CNLab Manual
CNLab Manual
CNLab Manual
1. Study of Network devices in detail and connect the computers in Local Area Network.
A computer network’s network devices allow various hardware components to connect. Physical
devices, networking hardware, and network equipment are all terms used to describe these
devices, also known as computer networking devices. Each network device in a computer
network performs a certain function based on its capabilities, so it serves different objectives at
various segments.
Hub
Connecting network cables to a connectivity device creates a network segment. A Hub is a name
for this type of communication equipment. In most cases, hubs do not filter data; instead, they
route incoming data frames or packets to any or all of the constituents. Nowadays, all-important
network devices connected to PCs need a central switch or hub.
Repeater
The physical layer could be used to operate a repeater. This device’s primary purpose is to
duplicate the signal on a similar network before it becomes weak or broken. The critical thing to
remember about these gadgets is that they don’t boost the signal. They recreate the signal at its
actual power whenever it becomes weak. A repeater is a gadget with two ports.
Bridge
In a computer network, a bridge connects two or more network segments. A bridge’s primary
function in network design is storing and distributing frames between different components.
Transport frames are connected using (Media Access Control) technology.These can be used to
link two physical local area networks together to form a bigger logical local area network.
Bridges act on the OSI model’s data connection and physical layers to divide large and tiny
networks by managing data flow between networks. Bridges have now been substituted with
switches in recent years to provide more functionality.
Network Switch
A switch and a hub generally operate at the same LAN layer, but a switch is more intelligent than
a hub. The hub transmits data, but the switch filters and forwards it. As a result, this is the most
creative data packet handling method. When something is received from the switch’s interface, a
data packet can be filtered and forwarded to the indicated receiver’s interface. As a result, a
switch keeps track of system settings in a content addressable memory table, including memory.
The FIB or the forwarding table are other names for this table.
Brouter
The Brouter is also known as a bridging router, and its primary function is to combine the
functions of both a router and just a bridge. It can operate at either the network or data link layer.
When it functions as a router, it routes packets across networks, and then when it functions as a
bridge, it filters LAN traffic.
Gateway
A gateway works at the OSI model’s session and transport layers. TCP/IP and other networking
protocols are transformed through gateways. They’re connected to two or more independent
networks, each with its domain name service, routing algorithm, topology, and network
administration, including policy procedures. Gateways execute all of the functions that routers
do. A gateway is a router that also has the capability of converting traffic. As a result, a protocol
converter is used to switch between network technologies.
Access computers on your Local Area Network and provide support and maintenance without
end-user interaction.
1. On the Session Toolbar, click the Computers icon.
2. On the Computers list, click the Connect On LAN tab to see a list of accessible
computers.
3. Filter computers by name or IP address.
Tip: You can search and connect at any time. You do not need to wait for the entire list of
computers to load.
4. Select the computer you want to access and click Connect.
Important: If you do not have Administrator rights, you are prompted to enter the login
credentials of the computer you want to access.
2. Write a Program to implement the data link layer farming methods such as
i) Character stuffing ii) bit stuffing.
Bit Stuffing
Bit stuffing is a technique in which we add extra bits to a given set of data. The added bits don't carry
any information but rather they help in better communication. It is all about protocol management.
Examples:
Input: N = 6, arr[] = {1, 1, 1, 1, 1, 1}
Output: 1111101
Character Stuffing
Character stuffing or Byte Stuffing is the technique of adding a particular byte to the data section
before every byte in the data having the same pattern as the flag.
In Character destuffing while traversing the data we delete the byte with the same pattern as the
given flag and continues traversing the given data frame.
