here is 192.168.0.0 with a subnet mask of 255.255.255.0
.The first address in this network (192.168.0.1 by default) has been assigned to the LAN interface of
the router. It has just been named IP address. Obviously, all the PCs in the LAN will use the LAN
interface as their default interface(to communicate to hosts in outside networks).

Now, in the router’s network settings, you may choose to enable DHCP to dynamically assign IP
addresses to the PCs. On the other hand, if you choose to disable DHCP, then obviously, you’ll have
to configure static IP addresses on the PCs.

When you choose to enable DHCP, set the start address for the LAN pool, maximum hosts to be
allowed in your LAN and the DNS server for the LAN. The PCs will receive addresses automatically
from the pool.

Now, going the DHCP way:

 Ensure DHCP is checked.

 Leave the IP address as 192.168.0.1 (This is the default LAN gateway address).
 Set a start address of 192.168.0.50 and set maximum users to 100 (or any number of users you want)
 CNS Lab

 You can leave the DNS server entry as it is (0.0.0.0) or specify the address of a DNS server of your
choice.
 Scroll down and Save settings.

See the set up window below.

Moving on, let’s enable DHCP on each PC for dynamic configuration. Go to the IP
configuration tab for each PC and enable DHCP. Each PC should automatically obtain an IP
address from the router.

As an example, here is the IP configuration for Laptop1:

 CNS Lab

Now let’s test our wireless LAN.

Ping PC2 from PC1. Ping should succeed.

Try also to ping the LAN interface of the router from one of the PCs ,say, PC1 . It should be
successful.

That was pretty easy! Let’s now move on and add wireless security for the wireless LAN access.

Adding security for wireless LAN access

The LAN network we have just setup has no wireless security features enabled. If this a was a
production network, this would mean an obvious security threat since this makes the network
accessible to unauthorized users. So let’s implement some level of wireless security to our LAN.

Access the GUI of wireless router (either by clicking on Router icon or from Admin PC browser),
then click on Wireless tab. Under the Basic Wireless Settings sub tab, change the default
wireless SSID to any name of your choice. I have named mine ‘myLAN‘. After this, don’t forget
to Save settings.
 CNS Lab

The acronym SSID stands for Service Set Identifier, and its the name of your wireless
network(wireless LAN).

Still, in the Wireless tab, under the Wireless security sub tab, change security mode
to WPA personal , then set passphrase field to a password of your choice. Scroll down and Save
settings
 CNS Lab

The LAN network is now secured for wireless access. To test whether its really protected,
click Laptop1->Desktop->Wireless.

A new window appears that shows the now secured wireless network. Click connect. You can now
see the name of the wireless network( myWIFI , in my case) and its signal strength. Site features
listed include WPA1 PSK security feature.
 CNS Lab

Again, click connect, then provide the security pre-shared key for the WiFi that you set,
then connect. Laptop 1 is now connected to the WiFi network. You can see at the bottom right of the
screen that the wireless network adapter on the laptop is active.Repeat this process for the Laptop2.

Now, you can change the wireless security mode to any other from the available options. You may
choose WEP security feature for our wireless network, for example. For WEP, provide a 40-bit (10
hexadecimal digits e.g. A123B456C789) or 64 -bit key(16 hex characters). WEP and WPA
configurations look almost alike.

That’s all for wireless security configuration.

Lastly, let’s see how to set up internet configurations on the wireless Router so that the PC and
laptops in the LAN can access the internet. So move on to the next section.

Internet Setup

For this part, we’ll configure the internet interface on the router so as to connect our LAN to the
internet. Note that for different routers (from different vendors), the internet interface may be named
 CNS Lab

differently; in some routers, for example, the interface may have the name ‘WAN interface‘, suitably
because its the interface that allows devices in our LAN to access the internet.

Here, we’ll connect the internet interface to an ISP router which then connects to an internet server
(example.com, as an example).

So now, access the Internet Setup tab on the GUI of the wireless router (either by clicking on its
icon or from admin PC browser). Actually, in a real life router configuration, you’ll use a PC browser.
In this case you should remember the username name and the new password you set.

To Set internet connectivity , we’ll need to set a static IP address on the interface or set interface as a
DHCP client so that it will be assigned an address dynamically by the ISP router. Alternatively, you
may use PPPoE to provide WAN connectivity to the internet.

Now, if you choose to configure a static IP address for the internet interface, you can specify also
the default gateway and a DNS server of your choice.

And, if you’d rather like to have the internet interface address configured by DHCP, you’ll then set the
internet interface as a DHCP client. A DHCP server will be configured on another device, such as
the ISP router (in our topology here!).
 CNS Lab

Otherwise, if you choose PPPoE for internet connectivity, then set up the username and password for
PPPoE authentication. The internet interface will then become a PPPoE client and will negotiate for
connection with a PPPoE server running on an ISP device so as to achieve internet
connectivity.Usually the username and password will be provided by your ISP.

For now, we’ll set the internet interface to act as a DHCP client (with the DHCP server configured on
the ISP router)

So then :

First configure IP addresses and a DHCP server on ISP router.

