Practical - 1

Subject Network security

Demonstrate and analyze network security

tools: CrypTool , Wireshark.

CrypTool is a free, open-source cryptography education and research software that

allows users to experiment with various cryptographic algorithms and protocols. It
provides a user-friendly interface that allows users to easily perform cryptographic
operations, such as encryption, decryption, hashing, and digital signatures. CrypTool
also includes a range of cryptographic tools and resources, such as a random
number generator, a key generator, and a cryptanalysis tool.

Wireshark is a free, open-source network protocol analyzer that allows users to

capture and analyze network traffic in real-time. It provides a wide range of features
and tools for analyzing network protocols, including support for a large number of
protocols, the ability to decode and dissect packets, and the ability to display packets

Practical - 1 1
 in a variety of formats. Wireshark also includes a range of filters and statistical tools
that can be used to identify and analyze specific types of network traffic.

Both CrypTool and Wireshark are useful tools for network security professionals, as
they allow users to experiment with and analyze various cryptographic algorithms
and protocols, as well as capture and analyze network traffic in real-time. They can
be used to identify and troubleshoot security issues, as well as to educate users
about the fundamentals of cryptography and network security.

Practical - 1 2
 Practical - 2
Subject Network security

Demonstrate and analyze substitution

techniques using CrypTool.
To demonstrate and analyze substitution techniques using CrypTool, you can follow
these steps:

1. Launch CrypTool and select the "Substitution Techniques" option from the main
menu.

2. Select the substitution technique you want to use from the list of available
techniques. For example, you can choose the Caesar cipher or the Vigenère
cipher.

Practical - 2 1
 3. Enter the plaintext message you want to encrypt in the input field.

4. Enter the key for the substitution technique in the key field. The key is a secret
value that determines how the plaintext message is transformed into the
ciphertext.

Practical - 2 2
 5. Click the "Encrypt" button to encrypt the plaintext message. The encrypted
message (ciphertext) will be displayed in the output field.

6. To decrypt the ciphertext, simply enter the ciphertext in the input field and the
key in the key field, and click the "Decrypt" button. The decrypted message
(plaintext) will be displayed in the output field.

Practical - 2 3
 7. You can also use the "Analyze" button to perform various cryptographic analyses
on the substitution technique, such as statistical analysis, frequency analysis,
and pattern analysis.

By using CrypTool to demonstrate and analyze substitution techniques, you can

learn how these algorithms work and how to use them effectively for encryption and
decryption. You can also use CrypTool to explore the strengths and weaknesses of
different substitution techniques, and to experiment with different cryptographic
techniques and protocols.

Practical - 2 4
 Practical - 3
Subject Network security

Demonstrate and analyze Block cipher

techniques using CrypTool
To demonstrate and analyze block cipher techniques using CrypTool, you can follow
these steps:

1. Launch CrypTool and select the "Block Cipher Techniques" option from the main
menu.

2. Select the block cipher algorithm you want to use from the list of available
algorithms. For example, you can choose AES (Advanced Encryption Standard)
or DES (Data Encryption Standard).

Practical - 3 1
 3. Enter the plaintext message you want to encrypt in the input field.

4. Enter the key for the block cipher algorithm in the key field.

Practical - 3 2
 5. Click the "Encrypt" button to encrypt the plaintext message. The encrypted
message (ciphertext) will be displayed in the output field.

6. To decrypt the ciphertext, simply enter the ciphertext in the input field and the
key in the key field, and click the "Decrypt" button. The decrypted message
(plaintext) will be displayed in the output field.

Practical - 3 3
 7. You can also use the "Analyze" button to perform various cryptographic analyses
on the block cipher algorithm, such as statistical analysis, differential analysis,
and linear analysis.

By using CrypTool to demonstrate and analyze block cipher techniques, you can
learn how these algorithms work and how to use them effectively for encryption and
decryption. You can also use CrypTool to explore the strengths and weaknesses of
different block cipher algorithms, and to experiment with different cryptographic
techniques and protocols.

Practical - 3 4
 Practical - 4
Subject Network security

Demonstrate and analyze MD5 algorithm

using CrypTool and implement MD5.
To demonstrate and analyze the MD5 (Message-Digest Algorithm 5) algorithm using
CrypTool, you can follow these steps:

1. Launch CrypTool and select the "MD5" option from the main menu.

2. Enter the plaintext message you want to hash in the input field.

Practical - 4 1
 3. Click the "Compute Hash" button to generate the MD5 hash of the plaintext
message. The hash value will be displayed in the output field.

4. You can also use the "Compare Hashes" button to compare the hash value of
the plaintext message with a known hash value. This can be useful for verifying
the integrity of a message or for detecting tampering.