Program:
SOURCE CODE:
// BIT Stuffing program
#include<stdio.h>
#include<conio.h>
#include<string.h>
void main()
{
int a[20],b[30],i,j,k,count,n;
clrscr();
printf("Enter frame length:");
scanf("%d",&n);
printf("Enter input frame (0's & 1's only):");
for(i=0;i<n;i++)
scanf("%d",&a[i]);
i=0;
count=1;
j=0;
while(i<n)
{
if(a[i]==1)
{
b[j]=a[i];
for(k=i+1;a[k]==1 && k<n &&count<5;k++)
{
j++;
b[j]=a[k];
count++;
if(count==5)
{
j++;
b[j]=0;
}
i=k;
}
}
else
{
b[j]=a[i];
}
i++;
j++;
}
printf("After stuffing the frame is:");
for(i=0;i<j;i++)
printf("%d",b[i]);
getch();
}
OUTPUT:
#include<string.h>
main()
char a[30], fs[50] = " ", t[3], sd, ed, x[3], s[3], d[3], y[3];
int i, j, p = 0, q = 0;
clrscr();
scanf("%s", a);
strcat(fs, x);
t[0] = a[i];
t[1] = '\0';
if(t[0] == sd)
strcat(fs, s);
else
strcat(fs, t);
strcat(fs, y);
getch();
Output:-
for(i=0;i<k;i++)
sum+=b[i];
printf("SUM IS: %d",sum);
checksum=~sum;
printf("\nSENDER's CHECKSUM IS:%d",checksum);
return checksum;
}
i=0;
while(n>(int)pow(2,i)-(i+1))
{
p_n++;
i++;
}
c_l = p_n + n;
j=k=0;
for(i=0;i<c_l;i++)
{
if(i==((int)pow(2,k)-1))
{
code[i]=0;
k++;
}
else
{
code[i]=input[j];
j++;
}
}
for(i=0;i<p_n;i++)
{
int position = (int)pow(2,i);
int value = ham_calc(position,c_l);
code[position-1]=value;
}
printf("\nThe calculated Code Word is: ");
for(i=0;i<c_l;i++)
printf("%d",code[i]);
printf("\n");
printf("Please enter the received Code Word:\n");
for(i=0;i<c_l;i++)
scanf("%d",&code[i]);
int error_pos = 0;
for(i=0;i<p_n;i++)
{
int position = (int)pow(2,i);
int value = ham_calc(position,c_l);
if(value != 0)
error_pos+=position;
}
if(error_pos == 1)
printf("The received Code Word is correct.\n");
else
printf("Error at bit position: %d\n",error_pos);
}
int ham_calc(int position,int c_l)
{
int count=0,i,j;
i=position-1;
while(i<c_l)
{
for(j=i;j<i+position;j++)
{
if(code[j] == 1)
count++;
}
i=i+2*position;
}
if(count%2 == 0)
return 0;
else
return 1;
}
output:-
Please enter the length of the Data Word: 8
Please enter the Data Word:
1
1
0
1
0
0
1
1
The calculated Code Word is: 011110100011
Please enter the received Code Word:
0
1
1
1
1
1
1
0
0
0
1
1
Error at bit position: 6
--------------------------------
5. Write a Program to implement on a data set of characters the three CRC polynomials – CRC
12, CRC 16 and CRC CCIP.