ISP_ROUTER(config)#int fa0/0

ISP_ROUTER(config-if)#ip add 155.21.21.1 255.255.0.0

ISP_ROUTER(config-if)#no shut

ISP_ROUTER(config-if)#

ISP_ROUTER(config-if)#int fa0/1

ISP_ROUTER(config-if)#ip add 200.0.0.1 255.255.255.0

ISP_ROUTER(config-if)#no shut

ISP_ROUTER(config-if)#exit

ISP_ROUTER(config)#ip dhcp pool mypool

ISP_ROUTER(dhcp-config)#net 155.21.0.0 255.255.0.0

ISP_ROUTER(dhcp-config)#default-router 155.21.21.1

ISP_ROUTER(dhcp-config)#dns-server 0.0.0.0

Now make the internet interface a DHCP client by enabling DHCP on it.
 CNS Lab

To verify DHCP configuration, click on the wireless router icon, then go to Config
tab. Pick DHCP. The interface is now configured with an IP address from the pool set in the ISP
router.

Next,we have to configure static or dynamic routes in the ISP router for the devices in the wireless
LAN to gain access the internet server:

Here is a static route:

ISP_ROUTER(config)#ip route 192.168.0.0

255.255.255.0 fa0/0

Lastly, assign an IP address to the internet server (if you hadn’t done so), then try to reach the server
from a host in the LAN.

For example, you can ping the server from Laptop1. Ping should succeed.
 CNS Lab

Outputs
 CNS Lab

ASSIGNMENT NO.3

TITLE
 Socket Programming using Python
PROBLEM STATEMENT
a) TCP Client, TCP Server
OBJECTIVES
 To understand Socket Programming using Python between TCP Client and Server
THEORY

What is socket?

Sockets act as bidirectional communications channel where they are endpoints of it. Sockets may
communicate within the process, between different process and also process on different places.
Socket programming is a way of connecting two nodes on a network to communicate with each
other. One socket(node) listens on a particular port at an IP, while the other socket reaches out to the
other to form a connection. The server forms the listener socket while the client reaches out to the
server.
Socket Module- s.socket.socket(socket_family, socket_type)
 socket_family-AF_UNIX or AF_INET
 socket_type-SOCK_STREAM or SOCK_DGRAM

Once socket object is created as mentioned above, now we can use functions below to create client
server programs.
Socket methods
Server socket methods

s.bind – This method binds address hostname, port number to socket

s.listen – This method setups and start TCP listener
s.a ccept – This passively accepts client connection, waiting until connection arrives blocking
Client socket methods
s.connect – This method actively initiates TCP server connection
 CNS Lab

General socket methods

s.recv – This method receives TCP message
s.send – This method transmits TCP message
s.close – This method closes socket
s.gethostname – Returns a hostname

Socket programming is started by importing the socket library and making a simple socket.

import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

Here we made a socket instance and passed it two parameters. The first parameter is AF_INET and
the second one is SOCK_STREAM. AF_INET refers to the address-family ipv4. The
SOCK_STREAM means connection-oriented TCP protocol.
A simple server-client program :

Server :
A server has a bind() method which binds it to a specific IP and port so that it can listen to incoming
requests on that IP and port. A server has a listen() method which puts the server into listening
mode. This allows the server to listen to incoming connections. And last a server has an accept() and
close() method. The accept method initiates a connection with the client and the close method closes
the connection with the client

Flowchart of TCP client and TCP server communication

 CNS Lab

tcpServer.py
import socket

server = socket.socket(socket.AF_INET,
socket.SOCK_STREAM) print("Socket Created Successfully
............................................................")

server.bind(('localhost', 9999))

server.listen(10)
print("Server Waiting for connection..")

while True:
c, addr = server.accept()
print("Connected with", addr)
c.send('Thank you for connecting'.encode())
c.close()
tcpClient,py
import socket

c = socket.socket()

c.connect(('localhost', 9999))
print(c.recv(1024).decode())

c.close()
 CNS Lab

Program code

//TCP Client
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>
#define SERVER_PORT 8080
#define SERVER_IP "127.0.0.1"
int main() {
int sock;
struct sockaddr_in server_addr;
char message[] = "Hello from client!";
char buffer[1024];
// Create socket
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
perror("Socket creation failed");
exit(EXIT_FAILURE);
}
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(SERVER_PORT);
if (inet_pton(AF_INET, SERVER_IP, &server_addr.sin_addr) <= 0) {
perror("Invalid address");
exit(EXIT_FAILURE);
}
// Connect to the server
if (connect(sock, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) {
perror("Connection failed");
exit(EXIT_FAILURE);
}
// Send message to server
send(sock, message, strlen(message), 0);
 CNS Lab

// Receive response from server

int bytes_received = recv(sock, buffer, sizeof(buffer), 0);
if (bytes_received > 0) {
buffer[bytes_received] = '\0';
printf("Server: %s\n", buffer);
}
close(sock);
return 0;
}

