Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
PRACTICAL NO: 1
AIM: To gather information about PCs connected to the LAN using tools like
who is, port scanners, network scanning, and Angry IP Scanner.
OBJECTIVE: To understand network topology and retrieve detailed information
about connected devices, including IP addresses, open ports, and services.
REQUIREMENTS:
Kali Linux installed on VirtualBox
Tools: whois, nmap, Angry IP Scanner
A PC connected to the same LAN
Internet connection THEORY:
Who is
Who is searches for an object in a WHOIS database. WHOIS is a query and
response protocol widely used for querying databases that store the registered
users of an Internet resource, such as a domain name or an IP address block,
but it is also used for a wider range of other information. Most modern
versions of whois try to guess the right server to ask for the specified object. If
no guess can be made, whois will connect to [Link] for
NIC handles or [Link] for IPv4 addresses and network names.
Examples:
Obtaining the domain WHOIS record for [Link]
WHOIS record by IP querying
Querying WHOIS in Google search engine
To use the Whois lookup tool, just enter the domain name whose information
you'd like to view into the search field on the Whois main
page. You can retrieve key data about a domain in this way, including
availability, domain owner lookup, and creation and expiration details. If you
own multiple domains, it can be helpful to download exportable lists from the
tool to analyze large amounts of domain data.
1
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Implementation:
Step 1: Search whois in the web browser Step 2: Open the whois tool
Step 3: Enter the domain name or IP address of the device whose information
you want to gather using a plugin called Shodan.
2
�Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
3
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Port Scanners:
Port scanners are essential tools in network security and administration. They
identify open ports on a network and determine the services running on them.
4
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Each port corresponds to a specific service (e.g., HTTP runs on port 80).
Detecting open ports helps administrators secure the network and identify
vulnerabilities.
Zenmap is the official graphical user interface (GUI) for Nmap, a popular
opensource network scanner. Zenmap provides a user- friendly way to perform
network scans, visualize results, and save configurations for reuse.
Features of Zenmap:
Performs a variety of scans like Quick Scan, Intense Scan, and Ping Scan.
Visualizes the network topology graphically.
Offers customizable profiles for scan automation.
Displays results in multiple formats, including plain text, XML, and graphs.
Implementation Steps (Using Zenmap):
Launch Zenmap: Open Zenmap on your computer.
Target Selection: In the "Target" field, enter the IP address or IP range to scan
(e.g., [Link]/24).
Profile Selection: Choose a predefined scan profile from the "Profile" dropdown
menu (e.g., Quick Scan or Intense Scan). For detailed results, select "Intense
Scan."
Start Scan: Click the "Scan" button to initiate the process. Zenmap will begin
scanning the target and display progress.
Review Results:
Switch to the "Nmap Output" tab to view detailed information about open
ports, services, and OS details.
5
�Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
6
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Check the "Topology" tab for a graphical representation of the network.
Check the "Topology" tab for a graphical representation of the network.
Save Results: Save the scan results for future reference by clicking "Scan >
Save
Scan."
Angry IP Scanner
Angry IP Scanner is a lightweight and user-friendly network scanner. It scans IP
addresses and ports to detect active hosts and retrieve additional information
like MAC addresses and hostnames. Unlike Zenmap, Angry IP Scanner is
designed for simplicity and quick scans, making it suitable for smaller networks
or fast reconnaissance
Features of Angry IP Scanner:
Scans a range of IP addresses and detects active hosts.
7
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Provides additional details like MAC addresses and NetBIOS information.
Supports exporting results in multiple formats (CSV, TXT, etc.).
Allows adding custom "fetchers" to extend its functionality.
Implementation Steps (Using Angry IP Scanner):
Launch Angry IP Scanner: Open the application.
Set IP Range:
In the "IP Range" fields, enter the starting and ending IP addresses to scan
(e.g., [Link] to [Link]).