//Include header files stdio.h, string.h
#define N strlen(g)
char t[28],cs[28],g[28];
int a,e,c,b;
void xor()
{
for(c=1;c<N;c++)
cs[c]=((cs[c]==g[c])?'0':'1');
}
void crc()
{
for(e=0;e<N;e++)
cs[e]=t[e];
do
{
if(cs[0]=='1')
xor();
for(c=0;c<N-1;c++)
cs[c]=cs[c+1];
cs[c]=t[e++];
}while(e<=a+N-1);
}
int main()
{
int flag=0;
do{
printf("\n1.crc12\n2.crc16\ncrc ccit\n4.exit\n\nEnter your option.");
scanf("%d",&b);
switch(b)
{
case 1:strcpy(g,"1100000001111");
break;
case 2:strcpy(g,"11000000000000101");
break;
case 3:strcpy(g,"10001000000100001");
break;
case 4:return 0;
}
printf("\n enter data:");
scanf("%s",t);
printf("\n-----------------------\n");
printf("\n generating polynomial:%s",g);
a=strlen(t);
for(e=a;e<a+N-1;e++)
t[e]='0';
printf("\n--------------------------\n");
printf("mod-ified data is:%s",t);
printf("\n-----------------------\n");
crc();
printf("checksum is:%s",cs);
for(e=a;e<a+N-1;e++)
t[e]=cs[e-a];
printf("\n-----------------------\n");
printf("\n final codeword is : %s",t);
printf("\n------------------------\n");
printf("\ntest error detection 0(yes) 1(no)?:");
scanf("%d",&e);
if(e==0)
{
do{
printf("\n\tenter the position where error is to be inserted:");
scanf("%d",&e);
}
while(e==0||e>a+N-1);
[Type text] [Type text] [Type text]
MVR COLLEGE OF ENGINEERING AND TECHNOLOGY
t[e-1]=(t[e-1]=='0')?'1':'0';
printf("\n-----------------------\n");
printf("\n\terroneous data:%s\n",t);
}
crc();
for(e=0;(e<N-1)&&(cs[e]!='1');e++);
if(e<N-1)
printf("error detected\n\n");
else
printf("\n no error detected \n\n");
printf("\n-----------------------");
}while(flag!=1);
}
crc();
for(e=0;(e<N-1)&&(cs[e]!='1');e++);
if(e<N-1)
printf("error detected\n\n");
else
printf("\n no error detected \n\n");
printf("\n-----------------------");
}while(flag!=1);
Out Put
1.crc12
2.crc16
3.crc ccit
4.exit
Enter your option.1
enter data:1100110011100011
-----------------------
generating polynomial:1100000001111
-------------------------
mod-ified data is:11001100111000110000000000001100000001111
-----------------------
checksum is:1101110110001
-----------------------
final codeword is : 11001100111000111101110110001100000001111
------------------------
test error detection 0(yes) 1(no)?:1
no error detected
-----------------------
1.crc12
2.crc16
3.crc ccit
4.exit
if(ack == windowsize)
break;
else
sent = ack;
}
return 0;
}
output:-
enter window size
8
Frame 0 has been transmitted.
Frame 1 has been transmitted.
Frame 2 has been transmitted.
Frame 3 has been transmitted.
Frame 4 has been transmitted.
Frame 5 has been transmitted.
Frame 6 has been transmitted.
Frame 7 has been transmitted.
int main()
{
int w,i,f,frames[50];
for(i=1;i<=f;i++)
scanf("%d",&frames[i]);
printf("\nWith sliding window protocol the frames will be sent in the following manner
(assuming no corruption of frames)\n\n");
printf("After sending %d frames at each stage sender waits for acknowledgement sent by the
receiver\n\n",w);
for(i=1;i<=f;i++)
{
if(i%w==0)
{
printf("%d\n",frames[i]);
printf("Acknowledgement of above frames sent is received by sender\n\n");
}
else
printf("%d ",frames[i]);
}
if(f%w!=0)
printf("\nAcknowledgement of above frames sent is received by sender\n");
return 0;
}
Output
With sliding window protocol the frames will be sent in the following manner (assuming no
corruption of frames)
After sending 3 frames at each stage sender waits for acknowledgement sent by the receiver
12 5 89
Acknowledgement of above frames sent is received by sender
46
Acknowledgement of above frames sent is received by sender
if(flag==0)
{
from_network_layer(&buffer);
s.info = buffer;
s.seq = frame_to_send;
printf("SENDER : Info = %d Seq No = %d ",s.info,s.seq);
turn = 'r';
to_physical_layer(&s);
flag = 1;
}
wait_for_event_sender(&event);
if(turn=='s')
{
if(event==frame_arrival)