//TCP Server
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>

#define PORT 8080

#define MAX_CLIENTS 10
int main() {
int server_fd, client_fd;
struct sockaddr_in server_addr, client_addr;
socklen_t client_len;
char buffer[1024];
// Create socket
if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) == 0) {
perror("Socket failed");
 CNS Lab

exit(EXIT_FAILURE);
}
server_addr.sin_family = AF_INET;

server_addr.sin_addr.s_addr = INADDR_ANY;
server_addr.sin_port = htons(PORT);
// Bind socket to address and port
if (bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) {
perror("Bind failed");
exit(EXIT_FAILURE);
}
// Listen for incoming connections
if (listen(server_fd, MAX_CLIENTS) < 0) {
perror("Listen failed");
exit(EXIT_FAILURE);
}
printf("Server is listening on port %d...\n", PORT);
client_len = sizeof(client_addr);
// Accept a client connection
if ((client_fd = accept(server_fd, (struct sockaddr *)&client_addr, &client_len)) < 0) {
perror("Accept failed");
exit(EXIT_FAILURE);
}
printf("Client connected\n");
// Receive data from client
int bytes_received = recv(client_fd, buffer, sizeof(buffer), 0);
if (bytes_received > 0) {
buffer[bytes_received] = '\0';
printf("Received: %s\n", buffer);
}
// Send response to client
 CNS Lab

send(client_fd, "Hello from server!", 18, 0);

close(client_fd);
close(server_fd);
return 0;

Program Output

}
CNS Lab
 CNS Lab

PROBLEM STATEMENT
b) UDP Client, UDP Server
OBJECTIVES
 To understand Socket Programming using Python between UDP Client and Server
THEORY

What is socket?

Sockets act as bidirectional communications channel where they are endpoints of it. Sockets may
communicate within the process, between different process and also process on different places.
Socket programming is a way of connecting two nodes on a network to communicate with each
other. One socket(node) listens on a particular port at an IP, while the other socket reaches out to the
other to form a connection. The server forms the listener socket while the client reaches out to the
server.
Socket Module- s.socket.socket(socket_family, socket_type)
 socket_family-AF_UNIX or AF_INET
 socket_type-SOCK_STREAM or SOCK_DGRAM

Once socket object is created as mentioned above, now we can use functions below to create client
server programs.
Socket methods
Server socket methods

s.b ind – This method binds address hostname, port number to socket
Client socket methods
s.c onnect – This method actively initiates TCP server connection

General socket methods

s.recvfrom – This method receives UDP message
s.sendto – This method transmits UDP message

s.close – This method closes socket

 CNS Lab

s.gethostname – Returns a hostname

Socket programming is started by importing the socket library and making a simple socket.

import socket

s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

Here we made a socket instance and passed it two parameters. The first parameter is AF_INET and
the second one is SOCK_STREAM. AF_INET refers to the address-family ipv4. The
SOCK_STREAM means connection-oriented TCP protocol.
A simple server-client program :

Server :
A server has a bind() method which binds it to a specific IP and port so that it can listen to incoming
requests on that IP and port. A server has a listen() method which puts the server into listening
mode. This allows the server to listen to incoming connections. And last a server has an accept() and
close() method. The accept method initiates a connection with the client and the close method closes
the connection with the client

Flowchart of UDP client and UDP server communication

 CNS Lab

udpServer.py
import socket

s = socket.socket(socket.AF_INET,
socket.SOCK_DGRAM) print("Socket Created
Successfully......................................................")

s.bind(('localhost', 12345))
print("UDP Server is up and waiting.......")

while True:
data, addr1 = s.recvfrom(4096)
print(str(data))
msg = bytes("Hello I am UDP server...",encoding='utf-8')
s.sendto(msg,addr1)
udpClient,py
import socket

client = socket.socket(socket.AF_INET,

socket.SOCK_DGRAM) msg = "Hello UDP Server"

client.sendto(msg.encode('utf-8'),('localhost',

12345)) data, addr1 = client.recvfrom(4096)

print(str(data))
client.close()
 CNS Lab

Program Code

//UDP Client
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>

#define SERVER_PORT 8080

#define SERVER_IP "127.0.0.1"
#define MAX_BUF_SIZE 1024

int main() {
int sock;
struct sockaddr_in server_addr;
char message[] = "Hello from UDP client!";
char buffer[MAX_BUF_SIZE];

// Create socket
if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
perror("Socket failed");
exit(EXIT_FAILURE);
}
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(SERVER_PORT);
inet_pton(AF_INET, SERVER_IP, &server_addr.sin_addr);

// Send message to server

sendto(sock, message, strlen(message), 0, (struct sockaddr *)&server_addr, sizeof(server_addr));
 CNS Lab

// Receive response from server

socklen_t server_len = sizeof(server_addr);
int bytes_received = recvfrom(sock, buffer, MAX_BUF_SIZE, 0, (struct sockaddr *)&server_addr,
&server_len);
if (bytes_received > 0) {
buffer[bytes_received] = '\0';
printf("Server: %s\n", buffer);
}
close(sock);
return 0;
}

//UDP Server
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>

#define PORT 8080

#define MAX_BUF_SIZE 1024
int main() {
int sock;
 CNS Lab

struct sockaddr_in server_addr, client_addr;

socklen_t client_len = sizeof(client_addr);
char buffer[MAX_BUF_SIZE];
// Create socket
if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
perror("Socket failed");
exit(EXIT_FAILURE);
}

server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = INADDR_ANY;
server_addr.sin_port = htons(PORT);

