Network Security Fundamentals Lab Project

Department of Information System

SEMESTER 2, 2023-2024

COURSE CODE: 453 CIS-4 INSTRUCTOR: IMRAN KHAN

SECTION: 1904 SUBMISSION DATE:
COURSE NAME: NETWORK MARKS:_________/7
SECURITY FUNDAMENTALS
SIGNATURE:

Project

Performing Packet Spoofing and Malware Analysis using WIRESHARK

STUDENT NAME: _________________________________________________________________________________________

STUDENT ID: _____________________________________________________________________________________________

SECTION A: Introduction about Wireshark

Case 1: What is Wire-shark and how it works (explain in 5-10 lines)

College of Computer Science

King Khalid University, Al Gara Campus, ABHA
 Network Security Fundamentals Lab Project
Department of Information System

Case 2: Arrange all the Wire shark window columns in the given format.
Same format should be followed for all the sections of your project.

Columns to be included:

1 Name (Each student doing the project should write their name)
2 Time (Format: Year/ day of the Year/ Time of the day)
3 Source
4 Source Port
5 Destination
6 Destination Port
7 Protocol
8 Host
9 Length
10 Info
>>Paste screenshot of your window here >>

Download Wireshark: https://www.wireshark.org/download.html

College of Computer Science

King Khalid University, Al Gara Campus, ABHA
 Network Security Fundamentals Lab Project
Department of Information System

SECTION B: Spoofing and analysing packets on FTP Client Server

Create an FTP Client Server and spoof FTP packets using Wireshark.
Download Filezilla : https://filezilla-project.org/download.php?type=client

Filezilla (FTP Client Server) credentials:

Hostname: ftp.drivrhq.com

Username: admin20

Password: password123
>>Paste screenshot of Filezilla Server here >>

College of Computer Science

King Khalid University, Al Gara Campus, ABHA
 Network Security Fundamentals Lab Project
Department of Information System

Case 1: Showcase how unsecured FTP Server can give away user
credentials.
>>Paste your screenshot here>>

Case 2: Showcase how secured FTP server encrypts user credentials.

>>Paste your screenshot here>>

College of Computer Science

King Khalid University, Al Gara Campus, ABHA
 Network Security Fundamentals Lab Project
Department of Information System

SECTION C: Spoofing HTTP packets

Case 1: Log-in to any unsecured website using your credentials and

showcase how you can extract user credentials from spoofed HTTP packets
by Wireshark. A testing unsecured HTTP website link has been provided
for your reference. Students should use given user credentials.

Username: “Students First Name”

Password: “Student’s ID”

HTTP website: http://testphp.vulnweb.com/login.php

>>Paste your screenshot here>>

Case 2: Showcase how you can save pictures (gif/png/jpeg formats) via
Wireshark if the user is browsing through the unsecured website. An HTTP
website link is given for your reference.

HTTP Website:

http://www.ladakh-leh.com/ladakh-trekking/tour-packages.html
>>Write steps or paste the screenshot to save the images from the above website>>

College of Computer Science

King Khalid University, Al Gara Campus, ABHA
 Network Security Fundamentals Lab Project
Department of Information System

SECTION D: Analysing TCP packets

Case 1: Connect to your WiFi or Ethernet connections and start capturing

packets on Wireshark. Once you have captured the packets generate flow
graph for the captured packets.
>>Paste your screenshot here>>

Case 2: For any captured TCP packet generate throughput graph.

>>Paste your screenshot here>>

College of Computer Science

King Khalid University, Al Gara Campus, ABHA
 Network Security Fundamentals Lab Project
Department of Information System

SECTION E: Malware Traffic Analysis

Case: Taking help of Wireshark, we have to capture packets and analyse the
malware traffic by using various utility software’s. Now malware is
dangerous for our machines so we analyse and complete this part of the
project by using “pacp” files uploaded on malware traffic analysis website.
Now these are sample files from already captured malware traffic. We will
unzip and the upload this “pcap” file to generate our results.

One you upload the files, you’ll save the expected the malware traffic and
generate the hash files. Finally using those hash files you will check these
files on Virus Total to see if they are infected or not.

Download Malware traffic sample: https://www.malware-traffic-

analysis.net

HashMyFiles is a small utility that allows you to calculate the MD5 and
SHA1 hashes of one or more files in your system.

Download: https://www.nirsoft.net/utils/hash_my_files.html

Check your Hash files and analyse if the files are infected or not using
Virus-Total

Link for Virus Total: https://www.virustotal.com/gui/home/upload

>>All the steps can be pasted here as screenshots>>

Answer following Questions:

 Which website is infected? ________________________________________________

 What is the IP Address of the infected website? _________________________
 What is the IP Address of infected machine? _____________________________
 What is the hostname of infected machine? ______________________________
 What is the mac address of infected machine? ___________________________

College of Computer Science

King Khalid University, Al Gara Campus, ABHA