{
from_network_layer(&buffer);
inc(frame_to_send);
s.info = buffer;
s.seq = frame_to_send;
printf("SENDER : Info = %d Seq No = %d ",s.info,s.seq);
turn = 'r';
to_physical_layer(&s);
}
if(event==timeout)
{
printf("SENDER : Resending Frame ");
turn = 'r';
to_physical_layer(&s);
}
}
}
/*__________________________________________________________________________*/
void reciever()
{
static int frame_expected=0;
frame r,s;
event_type event;
wait_for_event_reciever(&event);
if(turn=='r')
{
if(event==frame_arrival)
{
from_physical_layer(&r);
if(r.seq==frame_expected)
{
to_network_layer(&r.info);
inc(frame_expected);
}
else
printf("RECIEVER : Acknowledgement Resent\n");
turn = 's';
to_physical_layer(&s);
}
if(event==err)
{
printf("RECIEVER : Garbled Frame\n");
turn = 's'; //if frame not recieved
} //sender shold send it again
}
}
/*__________________________________________________________________________*/
void from_network_layer(packet *buffer)
{
(*buffer).data = i;
i++;
}
/*___________________________________________________________________________*
/
void to_physical_layer(frame *s)
{ // 0 means error
s->err = random(4); //non zero means no error
DATA = *s; //probability of error = 1/4
}
/*___________________________________________________________________________*
/
void to_network_layer(packet *buffer)
{
printf("RECIEVER :Packet %d recieved , Ack Sent\n",(*buffer).data);
if(i>TOT_PACKETS) //if all packets recieved then disconnect
{
DISCONNECT = 1;
printf("\nDISCONNECTED");
}
}
/*___________________________________________________________________________*
/
void from_physical_layer(frame *buffer)
{
*buffer = DATA;
}
/*___________________________________________________________________________*
/
void wait_for_event_sender(event_type * e)
{
static int timer=0;
if(turn=='s')
{
timer++;
if(timer==TIMEOUT)
{
*e = timeout;
printf("SENDER : Ack not recieved=> TIMEOUT\n");
timer = 0;
return;
}
if(DATA.err==0)
*e = err;
else
{
timer = 0;
*e = frame_arrival;
}
}
}
/*____________________________________________________________________________
*/
void wait_for_event_reciever(event_type * e)
{
if(turn=='r')
{
if(DATA.err==0)
*e = err;
else
*e = frame_arrival;
}
}
9. Write a program for congestion control using leaky bucket algorithm
#include<stdio.h>
#include<stdlib.h>
#include<unistd.h>
#define NOF_PACKETS 10
int rand(int a)
{
int rn = (random() % 10) % a;
return rn == 0 ? 1 : rn;
}
int main()
{
int packet_sz[NOF_PACKETS], i, clk, b_size, o_rate, p_sz_rm=0, p_sz, p_time, op;
for(i = 0; i<NOF_PACKETS; ++i)
packet_sz[i] = rand(6) * 10;
for(i = 0; i<NOF_PACKETS; ++i)
printf("\npacket[%d]:%d bytes\t", i, packet_sz[i]);
printf("\nEnter the Output rate:");
scanf("%d", &o_rate);
printf("Enter the Bucket Size:");
scanf("%d", &b_size);
for(i = 0; i<NOF_PACKETS; ++i)
{
if( (packet_sz[i] + p_sz_rm) > b_size)
if(packet_sz[i] > b_size)/*compare the packet siz with bucket size*/
printf("\n\nIncoming packet size (%dbytes) is Greater than bucket capacity
(%dbytes)-PACKET REJECTED", packet_sz[i], b_size);
else
printf("\n\nBucket capacity exceeded-PACKETS REJECTED!!");
else
{
p_sz_rm += packet_sz[i];
printf("\n\nIncoming Packet size: %d", packet_sz[i]);
printf("\nBytes remaining to Transmit: %d", p_sz_rm);
p_time = rand(4) * 10;
printf("\nTime left for transmission: %d units", p_time);
for(clk = 10; clk <= p_time; clk += 10)
{
sleep(1);
if(p_sz_rm)
{
if(p_sz_rm <= o_rate)/*packet size remaining comparing with output rate*/
op = p_sz_rm, p_sz_rm = 0;
else
op = o_rate, p_sz_rm -= o_rate;
printf("\nPacket of size %d Transmitted", op);
printf("----Bytes Remaining to Transmit: %d", p_sz_rm);
}
else
{
printf("\nTime left for transmission: %d units", p_time-clk);
printf("\nNo packets to transmit!!");
}
}
}
}
}
Commands for execution:-
● Open a terminal.
