Objectives:

Learn basic conceptsof computer networking and acquire practical notions of protocols
with the emphasis on TCP/IP.Alab provides a practical approach to Ethernet/Internet
networking:networks are assembled,and experiments are made to understand the
layered architecture and how do some important protocols work
MinimumSystem requirements:
 Processors:IntelAtom®processororIntel®Core™i3processor.
 Diskspace:1GB.
 Operatingsystems:Windows*7orlater
 Turboc/c++
About lab:
This course provides students with hands on training regarding the design,
troubleshooting, modeling and evaluation of computer networks. In this course,
students are going to experiment in a real test-bed networking environment,
and learn about network design and troubleshooting topics and tools such as:
network addressing, Address Resolution Protocol (ARP), basic troubleshooting
tools (e.g. ping, ICMP), IP routing (e,g, RIP), route discovery (e.g. traceroute),
TCP and UDP, IP fragmentation and many others. Student will also be
introduced to the network modeling and simulation, and they will have the
opportunity to build some simple networking models using the tool and perform
simulations that will help them evaluate their design approaches and expected
network performance.
 CONTENTS

S.No Experiment PageNos

1 Study of Network devices in detail and connect the
computers in Local Area Network.
2 Write a Program to implement the data link layer farming
methods such as i)Characterstuffing ii)bitstuffing.
3 Write a Program to implement data link layer farming
method checksum.
4 Write a program for Hamming Code generation for error
detection and correction.
5 Write a Program to implement on a dataset of characters
the three CRC polynomials–CRC12,CRC16 and CRC
CCIP
6 Write a Program to implement Sliding window protocol
For Go back N.
7 Write a Program to implement Sliding window protocol
For Selective repeat
8 Write a Program to implement S to p and Wait Protocol
9 Write a program for congestion control usingl eaky bucket
algorithm
10 Write a Program to implement Dijkstra‘s algorithm to
Compute the Shortest path through a graph.
11 Write a Program to implement Distance vector routing
algorithm by obtaining routing table at each node (Take
an example subnet graph with weight sindicating delay
Between odes).
12 Write a Program to implement Broadcast tree by taking
subnet of hosts
13 Wiresharki.Packet Capture Using Wiresharkii.Starting
Wire shark iii. Viewing Captured Traffic iv. Analysis and
Statistics & Filters

14 How to run Nmapscan

15 Operating System Detection using Nmap
16 Do the following using NS2 Simulator i. NS2 Simulator-
Introduction ii. Simulate to Find the Number of Packets
Dropped iii. Simulate to Find the Number of Packets
Dropped byTCP/UDPiv.Simulate to Find the Number of
Packets Dropped due to Congestion v. Simulate to
Compare Data Rate& Through put
 EXPERIMENTNO:1
(1a)

NAME OF THE EXPERIMENT:Study of Network devices in details and connect the

Computers in Local Area Network.
OBJECTIVE:Study of Network devices used in LAN
RESOURCE:Computer Networks TextBook by Stallings.

Here is the common net work device list:

 Hub.
 Switch.
 Router.
 Bridge.
 Gateway.
 Modem.
 Repeater.
 AccessPoint.

1
1. Switch:A network switch or switching hub is a computer networking device that
connects network segments.The termcommonly refers to a network bridge that processes
and routes data at the data link layer(layer2)of the OSI model.Switches that additionally
process data at the network layer(layer3andabove)are often refer red to as Layer3 switches or
multilayer switches.

2. Router: A router is an electronic device that interconnects two or more

computer networks, and selectively interchanges packets of data between them. Each data
packet contains address in formation that a router can use to determine if the source and
destination are on the same network,or if the data packet must be transferred from one
network to another.Where multiple routers are used in a large collection of inter connected
networks,the routers exchange in formation about target system addresses,so that each router
can build upatable showing the preferred paths between any two systems on the
interconnected networks.

3. Hub:An Ethernethub,activehub,networkhub,repeaterhub,hub or concentrator

is a device for connecting multiple twisted pair or fiber optic Ethernet devices together and
making the mactasasingle network segment.Hubs work at the physical layer(layer1)of the OSI
model. The device is a form of multiport repeater. Repeater hubs also participate in collision
detection,forwarding a jam signal to all port sifit detects a collision.

4. Bridge:A network bridge connects multiple network segments at the data link layer
(Layer 2) of the OSI model. In Ethernet networks, the term bridge formally means a
devicethat behaves according to the IEEE 802.1D standard. A bridge and switch are very
muchalike; a switch being a bridge with numerous ports. Switch or Layer 2 switch is often
used interchangeably with bridge.Bridges can analyze incoming data packets to determine
if the bridge is able to send the given packet to another segment of the network.

5. GateWay:In a communications network,a network no deequipped for interfacing

with another network that uses different protocols.
• A gateway may contain devices such as protocol translators, impedance matching
devices,rate converters,faultisolators, orsignal translators as necessaryto provide
system interoperability. It also requires the establishment of mutually acceptable
administrative procedures between both networks.
• A protocol translation/mapping gate way interconnects networks with different
network protocol technologies by performing the required protocol conversions.