Practical - 4 2
 To implement the MD5 algorithm, you can use the following pseudocode as a
reference:

// Input: message M of length L

// Output: hash value H

// Constants
const uint32_t T[64] = {...}
const uint32_t s[64] = {...}
const uint32_t r[64] = {...}

// Initialize hash value

uint32_t H[4] = {0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476}

// Pad message
L = L * 8 // convert message length to bits
M[L div 8] = 0x80 // append a single '1' bit
L = L + 1
while (L mod 512 != 448) {
M[L div 8] = 0x00 // append '0' bits
L = L + 8
}
M[L div 8] = L mod (2^64) // append original length in bits as 64-bit integer

// Process message in blocks

for i = 0 to (L // 512) - 1 {
// Initialize working variables
uint32_t a = H[0]
uint32_t b = H[1]
uint32_t c = H[2]
uint32_t d = H[3]

// Process block

Practical - 4 3
 for j = 0 to 63 {
if j <= 15 {
F = (b and c) or ((not b) and d)
g = j
} else if j <= 31 {
F = (d and b) or ((not d) and c)
g = (5*j + 1) mod 16
} else if j <= 47 {
F = b xor c xor d
g = (3*j + 5) mod 16
} else {
F = c xor (b or (not d))
g = (7*j) mod 16
}
temp = d
d = c
c = b
b = b + leftrotate((a + F + T[j] + M[i*512 + g]), s[j])
a = temp
}

// Add this block's hash to result so far

H[0] = a + H[0]
H[1] = b + H[1]
H[2] = c + H[2]
H[3] = d + H[3]
}

// Output the final hash value

return H

Practical - 4 4
 Practical - 5
Subject Network security

Demonstrate and analyze SHA algorithm

using Cryptool and implement SHA.
To demonstrate and analyze the SHA (Secure Hash Algorithm) algorithm using
CrypTool, you can follow these steps:

1. Launch CrypTool and select the "SHA" option from the main menu.

2. Select the version of the SHA algorithm you want to use from the list of available
algorithms. For example, you can choose SHA-1, SHA-2, or SHA-3.

3. Enter the plaintext message you want to hash in the input field.

Practical - 5 1
 4. Click the "Compute Hash" button to generate the SHA hash of the plaintext
message. The hash value will be displayed in the output field.

5. You can also use the "Compare Hashes" button to compare the hash value of
the plaintext message with a known hash value. This can be useful for verifying
the integrity of a message or for detecting tampering.

Practical - 5 2
 To implement the SHA algorithm, you can use the following pseudocode as a
reference:

// Input: message M of length L

// Output: hash value H

// Constants
const uint32_t K[64] = {...}
const uint32_t H[8] = {...}

// Pad message
L = L * 8 // convert message length to bits
M[L div 8] = 0x80 // append a single '1' bit
L = L + 1
while (L mod 512 != 448) {
M[L div 8] = 0x00 // append '0' bits
L = L + 8
}
M[L div 8] = L mod (2^64) // append original length in bits as 64-bit integer

// Process message in blocks

for i = 0 to (L // 512) - 1 {
// Initialize working variables
uint32_t a = H[0]
uint32_t b = H[1]
uint32_t c = H[2]
uint32_t d = H[3]
uint32_t e = H[4]
uint32_t f = H[5]
uint32_t g = H[6]
uint32_t h = H[7]

// Process block

Practical - 5 3
 uint32_t W[64]
for j = 0 to 15 {
W[j] = M[i*512 + j*32 : j*32 + 32] // get 32-bit words
}
for j = 16 to 63 {
W[j] = (W[j-16] + s0(W[j-15]) + W[j-7] + s1(W[j-2])) mod (2^32)
}
for j = 0 to 63 {
T1 = h + S1(e) + Ch(e,f,g) + K[j] + W[j]
T2 = S0(a) + Maj(a,b,c)
h = g
g = f
f = e
e = (d + T1) mod (2^32)
d = c
c = b
b = a
a = (T1 + T2) mod (2^32)
}

// Add this block's hash to result so far

H[0] = a + H[0]
H[1] = b + H[1]
H[2] = c + H[2]
H[3] = d + H[3]
H[4] = e + H[4]
H[5] = f + H[5]
H[6] = g + H[6]
H[7] = h + H[7]
}

// Output the final hash value

return H

This pseudocode should give you an idea of how the SHA algorithm works and how
to implement it in your own code. Please note that the specific values for the
constants and functions (such as K, H, s0, s1, Ch, Maj, and S0) will depend on the
version of the SHA algorithm you are using.

Practical - 5 4
 Practical - 6
Subject Network security

Demonstrate and analyze HMAC using

cryptool
To demonstrate and analyze HMAC (Hash-based Message Authentication Code)
using CrypTool, you can follow these steps:

1. Launch CrypTool and select the "HMAC" option from the main menu.

2. Select the hash function you want to use for the HMAC from the list of available
functions. For example, you can choose MD5, SHA-1, or SHA-2.