● Change directory to the file location.
● Run gcc filename.c
● If there are no errors, run ./a.out
10. Write a Program to implement Dijkstra‘s algorithm to compute the Shortest path through a
graph.
#include<stdio.h>
#include<conio.h>
#define INFINITY 9999
#define MAX 10
int main()
{
int G[MAX][MAX],i,j,n,u;
printf("Enter no. of vertices:");
scanf("%d",&n);
printf("\nEnter the adjacency matrix:\n");
for(i=0;i<n;i++)
for(j=0;j<n;j++)
scanf("%d",&G[i][j]);
printf("\nEnter the starting node:");
scanf("%d",&u);
dijkstra(G,n,u);
return 0;
}
int cost[MAX][MAX],distance[MAX],pred[MAX];
int visited[MAX],count,mindistance,nextnode,i,j;
//pred[] stores the predecessor of each node
//count gives the number of nodes seen so far
//create the cost matrix
for(i=0;i<n;i++)
for(j=0;j<n;j++)
if(G[i][j]==0)
cost[i][j]=INFINITY;
else
cost[i][j]=G[i][j];
//initialize pred[],distance[] and visited[]
for(i=0;i<n;i++)
{
distance[i]=cost[startnode][i];
pred[i]=startnode;
visited[i]=0;
}
distance[startnode]=0;
visited[startnode]=1;
count=1;
while(count<n-1)
{
mindistance=INFINITY;
//nextnode gives the node at minimum distance
for(i=0;i<n;i++)
if(distance[i]<mindistance&&!visited[i])
{
mindistance=distance[i];
nextnode=i;
}
//check if a better path exists through nextnode
visited[nextnode]=1;
for(i=0;i<n;i++)
if(!visited[i])
if(mindistance+cost[nextnode][i]<distance[i])
{
distance[i]=mindistance+cost[nextnode][i];
pred[i]=nextnode;
}
count++;
}
11. Write a Program to implement Distance vector routing algorithm by obtaining routing table
at each node (Take an example subnet graph with weights indicating delay between nodes).
/*
Distance Vector Routing in this program is implemented using Bellman Ford Algorithm:-
*/
#include<stdio.h>
struct node
{
unsigned dist[20];
unsigned from[20];
}rt[10];
int main()
{
int costmat[20][20];
int nodes,i,j,k,count=0;
printf("\nEnter the number of nodes : ");
scanf("%d",&nodes);//Enter the nodes
printf("\nEnter the cost matrix :\n");
for(i=0;i<nodes;i++)
{
for(j=0;j<nodes;j++)
{
scanf("%d",&costmat[i][j]);
costmat[i][i]=0;
rt[i].dist[j]=costmat[i][j];//initialise the distance equal to cost matrix
rt[i].from[j]=j;
}
}
do
{
count=0;
for(i=0;i<nodes;i++)//We choose arbitary vertex k and we calculate the direct distance
from the node i to k using the cost matrix
//and add the distance from k to node j
for(j=0;j<nodes;j++)
for(k=0;k<nodes;k++)
if(rt[i].dist[j]>costmat[i][k]+rt[k].dist[j])
{//We calculate the minimum distance
rt[i].dist[j]=rt[i].dist[k]+rt[k].dist[j];
rt[i].from[j]=k;
count++;
}
}while(count!=0);
for(i=0;i<nodes;i++)
{
printf("\n\n For router %d\n",i+1);
for(j=0;j<nodes;j++)
{
printf("\t\nnode %d via %d Distance %d ",j+1,rt[i].from[j]+1,rt[i].dist[j]);
}
}
printf("\n\n");
getch();
}
/*
A sample run of the program works as:-
Enter the number of nodes :
3
Enter the cost matrix :
027
201
710
For router 1
node 1 via 1 Distance 0
node 2 via 2 Distance 2
node 3 via 3 Distance 3
For router 2
node 1 via 1 Distance 2
node 2 via 2 Distance 0
node 3 via 3 Distance 1
For router 3
node 1 via 1 Distance 3
node 2 via 2 Distance 1
node 3 via 3 Distance 0
*/
13. Wireshark i. Packet Capture Using Wire shark ii. Starting Wire shark iii. Viewing Captured
Traffic iv. Analysis and Statistics & Filters.