Add Fetchers:
Navigate to "Tools > Fetchers" to add extra details like MAC addresses,
NetBIOS names, or open ports.
Start Scanning: Click the "Start" button to initiate the scan. Angry IP Scanner will
ping each IP and check for active hosts.
8
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
5) Review Results:
Active hosts are marked with green dots, while inactive ones are marked red.
Additional information like open ports, MAC addresses, and hostnames is
displayed in the results table.
6) Save or Export Results:
Save the scan results by clicking "File > Save As."
Export data in formats like CSV or TXT for documentation.
9
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
PRACTICAL NO: 2
AIM: To configure and experiment with firewall and proxy packages like
iptables and squid on Kali Linux.
OBJECTIVE: To understand firewall rules, packet filtering, and proxy server
configurations for managing network traffic.
REQUIREMENTS:
Kali Linux installed on VirtualBox
Tools: iptables, squid
Internet connection
Firewall and iptables
A firewall is a network security system designed to monitor and control
incoming and outgoing network traffic based on predefined security rules.
Firewalls can be hardware-based, software-based, or a combination of both.
They act as barriers between secure and unsecured networks, protecting
systems from malicious traffic and unauthorized access.
iptables is a command-line utility in Linux that allows administrators to
configure the Linux kernel firewall, which is part of the Netfilter framework. It
uses tables, chains, and rules to filter and manipulate network packets.
Tables
Filter Table: Default table for most operations. It has three chains: INPUT,
FORWARD, and OUTPUT.
10
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
NAT Table: Used for network address translation, e.g., redirecting traffic.
Mangle Table: Used for modifying packet headers.
Chains:
Chains are lists of rules that match packets.
Default chains include INPUT, FORWARD, and OUTPUT.
Rules:
Rules define what action to take on packets that match specific criteria (e.g.,
accept, drop, reject).
Advantages of iptables:
Fine-grained control over network traffic.
Ability to set up NAT, port forwarding, and packet logging.
Highly customizable for complex network configurations.
Squid Proxy Server: Squid is an open-source proxy server that caches web
content to improve performance and filter traffic. It acts as an intermediary
between users and the internet, ensuring security and control over network
usage.
Implementation:
Setting up iptables:
View Current Rules: iptables
-L
11
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Block a particular Port Number:
iptables -A INPUT -p tcp --dport 443 -j DROP
12
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Save Rules:
iptables-save > /etc/iptables/rules.v4
Restore Rules:
iptables-restore < /etc/iptables/rules.v4
PRACTICAL NO: 3
AIM: To hide and extract information within multimedia files using
steganography.
OBJECTIVE: To understand The principles of steganography and apply them to
securely embed and retrieve data in files.
REQUIREMENTS:
Kali Linux installed on VirtualBox
Tools: steghide, stegsolve
13
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Internet connection
A multimedia file (image or audio) THEORY:
Steganography
Steganography is the practice of concealing messages within another medium,
such as images, audio, or video files. Unlike cryptography, which makes the
message unreadable, steganography aims to make the message invisible to the
naked eye.
Steganography works by embedding information in non-visible portions of a
file. In images, this is typically done in the least significant bits (LSB) of pixel
data, ensuring that the visual representation remains unchanged to the human
eye. In audio files, steganography embeds data in frequency spectrums beyond
the range of human hearing.
Steghide
Steghide is a steganography tool that allows users to hide and retrieve data in
various file formats, such as BMP, JPEG, WAV, and AU. It compresses and
encrypts the hidden data, providing additional security. Steghide uses
passphrases to ensure only authorized users can access the embedded data.
Features of Steghide:
Data Compression and Encryption: Steghide compresses the data before
embedding, reducing the file size. Encryption ensures that unauthorized users
cannot access the hidden information.
File Format Support: It supports common file formats, making it versatile for
different use cases.
14
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Minimal Alteration: The tool ensures minimal distortion of the carrier file,
preserving its original quality.
