every screenshot of the lab must have my name and student ID written on itName: Manika Tamang (student ID : 190029)
BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney Lab 2 Aim: Study of packet sniffer tools like wireshark, ethereal, tcpdump etc Objectives: To observe the performance in promiscuous & non-promiscuous mode & to find the packets based on different filters. Outcomes: The learner will be able to:- • Identify different packets moving in/out of network using packet sniffer for network analysis. • Understand professional, ethical, legal, security and social issues and responsibilities. Also will be able to analyze the local and global impact of computing on individuals, organizations, and society. • Match the industry requirements in the domains of Database management, Programming and Networking with the required management skills. Hardware / Software Required: Wireshark, Ethereal and tcpdump. Theory: Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets. Applications: • Network administrators use it to troubleshoot network problems • Network security engineers use it to examine security problems • Developers use it to debug protocol implementations • People use it to learn network protocol internals beside these examples can be helpful in many other situations too. Features: The following are some of the many features wireshark provides: • Available for UNIX and Windows. • Capture live packet data from a network interface. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney • Open files containing packet data captured with tcpdump/WinDump, Wireshark, and a number of other packet capture programs. • Import packets from text files containing hex dumps of packet data. • Display packets with very detailed protocol information. • Export some or all packets in a number of capture file formats. • Filter packets on many criteria. • Search for packets on many criteria. • Colorize packet display based on filters. • Create various statistics. Capturing Packets: After downloading and installing wireshark, you can launch it and click the name of an interface under Interface List to start capturing packets on that interface. For example, if you want to capture traffic on the wireless network, click your wireless interface. You can configure advanced features by clicking Capture Options. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney As soon as you click the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system. If you’re capturing on a wireless interface and have promiscuous mode enabled in your capture options, you’ll also see other the other packets on the network. Click the stop capture button near the top left corner of the window when you want to stop capturing traffic. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney Wireshark uses colors to help you identify the types of traffic at a glance. By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black identifies TCP packets with problems — for example, they could have been delivered out-of-order. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney Filtering Packets: If you’re trying to inspect something specific, such as the traffic a program sends when phoning home, it helps to close down all other applications using the network so you can narrow down the traffic. Still, you’ll likely have a large amount of packets to sift through. That’s where Wireshark’s filters come in. The most basic way to apply a filter is by typing it into the filter box at the top of the window and clicking Apply (or pressing Enter). For example, type ―dns and you’ll see only DNS packets. When you start typing, Wireshark will help you autocomplete your filter. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney Another interesting thing you can do is right-click a packet and select Follow TCP Stream. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney You will see the full conversation between the client and the server. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney Close the window and you will find a filter has been applied automatically — Wireshark is showing you the packets that make up the conversation. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney Inspecting Packets: Click a packet to select it and you can dig down to view its details. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney You can also create filters from here — just right-click one of the details and use the Apply as Filter submenu to create a filter based on it. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney Wireshark is an extremely powerful tool, and this tutorial is just scratching the surface of what you can do with it. Professionals use it to debug network protocol implementations, examine security problems and inspect network protocol internals. Conclusion: In this experiment we analyze various packet sniffing tools that monitor network traffic transmitted between legitimate users or in the network. The packet sniffer is network monitoring tool. It is opted for network monitoring, traffic analysis, troubleshooting, Packet grapping, message, protocol analysis, penetration testing and many other purposes. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney Questions: 1. What is packet sniffer? 2. How to sniff passwords with wireshark? 3. List packet sniffing tools other than mentioned above? Submit the screenshots of your lab and the answers to the above questions in a document file (.doc/.pdf) BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney Tutorial #2 Total Marks: 15 (7.5%) Submit your answers to the following questions by Week-3 Friday 5:00PM. Late submissions will incur 5% deduction with each passing day till Week-4 Friday 5:00PM, after which no submissions will be accepted. Warning: Plagiarism is a serious ethical offense with dire consequences. Do not copy and paste from your textbook, online resources, or your friend’s work. Cite and provide reference (Harvard Style) to the original work where applicable. Questions: Q. #1: What is a Hash function? What is its main usage in information security? Perform the following practical task: 1. Go to https://emn178.github.io/online-tools/sha256.html. 2. Enter your full name as input, calculate its SHA256 hash, and share the result. 3. Append a dot (.) to your name, calculate its SHA256 hash, and share your result. 4. Do they match? 5. Remove the dot (.), is the hash value same as before? (2.5 Marks) Q. #2: What is the difference between symmetric and asymmetric cryptography? Perform the following practical task: 1. Pair up with one of your class-mates for this exercise. (If not feasible, get the help from any other friend). Exchange email addresses with your partners. 2. Go to https://www.devglan.com/online-tools/rsa-encryption-decryption. 3. Each student must generate their RSA public and private key pair by using the above link. Email your public key to your partner. (Attach the screenshot of the email that you sent). 4. Copy and paste your private key here in you answer. (Do not share it with your partner) 5. Use your partner’s public key to encrypt a message that must include your name in it. (Hint: Use the left column of the webpage for encryption, and use public key of your friend). The message must not be inappropriate. Example: “I am David and I love to play squash” 6. Email the encrypted message to your partner. Your partner will do the same and will send you an encrypted message. Share the screenshots. 7. Decrypt the encrypted text sent by your partners using the same link. (Hint: Use the right column of the webpage for decryption, and use your private key). Share the screenshot. 8. Were you able to recover the cyphertext? Email the plaintext (recovered text) to your friend. (5 Marks) Q. #3: Write the process of generating Digital Signatures in your own words? Create a flow chart of the process using pen and paper, take its photo and attach. (5 Marks) https://emn178.github.io/online-tools/sha256.html https://www.devglan.com/online-tools/rsa-encryption-decryption BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney Q. #4: What are Digital Certificates and what is their usage? What weakness in Digital signatures led towards Digital Certificates? (2.5 Marks) * Ciampa, M. (2018), Security + Guide to network security fundamentals 6th edn. Cengage Learning, United States. Get access to your e-textbook on Moodle by going to Information Security unit > E-text tile. BISY3006/ISY2003/ISY203 Information Security @ Australian Institute of Higher Education, Sydney Lab 3 Aim: Detect ARP spoofing using open source tool ARPWATCH. Objectives: Objective of the module to find ARP spoofing using open source. Outcomes: The learner will be able to:- • Identify network vulnerability with tool usage. • Also recognize the need of such tool to identify ARP spoofing, and an ability to engage in life-long learning to exploit gained skills and knowledge of contemporary issues. Hardware / Software Required: ARPWATCH Tool Can be installed on Linux using the following command > sudo apt-get install arpwatch Theory: Arpwatch Commands and Usage To watch a specific interface, type the following command with ‗-i‗ and device name. So, whenever a new MAC is plugged or a particular IP is changing his MAC address on the network, you will notice syslog entries at ‗/var/log/syslog‗ or ‗/var/log/message‗ file. Sample Output BISY3006/ISY2003/ISY203