2.5 Wireshark Fundamentals
Once you’ve successfully installed Wireshark on your system, you can begin to familiarize
yourself with it. Now you finally get to open your fully functioning packet sniffer and see . . .
absolutely nothing!
Okay, so Wireshark isn’t very interesting when you first open it. In order for things to really get
exciting, you need to get some data.
2.6 Your First Packet Capture
To get packet data into Wireshark, you’ll perform your first packet capture. You may be thinking,
“How am I going to capture packets when nothing is wrong on the network?”
First, there is always something wrong on the network. If you don’t believe me, then go ahead
and
send an email to all of your network users and let them know that everything is working
perfectly.
Secondly, there doesn’t need to be something wrong in order for you to perform packet analysis.
In fact, most packet analysts spend more time analyzing problem free traffic than traffic that
theyare troubleshooting. You need a baseline to compare to in order to be able to effectively
troubleshoot network traffic. For example, if you ever hope to solve a problem with DHCP by
analyzing its traffic, you must understand what the flow of working DHCP traffic looks like.
More broadly, in order to find anomalies in daily network activity, you must know what normal
daily network activity looks like. When your network is running smoothly, you can set your
baseline so that you’ll know what its traffic looks like in a normal state.
So, let’s capture some packets!
1. Open Wireshark.
2. From the main drop-down menu, select Capture and then Interfaces. You should see a
dialog listing the various interfaces that can be used to capture packets, along with their IP
addresses.
3. Choose the interface you wish to use, as shown in Figure-3, and click Start, or simply click
the interface under the Interface List section of the welcome page. Data should begin filling
the window.
4. Wait about a minute or so, and when you are ready to stop the capture and view your data,
click the Stop button from the Capture drop-down menu.
Once you have completed these steps and finished the capture process, the Wireshark main
window should be alive with data. As a matter of fact, you might be overwhelmed by the amount
of data that appears, but it will all start to make sense very quickly as we break down the main
window of Wireshark one piece at a time.
2.7 Wireshark’s Main Window
You’ll spend most of your time in the Wireshark main window. This is where all of the packets
you capture are displayed and broken down into a more understandable format. Using the packet
capture you just made, let’s take a look at Wireshark’s main window,
The three panes in the main window depend on one another. In order to view the details of an
individual packet in the Packet Details pane, you must first select that packet by clicking it in the
Packet List pane. Once you’ve selected your packet, you can see the bytes that correspond with a
certain portion of the packet in the Packet Bytes pane when you click that portion of the packet
in
the Packet Details pane.
Here’s what each pane contains:
Packet List: The top pane displays a table containing all packets in the current capture file. It has
columns containing the packet number, the relative time the packet was captured, the source and
destination of the packet, the packet’s protocol, and some general information found in the
packet.
Packet Details: The middle pane contains a hierarchical display of information about a single
packet. This display can be collapsed and expanded to show all of the information collected
about
an individual packet.
Packet Bytes: The lower pane perhaps the most confusing displays a packet in its raw,
unprocessed
form; that is, it shows what the packet looks like as it travels across the wire. This is raw
information with nothing warm or fuzzy to make it easier to follow.
2.8 Wireshark Preferences
Wireshark has several preferences that can be customized to meet your needs. To access
Wireshark’s preferences, select Edit from the main drop-down menu and click Preferences.
You’ll
see the Preferences dialog, which contains several customizable options,
2.9 Packet Color Coding
If you are anything like me, you may enjoy shiny objects and pretty colors. If that is the case,
you
probably got excited when you saw all those different colors in the Packet List pane, as in the
example in Figure-6 (well, the figure is in black and white, but you get the idea). It may seem as
if these colors are randomly assigned to each individual packet, but this is not the case.