Implementation of Steganography:
Embedding Data:
steghide embed -cf [Link] -ef [Link] -p password -
cf: Specifies the carrier file.
-ef: Specifies the file to embed.
-p: Sets the passphrase for encryption.
Extracting Data: steghide extract -sf
[Link] -p password
-sf: Specifies the stego file (carrier with embedded data).
15
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
PRACTICAL NO: 4
AIM: To implement a Man-in-the-Middle (MITM) attack using network sniffers
like Ettercap and understand how data can be intercepted and analyzed during
transit.
OBJECTIVE: To learn about MITM attacks and demonstrate how a network
sniffer like Ettercap can be used to intercept traffic between two devices on a
network.
REQUIREMENTS:
Kali Linux installed on VirtualBox
Tools: Ettercap
A local network with at least two connected devices
THEORY:
Man-in-the-Middle (MITM) Attacks
A Man-in-the-Middle (MITM) attack occurs when an attacker secretly
intercepts and possibly alters communication between two parties who
believe they are directly communicating with each other. The attacker
can eavesdrop on the conversation, steal sensitive data, or inject
malicious content into the communication stream.
Key Concepts of MITM Attack:
ARP Spoofing: Address Resolution Protocol (ARP) spoofing is a
common technique used in MITM attacks. The attacker sends fake
16
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
ARP responses to associate their MAC address with the IP address
of a target device.
Packet Sniffing: After redirecting traffic, the attacker captures
data packets using tools like Ettercap, Wireshark, or
tcpdump.
Data Interception and Modification: Once the traffic passes
through the attacker’s device, they can read, modify, or even block
data in transit.
Features of Ettercap:
Performs ARP spoofing and DNS spoofing.
Captures network traffic and displays data in real-time.
• Provides plugins for advanced attack techniques.
• Supports both graphical (GUI) and command-line (CLI)
interfaces.
Implementation Steps:
Step 1: Configure Network Setup
• Ensure that Ettercap is installed on Kali Linux.
• Connect the Kali Linux machine and the target devices to the
same network.
Step 2: Launch Ettercap
1. Open Ettercap with root privileges:
17
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
2. Select the network interface (e.g., eth0 or wlan0) from the "Sniff"
menu.
Step 3: Scan for Hosts
1. From the "Hosts" menu, select "Scan for Hosts."
2. View the list of active hosts by selecting "Hosts List."
18
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Step 4: Set Targets
1. Add the victim’s IP address as Target 1.
2. Add the gateway/router IP address as Target 2.
Step 5: Start ARP Spoofing
1. Navigate to "Mitm > ARP Poisoning."
19
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
2. Enable the option "Sniff remote connections."
Step 6: Monitor Traffic
• View intercepted packets in real-time from the "Messages"
window.
20
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Step 7: Analyze Captured Data
• Analyze sensitive data like usernames, passwords, or cookies by
inspecting the packets.
• Save the captured data for further analysis.
Step 8: Stop the Attack
1. Stop sniffing by selecting "Stop > Stop Sniffing."
2. Clear ARP spoofing effects by rebooting the network or using
ARP restoration tools.
21
�Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
22
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
PRACTICAL NO: 5
AIM: To implement and understand Windows security features using the
firewall and other security measures, ensuring network protection and safe
data usage.
OBJECTIVE: To learn the configuration of the Windows Firewall to control
inbound and outbound traffic and configure additional security measures like
Windows Defender, network policies, and access controls.
REQUIREMENTS:
computer with Windows OS (Windows 10 or later preferred).
Administrator privileges for making system-level changes.
Internet connectivity for updates.
Access to Windows Defender and firewall configuration settings.
THEORY:
Firewalls
A firewall is a critical security system that acts as a barrier between a trusted
internal network and untrusted external networks like the Internet. Firewalls
monitor and control incoming and outgoing network traffic based on security
policies.
