Lovely Professional University, Punjab

Course Code Course Title Course Planner Lectures Tutorials Practicals Credits
CAP563 CYBER SECURITY AWARENESS-LABORATORY 16862::Puneet Kumar Kaushal 0 0 2 1
Course Weightage ATT: 5 CAP: 45 ETP: 50 Exam Category: X6: Mid Term Exam: Not Applicable – End Term Exam:
Practical
Course Orientation KNOWLEDGE ENHANCEMENT, SKILL ENHANCEMENT, SOFTWARE SKILL

TextBooks ( T )
Sr No Title Author Publisher Name
T-1 SNORT COOKBOOK ANGELA OREBAUGH, O'REILLY
SIMON BILES, JACOB
BABBIN
T-2 WIRESHARK ESSENTIALS JAMES H. BAXTER O'REILLY
Reference Books ( R )
Sr No Title Author Publisher Name
R-1 HANDS-ON INFORMATION MICHAEL E. WHITMAN, CENGAGE LEARNING
SECURITY LAB MANUAL HERBERT J. MATTORD

Relevant Websites ( RW )
Sr No (Web address) (only if relevant to the course) Salient Features
RW-1 http://sectools.org/tag/ids/ Details of various security tools

RW-2 http://manual.snort.org/node1.html Snort Overview, Sniffer mode, logger mode

RW-3 http://82.157.70.109/mirrorbooks/snortids/0596006616/snortids-CHP-3-SECT-4.html Modes of operation, Snort as Sniffer, Snort as packer logger

RW-4 http://netsecurity.about.com/cs/hackertools/a/aa030504.htm Provides information about IDS and its features, Intrusion detection tools,
Port scanning, Packet sniffing, Vulnerability Scanning etc
RW-5 http://www.omnisecu.com/security/sniffer-attack.htm Type of Sniffer attacks

RW-6 http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter- Use of wireshark tool

andinspectpackets/
RW-7 http://www.wireshark.org/docs/man-pages/tshark.html Purpose and use of tshark tool

Audio Visual Aids ( AV )

Sr No (AV aids) (only if relevant to the course) Salient Features
AV-1 http://www.securitytube-tools.net/index.php@title=Snort.html use of snort
AV-2 http://wiresharkdownloads.riverbed.com/video/wireshark/introduction-to-wireshark/ Introduction to Wireshark

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.
 Software/Equipments/Databases
Sr No (S/E/D) (only if relevant to the course) Salient Features
SW-1 http://sectools.org/tag/ids/ Details of various security tools
SW-2 http://www.wireshark.org/download.html Software for practical implementation
SW-3 http://www.tcpdump.org/ tcpdump software for practical implementation
SW-4 http://www.snort.org/snort-downloads Software for practical implementation

*Each experiment of the lab will be evaluated using following relative scheme:
Component Weightage (%)
Performance/Job 100
evaluation/conduct/skill
execution/demonstration

Detailed Plan For Practicals

Practical No Broad topic Subtopic Other Readings Learning Outcomes

Practical 1 Introduction to different Intrusion introduction to tshark RW-2 Students will learn an overview of the security tools
detection tools and softwares
Introduction to different Intrusion introduction to snort 2.1 and its AV-1 Students will learn an overview of the security tools
detection tools installation and softwares
Introduction to different Intrusion introduction to nmap RW-1 Students will learn an overview of the security tools
detection tools and softwares
Introduction to different Intrusion introduction to wireshark AV-2 Students will learn an overview of the security tools
detection tools and softwares
Practical 2 Packet sniffing and port scanning scan the host using nmap tool RW-3 Students will learn about the basic usage and port
scanning methods
Packet sniffing and port scanning scan the network using nmap tool RW-4 Students will learn about the basic usage and port
scanning methods
Practical 3 Signature based detection using snort packet logger mode of snort tool RW-3 P5: Students will learn about the basic use of snort
RW-4 as a tool of security
P6: Lab Evaluation 1

Signature based detection using snort demonstrate signature based detection RW-2 P5: Students will learn about the basic use of snort
in snort tool RW-3 as a tool of security
RW-4 P6: Lab Evaluation 1

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.
Practical 3 Signature based detection using snort packet sniffer mode of snort RW-3 P5: Students will learn about the basic use of snort
RW-4 as a tool of security
RW-5 P6: Lab Evaluation 1

Practical 4 Modes of snort and wireshark
Modes of snort and wireshark
Practical 5 Modes of snort and wireshark
Modes of snort and wireshark
Practical 6 Inspecting http traffic
Packet sniffer mode of wireshark tool RW-3 Students will learn to use the appropriate mode of
RW-4 operation of wireshark depending on the given
scenario.
Packet logger mode of wireshark tool RW-4 Students will learn to use the appropriate mode of
RW-6 operation of wireshark depending on the given
scenario.
Packet logger mode of tshark tool RW-7 Students will learn to use the appropriate mode of
operation of tshark depending on the given
scenario.
Packet sniffer mode of tshark tool RW-6 Students will learn to use the appropriate mode of
RW-7 operation of tshark depending on the given
scenario.
Demonstrate to grab the cookies SW-1 Students will learn the detail working with cookies
for the security analysis of the websites

Practical 7 Inspecting http traffic Demonstrate to grab the plain text RW-7 Students will learn to regain the plain text
password SW-1 passwords using cookies

Practical 8 TCPdump TCPdump and its commands SW-1 Students will learn to use TCPdump for remote
SW-3 information access

Practical 9 DUMPcap DUMPcap and its commands SW-2 Students will use different commands of DUMPcap
SW-3 to check various features of a dump terminal

Practical 10 Capinfos capinfos and its commands SW-3 Students will learn to use the capinfos command in
SW-4 wireshark

Practical 11 Capinfos capinfos and its commands SW-3 Students will learn to use the capinfos command in
SW-4 wireshark

Practical 12 KFSensor working with KFSensor SW-2 Students will learn to use the KFSensor
SW-3

Practical 13 KFSensor working with KFSensor SW-2 Students will learn to use the KFSensor
SW-3

Practical 14 KFSensor working with KFSensor SW-2 Students will learn to use the KFSensor
SW-3

SPILL OVER
Practical 15 Spill Over

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.