// Bind socket to address and port

if (bind(sock, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) {
perror("Bind failed");
exit(EXIT_FAILURE);
}
printf("UDP Server listening on port %d...\n", PORT);
// Receive data from client
int bytes_received = recvfrom(sock, buffer, MAX_BUF_SIZE, 0, (struct sockaddr *)&client_addr,
&client_len);
if (bytes_received > 0) {
buffer[bytes_received] = '\0';
printf("Received: %s\n", buffer);
}
// Send response to client
sendto(sock, "Hello from UDP server!", 22, 0, (struct sockaddr *)&client_addr, client_len);
close(sock);
return 0;
}
CNS Lab
 CNS Lab

Program Output
 CNS Lab

ASSIGNMENT NO. 4

TITLE

 Introduction to server administration (server administration commands and their

applications) and configuration of below Server: (Study/Demonstration Only)

PROBLEM STATEMENT
a) FTP Server
OBJECTIVES
 To Configure FTP Services on Server.
 To Upload a File into the FTP Server from Remote PC.
 To Download a File from the FTP Server from Remote PC.
THEORY

The File Transfer Protocol is a standard network protocol used for the transfer of computer files
between a client and server on a computer network. FTP is built on a client-server model architecture
using separate control and data connections between the client and the server.

Let’s now do FTP configuration in Packet Tracer

First step : Build the network topology

First of all, we take two computers and take their IP address.then we take server and swich and
connect them with the help of cable.
 CNS Lab

after that we have to click on the server and after clicking on the sevice name option, we will close all
the services open, and then click on FTP service and turn on.

we
have to create user name and password by going to FTP service and then we will give read-write-
delete-rename-list permission to the user and add it
 CNS Lab

after that we will go to one of the computers and open the command prompt it and type ( ipconfig )
inside
it so that we will know which IP we login with on which computer?
 CNS Lab

Then we will put the IP address there now of FTP sever.

after entering the FTP sever IP address, we will see it. there, the user name, we have to enter the
name of the user with which we have created the user and the password to which we have given it.
after that we will operate the FTP sever so you can configure FTP server in packet tracer.

Now try using an FTP client built in the Laptop to send files to an FTP server configured in the
Server.

From the Laptop’s command prompt, FTP the server using the server IP address by typing:

ftp 192.168.1.2

Provide the username(cisco) and password(cisco) [which are the defaults] for ftp login.

You are now in the FTP prompt .

 CNS Lab

PC0 has an FTP client which can be used to read, write, delete and rename files present in the FTP
server.

The FTP server can be used to read and write configuration files as well as IOS images. Additionally,
the FTP server also supports file operations such rename, delete and listing directory.

With that in mind, we can do something extra. So let’s do this:

4. Create a file in the Laptop then upload it to the server using FTP.

To do this, open the Text Editor in the Laptop, create a file and give it your name of choice.

Type any text in the editor then save your file. e.g. myFile.txt.

5. Now upload the file from the Laptop to the server using FTP. (An FTP connection has to be started
first. But this is what we’ve done in step 3)

So to do an FTP upload, we’ll type:

put MyFile.txt

6. Once file upload is successful, go to the Server FTP directory to verify if the file sent has been
received . To do this, go to Server-> Services->FTP. Here look for MyFile.txt sent from the laptop.
 CNS Lab

Something extra: To check other FTP commands supported by the FTP client running on the
Laptop(or PC), you can use a question mark (?) on the Laptop’s command prompt as shown below:

You can see the put command that we used to upload our file to the FTP server. Other commands listed
include:

get-used to get(download) a file from the server.

For example: get MyFile.txt

delete– to delete a file in the FTP directory with the server For

example: delete MyFile.txt

Rename– used to Rename a file

 CNS Lab

cd – used to change directory.

For example, we can open an HTTP directory in the server by typing: cd /http. This will change the
current directory from FTP directory to HTTP directory

Once the http directory is open, you can upload a file to the HTTP server. You’re now uploading a file
to an HTTP folder(directory) using FTP.

For example: put MyFile.txt

To see this working, let’s open an HTTP directory and upload(put) a file to it using FTP:

You can now check up in the HTTP directory in the server and verify that the file uploaded from the
Laptop(MyFile.txt) is well received:
 CNS Lab

Notice that we are uploading files to an HTTP Server directory using File Transfer Protocol.(FTP).
This is what actually happens when you use an FTP client such as FileZilla client to upload files to a
website. In our case here, we are using an FTP client built-in the Laptop.

The first FTP client applications were command-line programs developed before operating
systems had graphical user interfaces, and are still shipped with most Windows and Linux operating
systems. (Actually this is what we have been using this far). Many FTP clients(e.g. FileZilla) and
automation utilities have since been developed for desktops, servers, mobile devices, and hardware.
FTP has also been incorporated into productivity applications, such as HTML editors.

Well done for reading this topic up to this point! You now have more than a foundation regarding
working with FTP to upload, download, delete, rename…files.

If you’re okay so far, then let’s do something even more interesting…

We’ll create an html file in our Laptop, upload it to HTTP server directory using FTP, then try
to access the file from the Laptop’s browser.

So psych up and let’s move on!

On the Laptop, open the text editor, then type some markup(html) and save the file with the
extension .html. See all this below:
 CNS Lab

Save your file as an html file like this:

Now upload the file( File2.html) to the HTTP server using FTP. This is easy. We’ve already done it
previously!