Importance of Firewalls:
Prevent unauthorized access to a network or system.
Protect sensitive data from being accessed or stolen.
Mitigate risks from malware and other malicious activities.
Types of Firewalls:
Packet-Filtering Firewall: Filters packets based on source/destination IP,
port, and protocol.
Stateful Inspection Firewall: Tracks the state of active connections and
makes decisions based on the connection's context.
Application Layer Firewall: Operates at the application layer and filters traffic
based on specific applications.
Features of Firewalls:
Logging and reporting capabilities to monitor security events.
Intrusion prevention by blocking known malicious activities.
23
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Network Address Translation (NAT) for hiding internal network details.
Windows Firewall
Windows Firewall is a built-in security feature in the Microsoft Windows
operating system. It is a host-based firewall designed to filter incoming and
outgoing traffic and protect the system from potential threats.
Key Features of Windows Firewall:
Profiles: Configures separate rules for domain, private, and public
network profiles.
Inbound and Outbound Rules: Allows users to define which types of
traffic are permitted or blocked.
Logging: Maintains a log of dropped packets and successful connections
for auditing purposes.
Application Control: Lets users specify which applications are allowed or
blocked from accessing the network.
Advantages:
Integrated with the Windows OS, providing seamless operation.
User-friendly graphical interface for rule configuration.
Supports advanced configurations via PowerShell and Group Policy.
Limitations:
Does not replace a network-level firewall for enterprise environments.
May require additional configuration for complex setups.
Windows Defender: Windows Defender is Microsoft's built-in antivirus and
anti-malware solution, designed to protect the system from threats such as
viruses, ransomware, spyware, and phishing attacks. It provides real-time
protection and regularly updated threat definitions to address new
vulnerabilities.
Key Features of Windows Defender:
Real-Time Protection: Continuously monitors the system for suspicious
activities and threats.
24
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Periodic Scanning: Provides quick, full, and custom scan options to detect
and remove malware.
Cloud-Based Protection: Utilizes Microsoft's vast database to identify
emerging threats quickly.
Exploit Protection: Safeguards against attacks targeting software
vulnerabilities.
Firewall Integration: Works in conjunction with Windows Firewall for a
holistic security approach.
Advantages:
Built into the Windows OS, ensuring no additional installation is
required. Lightweight and does not consume excessive system resources.
Free for all Windows users with regular updates.
PROCEDURE:
Open Run Dialog:
Press Win + R to open the Run dialog box.
Access Advanced Firewall Settings:
Type [Link] in the Run dialog and pressing Enter.
1. View Existing Rules:
o Click on Inbound Rules or Outbound Rules in the left pane. o Scroll
through the list to see existing rules.
25
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Create a New Inbound/Outbound Rule:
o Select Inbound Rules (for incoming connections) or Outbound
Rules (for outgoing connections) from the left pane.
e:
26
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Port : Restrict or allow specific ports.
Predefined : Use pre -configured rules. vanced
he Custom right New Rule... parameters. for
In t
pane, : Set click adyour rule.
Select Rule
Type :
27
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
For Scope: Select Local or Remote, then specify the IP address(es
28
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Set Action:
Choose the action for this rule:
Allow the connection: Permit the
connection.
Allow the connection if it is secure: Allow only secure
connections.
29
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Choose the profile(s) where the rule will apply:
Domain: For domain-connected
networks.
Private: For private networks
like home or work.
Public: For public networks like cafes or airports.
30
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
Attempt to use the program or port affected by the rule to confirm
its behaviour.
31
� Subject-Name: Cyber Security
Subject-Code: 303105342
Faculty of Engineering & Technology
B-tech ,CSE Year:3rd,semester:6th
Enrollment no:2203031240881
12,)Edit or Delete Rules (if necessary): o Right-click the rule
and choose Properties to modify settings.
o Select Disable Rule or Delete to deactivate or remove it.
32