As you work with Wireshark on your network, you will begin to notice that you deal with certain
protocols more than others. Here’s where color-coded packets can make your life a lot easier. For
example, if you think that there is a rogue DHCP server on your network handing out IP leases,
you could simply modify the coloring rule for the DHCP protocol so that it shows up in bright
yellow (or some other easily identifiable color). This would allow you to pick out all DHCP
traffic
much more quickly, and make your packet analysis more efficient. These coloring rules can also
be further extended by creating them based on your own custom filters.
Nmap allows network admins to find which devices are running on their network, discover open
ports and services, and detect vulnerabilities.
There are a number of reasons why security pros prefer Nmap over other scanning tools.
First, Nmap helps you to quickly map out a network without sophisticated commands or
configurations. It also supports simple commands (for example, to check if a host is up) and
complex scripting through the Nmap scripting engine.
Basic scans
Scanning the list of active devices on a network is the first step in network mapping. There are
two types of scans you can use for that:
Ping scan — Scans the list of devices up and running on a given subnet.
> nmap -sp 192.168.1.1/24
Scan a single host — Scans a single host for 1000 well-known ports. These ports are the ones
used by popular services like SQL, SNTP, apache, and others.
> nmap scanme.nmap.org
1-3
Stealth scan
Stealth scanning is performed by sending an SYN packet and analyzing the response. If
SYN/ACK is received, it means the port is open, and you can open a TCP connection.
However, a stealth scan never completes the 3-way handshake, which makes it hard for the target
to determine the scanning system.
Version scanning
Finding application versions is a crucial part in penetration testing.
It makes your life easier since you can find an existing vulnerability from the Common
Vulnerabilities and Exploits (CVE) database for a particular version of the service. You can then
use it to attack a machine using an exploitation tool like Metasploit.
1-5
OS Scanning
In addition to the services and their versions, Nmap can provide information about the
underlying operating system using TCP/IP fingerprinting. Nmap will also try to find the system
uptime during an OS scan.
Again, OS detection is not always accurate, but it goes a long way towards helping a pen tester
get closer to their target.
1-6
Aggressive Scanning
Nmap has an aggressive mode that enables OS detection, version detection, script scanning, and
traceroute. You can use the -A argument to perform an aggressive scan.
1-7
Scanning Multiple Hosts
Nmap has the capability of scanning multiple hosts simultaneously. This feature comes in real
handy when you are managing vast network infrastructure.
Write all the IP addresses in a single row to scan all of the hosts at the same time.
> nmap 192.164.1.1 192.164.0.2 192.164.0.2
Use the asterisk (*) to scan all of the subnets at once.
> nmap 192.164.1.*
Add commas to separate the addresses endings instead of typing the entire domains.
> nmap 192.164.0.1,2,3,4
Use a hyphen to specify a range of IP addresses
> nmap 192.164.0.0–255
Port Scanning
Port scanning is one of the most fundamental features of Nmap. You can scan for ports in several
ways.
Verbose Output
> nmap -v scanme.nmap.org
The verbose output provides additional information about the scan being performed. It is useful
to monitor step by step actions Nmap performs on a network, especially if you are an outsider
scanning a client’s network.
1-8
Normal output
Nmap scans can also be exported to a text file. It will be slightly different from the original
command line output, but it will capture all the essential scan results.
Nmap Help
Nmap has a built-in help command that lists all the flags and options you can use. It is often
handy given the number of command-line arguments Nmap comes with.
> nmap -h
1-12
Nmap Scripting Engine
Nmap Scripting Engine (NSE) is an incredibly powerful tool that you can use to write scripts and
automate numerous networking features.
You can find plenty of scripts distributed across Nmap, or write your own script based on your
requirements. You can even modify existing scripts using the Lua programming language.
1-13
NSE also has attack scripts that are used in attacking the network and various networking
protocols.
Going through the scripting engine in-depth would be out-of-scope for this article, so here is
more information about the Nmap scripting engine.
