WIRESHARK
Wireshark is a free and open source packet analyzer. It is used for network troubleshooting, analysis,
software and communications protocol development, and education. Originally named Ethereal, the project
was renamed Wireshark in May 2006 due to trademark issues.
FEATURES:
Wireshark is a data capturing program that "understands" the structure (encapsulation) of different
networking protocols. It can parse and display the fields, along with their meanings as specified by different
networking protocols. Wireshark uses pcap to capture packets, so it can only capture packets on the types of
networks that pcap supports.










Data can be captured "from the wire" from a live network connection or read from a file of alreadycaptured packets.
Live data can be read from different types of networks, including Ethernet, IEEE 802.11, PPP,
and loopback.
Captured network data can be browsed via a GUI, or via the terminal (command line) version of the
utility, TShark.
Captured files can be programmatically edited or converted via command-line switches to the "editcap"
program.
Data display can be refined using a display filter.
Plug-ins can be created for dissecting new protocols.
VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding, the media flow
can even be played.
Raw USB traffic can be captured.
Wireless connections can also be filtered as long as they traverse the monitored Ethernet.
Various settings, timers, and filters can be set to provide the facility of filtering the output of the captured
traffic.
NMAP
Nmap (Network Mapper) is a security scanner, originally written by Gordon Lyon (also known by his
pseudonym Fyodor Vaskovich), used to discover hosts and services on a computer network, thus building a
"map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and
then analyzes the responses.The software provides a number of features for probing computer networks,
including host discovery and service and operating-system detection. These features are extensible
by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap
can adapt to network conditions including latency and congestion during a scan. The Nmap
user community continues to develop and refine the tool
Nmap started as a Linux-only utility, but porting to Windows, Solaris, HP-UX, BSD variants
(including macOS), AmigaOS, and IRIX have followed. Linux is the most popular platform, followed
closely by Windows.
NMAP features
1|Page





Host discovery – Identifying hosts on a network. For example, listing the hosts that respond
to TCP and/or ICMP requests or have a particular port open.
Port scanning – Enumerating the open ports on target hosts.
Version detection – Interrogating network services on remote devices to determine application name and
version number.
OS detection – Determining the operating system and hardware characteristics of network devices.
Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming
language.
Nmap can provide further information on targets, including reverse DNS names, device types, and MAC
addresses.
Typical uses of NMAP :






Auditing the security of a device or firewall by identifying the network connections which can be made
to, or through it.
Identifying open ports on a target host in preparation for auditing.
Network inventory, network mapping, and maintenance and asset management.
Auditing the security of a network by identifying new servers.
Generating traffic to hosts on a network, response analysis and response time measurement.
Finding and exploiting vulnerabilities in a network.
NMAP TARGET SELECTION
Scan a single IP
nmap 192.168.1.1
Scan a host
nmap www.testhostname.com
Scan a range of IPs
nmap 192.168.1.1-20
Scan a subnet
nmap 192.168.1.0/24
Scan targets from a text file
nmap -iL list-of-ips.txt
These are all default scans, which will scan 1000 TCP ports. Host discovery will take place
NMAP PORT SELECTION
Scan a single Port
nmap -p 22 192.168.1.1
Scan a range of ports
nmap -p 1-100 192.168.1.1
Scan 100 most common ports (Fast)
nmap -F 192.168.1.1
Scan all 65535 ports
nmap -p- 192.168.1.1
Experiment 1.
USING NMAP
(1)Find Open Ports on a System
2|Page
(2) Find the Machines Which Are Active
(3)Find the Version of Remote OS on Other Systems
(4)Find the Version of S/W Installed On Other System
1. Download Nmap from www.nmap.org and install the Nmap Software with WinPcap Driver utility.
2. Execute the Nmap-Zenmap GUI tool from Program Menu or Desktop Icon.
3. Type the Target Machine IP Address (ie.Guest OS or any website Address)
4. Perform the profiles shown in the utility.
3|Page
Experiment 2.
Perform An Experiment For Port Scanning With NMAP, SUPERSCAN Or Any Other
Software.
Port Scanning is the process of connecting to TCP and UDP port for the purpose of finding which services and
applications are open on the Target Machine.
TCP establishes a connection by using what is called a Three way handshake. The TCP header contains one byte
field for the flags. These flags include the following;
ACK The receiver will send an Ack to acknowledge data.
SYN Setup to begin communication on initial sequence number.
FIN Inform the other host that the sender has no more data to send.
RST Abort operation.
4|Page
PSH Force data delivery without waiting for buffers to fill.
URG Indicate priority data.
The port numbers are unique only within a computer system. Port numbers are 16-bit unsigned numbers. The port
numbers are divided into three ranges: the Well Known Ports (0-1023), the Registered Ports (1024-49151), and
the Dynamic and/or Private Ports (49152-65535).
All the operating systems now honor the tradition of permitting only the super-user open the ports numbered 0 to
1023. Some are listed below:
echo 7/tcp Echo
ftp-data 20/udp File Transfer [Default Data]
ftp 21/tcp File Transfer [Control]
ssh 22/tcp SSH Remote Login Protocol
telnet 23/tcp Telnet
domain 53/udp Domain Name Server
www-http 80/tcp World Wide Web HTTP
Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.
The FIVE port states recognized by Nmap such as:
1. Closed
2. Filtered
3. Unfiltered
4. Open-Filtered
5. Closed-Filter
The six port states recognized by NMAP