If you’re already in the HTTP directory, you just need to type: put File2.html. If no, first ftp the
server(ftp 192.168.1.2), provide the login username(cisco) and password(cisco); change the current
directory to HTTP(cd /http) , and finally upload the html file onto the HTTP directory(put File2.html)
 CNS Lab

Moving on…

Check whether the html file uploaded has been received in the HTTP directory:

Go to Server->Services-> HTTP. Then look up for the file in the File Manager.

Now edit index.html file in the HTTP directory so as to include a link to File2 that we’ve just
uploaded. This will make File2 accessible from the Laptop’s browser. To do this,
 CNS Lab

locate index.html then click edit. Proceed to edit it as shown below. Then save and accept overwrite.

Finally, try to access the newly uploaded file from the Laptop’s browser.

So go to the Laptop’s browser and access the server using the server’s IP address. By doing this, the
browser is making an http request to the server. The server will respond to the Laptop with
the index.html file containing a link to File2 which we’ve uploaded from the Laptop using FTP.
 CNS Lab

Click File2 link to view the contents of the file in the browser.

Outputs
 CNS Lab

PROBLEM STATEMENT
b) Web Server
THEORY

When we search anything on Google, Bing, Mozila, safari or any web browser. Its result comes
on web page that appears on screen.
So we are taking few PCs and one web server and one switch for connecting all devices. Make
sure all devices should be connected by straight through cable because for connecting different
devices, straight through cable is required. Assign IPs to each end device (server and PCs) of
single network (192.168.1.0) with subnet mask 255.255.255.0 It can different as per your choice.

 In next step we go on server >services>Http>select both services as on mode.

 Now we can search webpage from any connected PC. This will so you only existing
HTTP file when you put Server IP. Go to any PC>Desktop>Web Browser>put server
IP(192.168.1.1)> click Enter. It will so you below result.
 CNS Lab

 If you want to create your own webpage then it is very simple. Just follow path
Go to on server>services>HTTP>new file>just write you html code whatsoever you want as I coded
here.

Then click on save button.

 You may not find you file when search from PC. For it select path Go to
server>Services>HTTP>index.html>edit>write it as below.
 CNS Lab

 We can find now our created web page.

Just click on your page (My First Web Page)

 CNS Lab

Outputs
 CNS Lab

ASSIGNMENT NO. 5

PROBLEM STATEMENT

Implement a client and a server on different computers using python. Perform the communication
between these two entities by using RSA cryptosystem.

OBJECTIVES
 To implement a client and server communication.
 To understand communication between two entities by using RSA
THEORY

RSA algorithm is a public key encryption technique and is considered as the most secure way of
encryption. It was invented by Rivest, Shamir and Adleman in year 1978 and hence
name RSA algorithm.
The idea of RSA is based on the fact that it is difficult to factorize a large integer. The public key
consists of two numbers where one number is multiplication of two large prime numbers. And
private key is also derived from the same two prime numbers. So if somebody can factorize the large
number, the private key is compromised. Therefore encryption strength totally lies on the key size
and if we double or triple the key size, the strength of encryption increases exponentially. RSA keys
can be typically 1024 or 2048 bits long, but experts believe that 1024 bit keys could be broken in the
near future. But till now it seems to be an infeasible task.

How it works

The RSA algorithm ensures that the keys, in the above illustration, are as secure as possible. The
following steps highlight how it works:

1. Generating the keys

1. Select two large prime numbers, x and y. The prime numbers need to be large so that
they will be difficult for someone to figure out.
2. Calculate n=x x y.
3. Calculate the totient function; ϕ(n)=(x−1)(y−1).
 CNS Lab

4. Select an integer e, such that e is co-prime to ϕ(n) and 1<e<ϕ(n). The pair of
numbers (n,e) makes up the public key.

Note: Two integers are co-prime if the only positive integer that divides them is 1.

5. Calculate d such that e.d=1 mod ϕ(n).

d can be found using the extended euclidean algorithm. The pair (n,d) makes up the private key.

2. Encryption

Given a plaintext P, represented as a number, the ciphertext C is calculated as:

C=Pemod n.

3. Decryption

Using the private key (n,d), the plaintext can be found using:

P=Cd mod nn.

Rsa.py
import rsa

def generate_keys():
pubKey =
rsa.pubKey()
with open('keys/pubkey.pem','wb') as
f:
f.write(pubKey.save_pkcs1('PEM')
)

with open('keys/prikey.pem','wb') as
f:
f.write(priKey.save_pkcs1('PEM')
)

def load_keys():
with open('keys/pubkey.pem','rb') as f:
pubKey = rsa.PublicKey.load_pkcs1(f.read())

with open('keys/prikey.pem','rb') as f:
priKey = rsa.PrivateKey.load_pkcs1(f.read())

return pubKey, priKey

 CNS Lab

try:
return rsa.decrypt(ciphertext,key).decode('ascii')
except:
return False

def sign_sha1(msg, key):

return rsa.sign(msg.encode('ascii'), key, 'SHA-1')

def verify_sha1(msg, signature,

key): try:
return rsa.verify(msg.encode('ascii'), signature, key) == 'SHA-
1' except:
return False

generate_keys()
pubKey, priKey = load_keys()

message = input('Enter a Message:')

ciphertext = encrypt(message,
pubKey)

signature = sign_sha1(message, priKey)

plaintext = decrypt(ciphertext, priKey)

print(f'Cipher text: {ciphertext}')

print(f'Signature: {signature}')

if plaintext:
print(f'Plain Text: {plaintext}')
else:
print('Could not decrypt the message')

if verify_sha1(plaintext, signature, pubKey):

print('Signature is Verified!!!!')
else:
print('Could not verify the message signature..')