Zenmap
Zenmap is a graphical user interface for Nmap. It is a free and open-source software that helps
you get up and running with Nmap.
One of Nmap's best-known features is remote OS detection using TCP/IP stack fingerprinting.
Nmap sends a series of TCP and UDP packets to the remote host and examines practically every
bit in the responses. After performing dozens of tests such as TCP ISN sampling, TCP options
support and ordering, IP ID sampling, and the initial window size check, Nmap compares the
results to its nmap-os-db database of more than 2,600 known OS fingerprints and prints out the
OS details if there is a match. Each fingerprint includes a freeform textual description of the OS,
and a classification which provides the vendor name (e.g. Sun), underlying OS (e.g. Solaris), OS
generation (e.g. 10), and device type (general purpose, router, switch, game console, etc). Most
fingerprints also have a Common Platform Enumeration (CPE) representation, like
cpe:/o:linux:linux_kernel:2.6.
If Nmap is unable to guess the OS of a machine, and conditions are good (e.g. at least one open
port and one closed port were found), Nmap will provide a URL you can use to submit the
fingerprint if you know (for sure) the OS running on the machine. By doing this you contribute
to the pool of operating systems known to Nmap and thus it will be more accurate for everyone.
OS detection enables some other tests which make use of information that is gathered during the
process anyway. One of these is TCP Sequence Predictability Classification. This measures
approximately how hard it is to establish a forged TCP connection against the remote host. It is
useful for exploiting source-IP based trust relationships (rlogin, firewall filters, etc) or for hiding
the source of an attack. This sort of spoofing is rarely performed any more, but many machines
are still vulnerable to it. The actual difficulty number is based on statistical sampling and may
fluctuate. It is generally better to use the English classification such as “worthy challenge” or
“trivial joke”. This is only reported in normal output in verbose (-v) mode. When verbose mode
is enabled along with -O, IP ID sequence generation is also reported. Most machines are in the
“incremental” class, which means that they increment the ID field in the IP header for each
packet they send. This makes them vulnerable to several advanced information gathering and
spoofing attacks.
Another bit of extra information enabled by OS detection is a guess at a target's uptime. This
uses the TCP timestamp option (RFC 1323) to guess when a machine was last rebooted. The
guess can be inaccurate due to the timestamp counter not being initialized to zero or the counter
overflowing and wrapping around, so it is printed only in verbose mode.
Enables OS detection, as discussed above. Alternatively, you can use -A to enable OS detection
along with other things.
OS detection is far more effective if at least one open and one closed TCP port are found. Set this
option and Nmap will not even try OS detection against hosts that do not meet this criteria. This
can save substantial time, particularly on -Pn scans against many hosts. It only matters when OS
detection is requested with -O or -A.
When Nmap performs OS detection against a target and fails to find a perfect match, it usually
repeats the attempt. By default, Nmap tries five times if conditions are favorable for OS
fingerprint submission, and twice when conditions aren't so good. Specifying a lower
--max-os-tries value (such as 1) speeds Nmap up, though you miss out on retries which could
potentially identify the OS. Alternatively, a high value may be set to allow even more retries
when conditions are favorable. This is rarely done, except to generate better fingerprints for
submission and integration into the Nmap OS database.
16. Do the following using NS2 Simulator i. NS2 Simulator-Introduction ii. Simulate to Find the
Number of Packets Dropped iii. Simulate to Find the Number of Packets Dropped by TCP/UDP
iv. Simulate to Find the Number of Packets Dropped due to Congestion v. Simulate to Compare
Data Rate& Throughput.
1. What is NS2
2. Features of NS2
1. It is a discrete event simulator for networking research.
2. It provides substantial support to simulate bunch of protocols like TCP, FTP, UDP, https and
DSR.
3. Basic Architecture
NS2 consists of two key languages: C++ and Object-oriented Tool Command Language (OTcl).
While the C++ defines the internal mechanism (i.e., a backend) of the simulation objects, the
OTcl sets up simulation by assembling and configuring the objects as well as scheduling discrete
events. The C++ and the OTcl are linked together using TclCL