Open: An application is actively accepting TCP connections, UDP datagrams or SCTP associations on
this port. Finding these is often the primary goal of port scanning. Security-minded people know that
each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while
administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports
are also interesting for non-security scans because they show services available for use on the network.

Closed: A closed port is accessible (it receives and responds to Nmap probe packets), but there is no
application listening on it. They can be helpful in showing that a host is up on an IP address (host
discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be
worth scanning later in case some open up. Administrators may want to consider blocking such ports
with a firewall. Then they would appear in the filtered state, discussed next.

Filtered: map cannot determine whether the port is open because packet filtering prevents its probes from
reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based
firewall software. These ports frustrate attackers because they provide so little information. Sometimes
they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication
administratively prohibited), but filters that simply drop probes without responding are far more
common. This forces Nmap to retry several times just in case the probe was dropped due to network
congestion rather than filtering. This slows down the scan dramatically.

Unfiltered:The unfiltered state means that a port is accessible, but Nmap is unable to determine whether
it is open or closed. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this
state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may
help resolve whether the port is open.
5|Page

open|filtered:Nmap places ports in this state when it is unable to determine whether a port is open or
filtered. This occurs for scan types in which open ports give no response. The lack of response could also
mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure
whether the port is open or being filtered. The UDP, IP protocol, FIN, NULL, and Xmas scans classify
ports this way.