3. Enter the plaintext message you want to authenticate in the input field.

Practical - 6 1
 4. Enter the secret key for the HMAC in the key field. The key is used to generate
the HMAC value and should be kept secret.

5. Click the "Compute HMAC" button to generate the HMAC value for the plaintext
message. The HMAC value will be displayed in the output field.

Practical - 6 2
 6. You can also use the "Compare HMAC" button to compare the HMAC value of
the plaintext message with a known HMAC value. This can be useful for
verifying the authenticity and integrity of a message.

Practical - 6 3
 Practical - 7
Subject Network security

Demonstrate and analyze digital signature

algorithm.
To demonstrate and analyze digital signature algorithms using CrypTool, you can
follow these steps:

1. Launch CrypTool and select the "Digital Signatures" option from the main menu.

2. Select the digital signature algorithm you want to use from the list of available
algorithms. For example, you can choose RSA, DSA (Digital Signature
Algorithm), or ECDSA (Elliptic Curve Digital Signature Algorithm).

Practical - 7 1
 3. Enter the plaintext message you want to sign in the input field.

4. Enter the private key for the digital signature algorithm in the key field. The
private key is used to generate the signature and should be kept secret.

Practical - 7 2
 5. Click the "Sign" button to generate the digital signature for the plaintext
message. The signature will be displayed in the output field.

6. To verify the signature, enter the plaintext message and the signature in the
input fields, and enter the public key for the digital signature algorithm in the key
field. Click the "Verify" button to verify the signature. If the signature is valid, a
message will be displayed indicating that the signature is valid.

Practical - 7 3
Practical - 7 4
 Practical - 8
Subject Network security

Demonstrate and analyze TCP/UDP

packets using Wireshark and implement
TCP/IP client
server connection
Demonstrate and analyze TCP/UDP packets using Wireshark:
1. Install Wireshark on your system. You can download it from
https://www.wireshark.org/.

Practical - 8 1
 2. Start Wireshark and select the interface that you want to capture packets on. For
example, if you want to capture packets on your Wi-Fi interface, select it from
the list of available interfaces.

3. Start capturing packets by clicking the "Start" button in the top left corner of the
Wireshark window.

4. Generate some traffic by browsing the internet or pinging a website. This will
generate some TCP and UDP packets that you can analyze in Wireshark.

Practical - 8 2
 5. Stop capturing packets by clicking the "Stop" button in the top left corner of the
Wireshark window.

6. You can now analyze the packets that were captured by Wireshark. In the
"Packet List" pane, you can see a list of all the packets that were captured. You
can select a packet to view its details in the "Packet Details" and "Packet Bytes"
panes.

Practical - 8 3
 To implement a TCP/IP client-server connection, you can use a
programming language such as Python, C, or Java. Here is an
example of how you can implement a simple TCP/IP client-
server connection in Python:

Server code :

import socket

# Create a TCP/IP socket

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Bind the socket to a port

server_address = ('localhost', 10000)
sock.bind(server_address)

# Listen for incoming connections

sock.listen(1)

while True:
# Wait for a connection
print('Waiting for a connection...')
connection, client_address = sock.accept()
try:
print('Connection from', client_address)

# Receive data in small chunks and send it back

while True:
data = connection.recv(16)
print('Received', data)
if data:
print('Sending data back to the client')
connection.sendall(data)
else:
print('No data received')
break

finally:
# Clean up the connection
connection.close()

Client code :

import socket

# Create a TCP/IP socket

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

Practical - 8 4
 # Connect the socket to the server
server_address = ('localhost', 10000)
sock.connect(server_address)

try:
# Send data
message = 'This is the message. It will be repeated.'
sock.sendall(bytes(message, 'utf-8'))

# Look for the response

amount_received = 0
amount_expected = len(message)

while amount_received < amount_expected:

data = sock.recv(16)
amount_received += len(data)
print('Received', data)

finally:
sock.close()

This is a very basic example, but it should give you an idea of how to implement a
TCP/IP client-server connection in Python. You can then use Wireshark to analyze
the packets that are exchanged between the client and server during the TCP/IP
connection. You can use the filters in Wireshark to display only the packets that are
relevant to your analysis, and you can use the various views and panes in Wireshark
to view the details of each packet. This will help you to understand how the TCP/IP
connection is established and maintained, and it will also allow you to troubleshoot
any issues that may arise during the connection.

Practical - 8 5
 Practical - 9
Subject Network security

Study and Implement Secure socket layer

SSL/TSL.
Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are
cryptographic protocols that provide secure communication over the internet. They
are widely used to secure communications between web browsers and servers, as
well as other types of communications such as email and messaging.