Outputs
 CNS Lab

ASSIGNMENT NO. 6

PROBLEM STATEMENT

Implement a client and a server on different computers using python. Perform the authentication of
sender between these two entities by using RSA digital signature cryptosystem.

OBJECTIVES
 To implement a client and server communication.
 To understand communication between two entities by using RSA digital signature cryptosystem
THEORY

RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it works
on two different keys i.e. Public Key and Private Key. As the name describes that the Public Key is
given to everyone and the Private key is kept private.

An example of asymmetric cryptography :

 A client (for example browser) sends its public key to the server and requests for some data.
 The server encrypts the data using the client’s public key and sends the encrypted data.
 Client receives this data and decrypts it.
Since this is asymmetric, nobody else except the browser can decrypt the data even if a third party
has the public key of browser.

Digital signatures are used to verify the authenticity of the message sent electronically. A digital
signature algorithm uses a public key system. The intended transmitter signs his/her message with
his/her private key and the intended receiver verifies it with the transmitter’s public key. A digital
signature can provide message authentication, message integrity and non-repudiation services.

RSA Key Generation:

 Choose two large prime numbers p and q
 Calculate n=p*q
 Select public key e such that it is not a factor of (p-1)*(q-1)
 Select private key d such that the following equation is true (d*e)mod(p-1)(q-1)=1 or d is inverse
of E in modulo (p-1)*(q-1)
RSA Digital Signature Scheme: In RSA, d is private; e and n are public.
 Alice creates her digital signature using S=M^d mod n where M is the message
 Alice sends Message M and Signature S to Bob
 CNS Lab

 Bob computes M1=S^e mod n

 If M1=M then Bob accepts the data sent by Alice.

Digisign.py
import rsa

def generate_keys():
pubKey = rsa.pubKey()
with open('keys/pubkey.pem','wb') as f:
f.write(pubKey.save_pkcs1('PEM'))

with open('keys/prikey.pem','wb') as f:
f.write(priKey.save_pkcs1('PEM'))

def load_keys():
with open('keys/pubkey.pem','rb') as f:
pubKey = rsa.PublicKey.load_pkcs1(f.read())

with open('keys/prikey.pem','rb') as f:
priKey = rsa.PrivateKey.load_pkcs1(f.read())

return pubKey, priKey

def encrypt(msg, key):

return rsa.encrypt(msg.encode('ascii'), key)

def decrypt(ciphertext, key):

try:
return rsa.decrypt(ciphertext,key).decode('ascii')
except:
return False

def sign_sha1(msg, key):

return rsa.sign(msg.encode('ascii'), key, 'SHA-1')

def verify_sha1(msg, signature, key):

try:
return rsa.verify(msg.encode('ascii'), signature, key) == 'SHA-1'
except:
return False

generate_keys()
pubKey, priKey = load_keys()

message = input('Enter a Message:')

ciphertext = encrypt(message, pubKey)

signature = sign_sha1(message, priKey)

 CNS Lab

plaintext = decrypt(ciphertext, priKey)

print(f'Cipher text: {ciphertext}')

print(f'Signature: {signature}')

if plaintext:
print(f'Plain Text: {plaintext}')
else:
print('Could not decrypt the message')

if verify_sha1(plaintext, signature, pubKey):

print('Signature is Verified!!!!')
else:
print('Could not verify the message signature..')

Outputs
 CNS Lab

ASSIGNMENT NO. 7

PROBLEM STATEMENT

Implement a client and a server on different computers using python. Perform the encryption of
message of sender between these two entities by using DES Algorithm and use Diffie Hellman
method for exchange of keys.
OBJECTIVES
 To implement a client and server communication.
 To understand DES algorithm and Diffie Hellman method of key exchange.
THEORY

Data encryption standard (DES) has been found vulnerable against very powerful attacks and
therefore, the popularity of DES has been found slightly on the decline.
DES is a block cipher and encrypts data in blocks of size of 64 bits each, which means 64 bits of
plain text goes as the input to DES, which produces 64 bits of ciphertext. The same algorithm and
key are used for encryption and decryption, with minor differences. The key length is 56 bits. The
basic idea is shown in the figure.

DES is based on the two fundamental attributes of cryptography: substitution (also called
confusion) and transposition (also called diffusion). DES consists of 16 steps, each of which is
called a round. Each round performs the steps of substitution and transposition. Let us now
discuss the broad-level steps in DES.

1. In the first step, the 64-bit plain text block is handed over to an initial Permutation (IP) function.
 CNS Lab

2. The initial permutation is performed on plain text.

3. Next, the initial permutation (IP) produces two halves of the permuted block; says Left
Plain Text (LPT) and Right Plain Text (RPT).
4. Now each LPT and RPT go through 16 rounds of the encryption process.
5. In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on the combined
block
6. The result of this process produces 64-bit ciphertext.

Diffie-Hellman algorithm
The Diffie-Hellman algorithm is being used to establish a shared secret that can be used for secret
communications while exchanging data over a public network using the elliptic curve to generate
points and get the secret key using the parameters.