closed|filtered:This state is used when Nmap is unable to determine whether a port is closed or filtered. It
is only used for the IP ID idle scan.
Download Super Scan 3.0 tool from the WebSite and Execute the following:
EXPERIMENT 3.
Perform An Experiment On Active And Passive Finger Printing NMAP.
Fingerprinting is a process in scanning phase in which an attacker tries to identify Operating System of target
Machine. Fingerprinting can be classified into two types :
Active and Passive Fingerprinting
Active Stack Fingerprinting
It involves sending data to the target system and then see how it responds. Based on the fact that teach system
will respond differently, the response is compared with database and the OS is identified. It is commonly used
method though there are high chances of getting detected. It can be performed by following ways.
Using Nmap: Nmap is a port scanning tool that can be used for active stack OS fingerprinting.
Syntax: nmap -O IP_address
Example: nmap –O 192.168.56.101
Passive Fingerprinting involves examining traffic on network to determine the operating system. There is no
guarantee that the fingerprint will be accurate but usually they are accurate. It generally means sniffing traffic
rather than making actual contact and thus this method is stealthier and usually goes undetected.
6|Page
EXPERIMENT 4.
Perform an Experiment to Demonstrate How to Sniff for Router Traffic by Using the Tool Wire
shark.
A packet sniffer, sometimes referred to as a network monitor or network analyser, can be used by a
network or system administrator to monitor and troubleshoot network traffic.
Using the information captured by the packet sniffer an administrator can identify erroneous packets and use the
data to pinpoint bottlenecks and help maintain efficient network data transmission. In its simple form a packet
sniffer simply captures all of the packets of data that pass through a given network interface. By placing a packet
sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze all of the network traffic.
Wire shark is a network packet analyzer. A network packet analyzer will try to capture
Network packets and tries to display that packet data as detailed as possible.
7|Page
8|Page
EXPERIMENT 5.
Secure Data Storage, Secure Data Transmission and For Creating
AIM: Demonstrate how to provide secure data storage, secure data transmission and for
creating digital signatures (GnuPG).
INTRODUCTION:
 Here’s the final guide in my PGP basics series, this time focusing on Windows
The OS in question will be Windows 7, but it should work for Win8 and Win8.1 as
well
 Obviously it’s not recommended to be using Windows to access the DNM, but I
won’t go into the reasons here.
 The tool well be using is GPG4Win
 Visit www.gpg4win.org
 DIGITAL SIGNATURES (GNUPG)
 SOFTWARE:
 org. Click on the “Gpg4win 2.3.0” button
5. 1 Creating Your Public and Private Keys
9|Page
GPG encryption and decryption is based upon the keys of the person who will be
receiving the encrypted file or message. Any individual who wants to send the person an
encrypted file or message must possess the recipient’s public key certificate to encrypt the message. The recipient
must have the associated private key, which is different than the public key, to be able to decrypt the file. The
public and private key pair for an individual is usually generated by the individual on his or her computer using
the installed GPG program,called “Kleopatra” and the following procedure:
1. From your start bar, select the “Kleopatra” icon to start the Kleopatra certificate
management software
2. The following screen will be displayed:
3. From the “File” dropdown, click on the “New Certificate” option:
10 | P a g e
4. The following screen will be displayed. Click on “Create a personal OpenGPG key
pair” and the “Next” button:
5. The Certificate Creation Wizard will start and display the following:
6. Enter your name and e-mail address. You may also enter an optional comment. Then,
click the “Next” button:
11 | P a g e
7. Review your entered values. If OK, click the “Create Key” button:
8. You will be asked to enter a passphrase:
9. The passphrase should follow strong password standards.
After you’ve entered your passphrase, click the “OK” button.
10. You will be asked to re-enter the passphrase:
11. Re-enter the passphrase value. Then click the “OK” button.
If the passphrases match, the certificate will be created.
12 | P a g e
12. Once the certificate is created, the following screen will be displayed.
You can save a backup of your public and private keys by clicking the “Make a backup Of Your KeyPair” button.
This backup can be used to copy certificates onto other authorized computers.
13. If you choose to backup your key pair,
you will be presented with the following screen:
14. Specify the folder and name the file. Then click the “OK” button.
15. After the key is exported, the following will be displayed. Click the “OK” button.
13 | P a g e
16. You will be returned to the “Key Pair Successfully Created” screen.
Click the “Finish” button.
17. Before the program closes, you will need to confirm that you want to close the
program by clicking on the “Quit Kleopatra” button:
5. 2 DECRYPTING AN ENCRYPTED E-MAIL THAT HAS BEEN SENT TO YOU:
1. Open the e-mail message
14 | P a g e
2. Select the GpgOL tab
3. Click the “Decrypt” button
4. A command window will open along with a window that asks for the Passphrase to
your private key that will be used to decrypt the incoming message.
15 | P a g e
5.Enter your passphrase and click the “OK” button
6. The results window will tell you if the decryption succeeded.
Click the “Finish” button top close the window:
7. Your unencrypted e-mail message body will be displayed.
16 | P a g e
8. When you close the e-mail you will be asked if you want to save the e-mail message in its unencrypted form.
For maximum security, click the “No” button. This will keep the message encrypted within the e-mail system and
will require you to enter your passphrase each time you reopen the e-mail message:
RESULT:
Thus the secure data storage, secure data transmission and for creating digital
signatures (GnuPG) was developed successfully.
17 | P a g e