SSL/TLS works by establishing a secure connection between two parties using a

combination of public and private keys. The client and server exchange public keys
to establish a secure connection, and then use the private keys to encrypt and
decrypt the data that is transmitted over the connection. This ensures that the data is
protected from unauthorized access and tampering.

To implement SSL/TLS, you will need to use a programming

language such as Python, C, or Java. Here is an example of how
you can implement SSL/TLS in Python:

import ssl

context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain('server.crt', 'server.key')

server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

server.bind(('localhost', 10000))
server.listen()

while True:
client, address = server.accept()
client_ssl = context.wrap_socket(client, server_side=True)
try:
data = client_ssl.recv(1024)
client_ssl.sendall(data)
finally:
client_ssl.close()

Practical - 9 1
 This code creates an SSL/TLS context, loads a certificate and private key, and binds
them to a server socket. It then listens for incoming connections and establishes a
secure connection with the client using the SSL/TLS context. The data received from
the client is then encrypted and decrypted using the certificate and private key, and
is sent back to the client.

You can use similar code to implement SSL/TLS in a client application. You will need
to load a certificate and private key, and use them to establish a secure connection
with a server.

Practical - 9 2
 Practial - 10
Subject Network security

To study different Malicious Software and

firewall.
Malicious software (malware):
Definition: Malicious software, or malware, is any software that is designed to
harm or exploit a computer system. Malware can be used to gain unauthorized
access to a computer, steal sensitive data, disrupt business operations, or cause
other types of damage. There are many types of malware, including viruses,
worms, Trojan horses, ransomware, and spyware

Viruses: A virus is a type of malware that is designed to replicate itself and

spread from one computer to another. It can infect a computer by attaching itself
to a file or program and replicating when the file or program is opened or
executed. Viruses can be transmitted through email attachments, file downloads,
or infected media such as USB drives. They can cause harm to a computer by
deleting or corrupting files, altering system settings, or stealing sensitive data.

Worms: A worm is a type of malware that is similar to a virus, but it is able to

replicate and spread without the need for a host file or program. It can propagate
through networks and infect multiple computers by exploiting vulnerabilities in
operating systems or applications. Worms can cause harm to a computer by
consuming resources, slowing down performance, or spreading malware to
other computers.

Trojan horses: A Trojan horse, or Trojan, is a type of malware that is disguised

as legitimate software and is often downloaded and installed by unsuspecting
users. It can be used to gain unauthorized access to a computer system or to
steal sensitive data. Trojans can be transmitted through email attachments, file
downloads, or infected websites. They can also be hidden in legitimate software
or delivered through phishing attacks.

Ransomware: Ransomware is a type of malware that encrypts a victim's files

and demands payment in exchange for the decryption key. It can be transmitted

Practial - 10 1
 through email attachments or infected websites, and it can also be delivered
through phishing attacks or malicious ads. Ransomware can cause significant
damage to a victim's computer, as it can prevent access to important data and
disrupt business operations.

Spyware: Spyware is a type of malware that is designed to collect information

about a user's online activity and transmit it to third parties without the user's
knowledge. It can be installed through email attachments, file downloads, or
infected websites. Spyware can track a user's browsing habits, log keystrokes,
or capture sensitive data such as passwords and financial information.

Firewalls:
A firewall is a security system that controls incoming and outgoing network traffic
based on predetermined security rules. It acts as a barrier between a trusted
network and an untrusted network, such as the internet. Firewalls can be configured
to allow or block certain types of traffic, based on criteria such as the source or
destination of the traffic, the port number, or the protocol being used.

There are two main types of firewalls: hardware-based and software-based.

Hardware firewalls are standalone devices that are installed between a network and
the internet. They can be configured to protect a single computer or an entire
network. Hardware firewalls are often used in enterprise environments and can
provide a high level of security.

Software firewalls are programs that are installed on a computer and can be
configured to protect the individual computer or to control network traffic. Software
firewalls are often bundled with operating systems or antivirus software and can be
used to protect personal computers or small networks.

In addition to blocking or allowing traffic, firewalls can also be configured to monitor

and log traffic, alert administrators to suspicious activity, or take other actions to
protect a network. For example, a firewall can be configured to block traffic from
known malicious IP addresses or to alert an administrator when there is a sudden
increase in traffic from a particular source.

Firewalls are often used to prevent unauthorized access to a network and to protect
against malware. They can be configured to block incoming traffic from known
malicious sources, such as IP addresses or domain names, and to allow outgoing

Practial - 10 2
 traffic to trusted destinations. Firewalls can also be used to enforce security policies,
such as requiring authentication for certain types of access or restricting access to
certain websites or services.

Practial - 10 3