 For the sake of simplicity and practical implementation of the algorithm, we will consider only 4
variables, one prime P and G (a primitive root of P) and two private values a and b.
 P and G are both publicly available numbers. Users (say Alice and Bob) pick private values a and
b and they generate a key and exchange it publicly. The opposite person receives the key and that
generates a secret key, after which they have the same secret key to encrypt.
Step by Step Explanation
 CNS Lab

Example:
Step 1: Alice and Bob get public numbers P = 23, G
= 9

Step 2: Alice selected a private key a = 4

and
Bob selected a private key b = 3

Step 3: Alice and Bob compute public

values
Alice x =(9^4 mod 23) = (6561 mod 23)
: = 6
y = (9^3 mod 23) = (729 mod =
Bob: 23) 16

Step 4: Alice and Bob exchange public

numbers
 CNS Lab

Step 5: Alice receives public key y =16

and Bob receives public key x = 6

Step 6: Alice and Bob compute symmetric keys

Alice: ka = y^a mod p = 65536 mod 23 =
9 Bob: kb = x^b mod p = 216 mod 23 =
9

Step 7: 9 is the shared secret.

DES.py
 CNS Lab

Outputs
 CNS Lab

ASSIGNMENT NO. 8

PROBLEM STATEMENT

Use the snort intrusion detection package to analyze traffic and create a signature to identify
problem traffic
OBJECTIVES
To focus on writing snort rules to detect real world attacks based on inspecting ans analyzing
malicious traffic.
THEORY

Snort is one of the best known and widely used network intrusion detection systems (NIDS). It has
been called one of the most important open-source projects of all time.

Snort analyzes network traffic in real-time and flags up any suspicious activity. In particular, it looks
for anything that might indicate unauthorized access attempts and other attacks on the network. A
comprehensive set of rules define what counts as “suspicious” and what Snort should do if a rule is
triggered.

Installation Steps:

1. Install Snort into your operating system.

>> sudo apt-get install snort

2. Read through Snort's configuration guide and edit /etc/snort/snort.conf as needed for your machine

3. When you run snort you'll see many errors/warnings in the output. Warnings about duplicate
rules are okay, but others aren't.

4. Read about Snort's rule syntax and configuration here: http://manual.snort.org/node27.html .

Problem 1: Trigger some alerts

Find two different rules in the /etc/snort/rules/*.conf files and read about them, understand them.
Now try to trigger the rules. Some of the simpler rules to trigger are based on finding bad data in web
requests. Many inbound tests need incoming requests on established connections. You can start a
simple webserver like this: sudo python -m SimpleHTTPServer 80

Once triggered, view the alert in /var/log/snort. It will be in binary, so you'll need to convert it from
Snort's unified2 format into human readable using:

gmu@gmu-virtual-machine:/var/log/snort$ u2spewfoo snort.log

Turn in: - The alert signature (from the rules file)

- A description of how you triggered the alert
- The alert itself from the log file (after converting it to readable

text) Do this for two Snort rules.

 CNS Lab

Problem 2: Writing your own rules

In this part you need to write a rule that will fire when you browse to craigslist.org from the machine
Snort is running on. So it should look for any outbound TCP request to craigslist.org and alert on it.
The alert should also fire for any of the pages under the main page for example. You should add your
rule into /etc/snort/rules/local.rules. Make sure to pick a SID 1000000 . Make sure your rule does
NOT trigger when you go to other .org sites.

Turn in: - The alert signature (from the rules file)

- The alert itself from the log file (after converting it to readable text)
 CNS Lab

ASSIGNMENT NO. 9

PROBLEM STATEMENT
Write a Java program to perform encryption and decryption using the following algorithms:
a) Ceaser Cipher
b) Substitution Cipher
c) Hill Cipher
OBJECTIVES
To understand the concept of encryption and Decryption using various cipher algorithms
THEORY

Ceaser Cipher:
The Caesar cipher (or Caesar code) is a monoalphabetic substitution cipher, where each letter is replaced
by another letter located a little further in the alphabet (therefore shifted but always the same for given
cipher message). The shift distance is chosen by a number called the offset, which can be right (A to
B) or left (B to A).

PROGRAM:
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Scanner;
public class CeaserCipher {
static Scanner sc=new Scanner(System.in);
static BufferedReader br = new BufferedReader(new InputStreamReader(System.in)); public
static void main(String[] args) throws IOException {
// TODO code application logic here
System.out.print("Enter any String: ");
String str = br.readLine();
System.out.print("\nEnter the Key: ");
int key = sc.nextInt();
String encrypted = encrypt(str, key); System.out.println("\
nEncrypted String is: " +encrypted); String decrypted =
decrypt(encrypted, key); System.out.println("\nDecrypted
String is: "
+decrypted); System.out.println("\n");
}
public static String encrypt(String str, int key)

{ String encrypted = "";

for(int i = 0; i < str.length(); i++) { int c
= str.charAt(i);
if (Character.isUpperCase(c)) { c =
c + (key % 26);
 CNS Lab

if (c > 'Z')
c = c - 26;
}
else if (Character.isLowerCase(c)) {
c = c + (key % 26);
if (c > 'z')
c = c - 26;
}
encrypted += (char) c;
}
return encrypted;
}
public static String decrypt(String str, int key)
{ String decrypted = "";
for(int i = 0; i < str.length(); i++)
{ int c = str.charAt(i);
if (Character.isUpperCase(c)) {
c = c - (key % 26);
if (c < 'A')
c = c + 26;
}
else if (Character.isLowerCase(c)) {
c = c - (key % 26);
if (c < 'a')
c = c + 26;
}

decrypted += (char) c;
}
return decrypted;
}
}

Output:
Enter any String: Hello World
Enter the Key: 5
Encrypted String is: MjqqtBtwqi
Decrypted String is: Hello World

Substitution Cipher:
Substitution ciphers encrypt the plaintext by swapping each letter or symbol in the plaintext by a
different symbol as directed by the key. Perhaps the simplest substitution cipher is the Caesar cipher,
named after the man who used it. To modern readers, the Caesar cipher is perhaps better known
through the Captain Midnight Code-O-Graph and secret decoder rings that even came inside Kix
cereal boxes. Technically speaking, the Caesar cipher may be differentiated from other, more complex
substitution ciphers by terming it either a shift cipher or a mono-alphabetic cipher; both are correct.
 CNS Lab

PROGRAM:
import java.io.*;
import java.util.*;
public class SubstitutionCipher {
static Scanner sc = new Scanner(System.in);
static BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
public static void main(String[] args) throws IOException {
// TODO code application logic here
String a = "abcdefghijklmnopqrstuvwxyz";
String b = "zyxwvutsrqponmlkjihgfedcba";
System.out.print("Enter any string: ");
String str = br.readLine();
String decrypt = "";
char c;
for(int i=0;i<str.length();i++)
{
c = str.charAt(i);
int j = a.indexOf(c);
decrypt = decrypt+b.charAt(j);
}
System.out.println("The encrypted data is: " +decrypt);
}
}

Output:
Enter any string: aceho
The encrypted data is: zxvsl

Hill Cipher:
Hill cipher is a polygraphic substitution cipher based on linear algebra.Each letter is represented by a
number modulo 26. Often the simple scheme A = 0, B = 1, …, Z = 25 is used, but this is not an
essential feature of the cipher. To encrypt a message, each block of n letters (considered as an n-
component vector) is multiplied by an invertible n × n matrix, against modulus 26. To decrypt the
message, each block is multiplied by the inverse of the matrix used for encryption.

PROGRAM:
import java.io.*;
import java.util.*;
import java.io.*;
public class HillCipher
{
static float[][] decrypt = new float[3][1];
static float[][] a = new float[3][3]; static
float[][] b = new float[3][3]; static float[]
[] mes = new float[3][1]; static float[][]
res = new float[3][1];
static BufferedReader br = new BufferedReader(new
InputStreamReader(System.in)); static Scanner sc = new Scanner(System.in);
public static void main(String[] args) throws IOException {
// TODO code application
logic here getkeymes();
 CNS Lab

for(int i=0;i<3;i++) for(int j=0;j<1;j++)

for(int k=0;k<3;k++) { res[i][j]=res[i][j]
+a[i][k]*mes[k][j]; } System.out.print("\
nEncrypted string is :
");

for(int i=0;i<3;i++) { System.out.print((char)

(res[i][0]%26+97)); res[i][0]=res[i][0];
}
inverse();
for(int i=0;i<3;i++)
for(int j=0;j<1;j++)
for(int k=0;k<3;k++) {
decrypt[i][j] = decrypt[i][j]+b[i][k]*res[k][j]; }
System.out.print("\nDecrypted string is : ");
for(int i=0;i<3;i++){ System.out.print((char)
(decrypt[i][0]%26+97));
}
System.out.print("\n");
}
public static void getkeymes() throws IOException
{ System.out.println("Enter 3x3 matrix for key (It should be inversible): ");
for(int i=0;i<3;i++)
for(int j=0;j<3;j++) a[i]
[j] = sc.nextFloat();
System.out.print("\nEnter a 3 letter string: ");
String msg = br.readLine();
for(int i=0;i<3;i++)
mes[i][0] = msg.charAt(i)-97;
}
public static void inverse() {
floatp,q;
float[][] c = a;
for(int i=0;i<3;i++)
for(int j=0;j<3;j++) {
//a[i][j]=sc.nextFloat();
if(i==j)
b[i][j]=1;
else b[i][j]=0;
}
for(int k=0;k<3;k++)
{ for(int i=0;i<3;i++) {
p = c[i][k];
q = c[k][k];
for(int j=0;j<3;j++) {
if(i!=k) { c[i][j] = c[i][j]*q-p*c[k][j];
b[i][j] = b[i][j]*q-p*b[k][j];
}}}}
for(int i=0;i<3;i++)
for(int j=0;j<3;j++)
{ b[i][j] = b[i][j]/c[i][i];
} System.out.println("");
 CNS Lab

System.out.println("\nInverse Matrix is : ");

for(int i=0;i<3;i++) {
for(int j=0;j<3;j++)
System.out.print(b[i][j] + " ");
System.out.print("\n"); }
}}

Output:

Enter a 3 letter string: hai

Encrypted string is :fdx
Inverse Matrix is :
0.083333336 0.41666666 -0.33333334
-0.41666666 -0.083333336 0.6666667
0.5833333 -0.083333336 -0.33333334
Decrypted string is: hai