6. Repeater:Functioning at Physical Layer.A repeater is an electronic device that

receives a signal and retransmits it at a higherlevel and/or higherpower,or onto the
other side of an obstruction,so that the signal can cover longer distances.Repeater have
two ports,so cannot be use to connect for more than two devices

2
7. Modem: Modems (modulators-demodulators) areused to transmit digital signals over analog
telephone lines. Thus, digital signals are converted by the modem into analog signals of different
frequencies and transmitted to a modem at the receiving location. The receiving modem performs
the reverse transformation and provides a digital out put to a device connected to amodem, usuallya
computer. The digitaldata is usually transferred to or from the modemover a serial line through an
industry standard interface, RS-232. Many telephone companies offer DSL services, and many
cable operatorsuse modems as end terminals for identification and recognition of home and
personal users. Modems work on both the Physical and Data Link layers.

8. Repeater: A repeater is an electronic device that amplifies the signal it receives.You can think
of repeater as a device which receives a signal and retransmits it at a higher level or higher power so
that the signal can cover longer distances, morethan100 meters for standard LAN cables. Repeaters
work on the Physical layer.

9. Access Point: While an access point (AP) can technically involve either a wired or wireless
connection, it commonly means a wireless device.An AP works at the second OSI layer,theData
Link layer, and it can operate either as a bridge connecting a standard wired network to wireless
devices or as a router passing data transmissions from one access point to another.

Wireless access points (WAPs) consist ofa transmitter and receiver (transceiver) device used to
create a wireless LAN (WLAN). Access points typically are separate network devices with a built-
in antenna, transmitter and adapter. APs use the wireless infrastructure network mode to provide a
connection point between WLANs and a wired Ethernet LAN. They also have several ports, giving
you a way to expand the network to support additional clients. Depending on the size of the
network, one or more APs might be required to provide full coverage. Additional APs are used to
allow access to more wireless clients and to expand the range of the wireless network.

Each AP is limited by its transmission range — the distance a client can be from an AP and still
obtain a usable signal and data process speed. The actual distance depends on the wireless
standard, the obstructions and environmental conditions between the client and theAP. Higher end
APshave high-powered antennas, enabling them to extend how far the wireless signal can travel.

APs might also provide many ports that can be used to increase the network’s size, firewall
capabilities and Dynamic Host Configuration Protocol(DHCP)service.Therefore,weget APsthat are
a switch, DHCP server, router and firewall.

To connect to a wireless AP, you need a service set identifier (SSID) name. 802.11 wireless
networks use the SSIDto identify all systems belonging to the same network, and client stations
must be configured with the SSID to be authenticated to the AP. TheAP might broad cast the SSID,
allowing all wireless clients in the area to see the AP’s SSID. However, for security reasons, APs
can be configured not to broadcast the SSID,which means that an administrator needs to give client
systems the SSID instead of allowing it to be discovered automatically. Wireless devices ship with
default SSIDs, security settings, channels, passwords and usernames. For security reasons, it is
strongly recommended that you change these default settings as soon as possible because many
internet sites list the default settings used by manufacturers.

Access points can be fat orthin. Fat APs,sometimes still referred to as autonomous APs, need to be
manually configured with network and security settings;then they are essentially left alone to serve
3
Clients until they can no longer function.Thin AP sallow remote configuration using a controller.
Since thin clients do not need to be manually configured, they can be easily reconfigured and
monitored. Access points can also be controller-based or stand-alone.

Conclusion: Having a solid understanding of the types of network devices available can help you
design and built a network that is secure and serves your organization well. However, to ensure the
ongoing security and availability of your network, you should carefully monitor your network
devices and activity around them,so you can quickly spot hardware issues,configuration issues and
attacks.

NAME OF THE EXPERIMENT:Connect the Computers in Local Area Network.

OBJECTIVE:Study of Network devices used in LAN
RESOURCE:Computer Networks Text Book by Stallings.

Aim:Connect the computers in Local Area Network. Procedure:On the

host computer On the host computer ,follow the sesteps to share the

Internet connection:

1. Logon to the host computer as Administrator or as Owner.

2. Click Start, and then click Control Panel.
3. Click Network and Internet Connections.
4. Click Network Connections.
5. Right-click the connection that you use to connect to the Internet. For example, if you
connect to the Internet by using a modem, right-click the connection that you want
Under Dial-up/other network available.
6. Click Properties.
7. Click the Advanced tab.

8. Under Internet Connection Sharing, select the Allow other network users
to Connect through this computer's Internet connection check box.

9. If you are sharing a dial-up Internet connection, select the Establish a dial-up
connection whenever a computer on my network attempts to access the
Internet check box if you want to permit your computer to automatically connect
to the Internet.

10. Click OK. You receive the following message:

When Internet Connection Sharing is enabled, your LAN adapter will be set to use IP address
192.168.0.1.Your computer may lose connectivity with other computers on your network.If
these other computers have static IP addresses, it is a good idea to set them to obtain their IP
addresses automatically. Are you sure you want to enable Internet Connection Sharing?

4
11. Click Yes. The connection to the Internet is shared to other computers on the local
area network (LAN). The network adapter that is connected to the LAN is
configured with a static IP address of192.168.0.1and a subnet mask of
255.255.255.0

On the client computer

To connect to the Internet by using the shared connection, you must confirm the LAN adapter
IP configuration, and then configure the client computer. To confirm the LAN adapter IP
configuration, follow these steps:

1. Login to the client computer as Administrator or as Owner.

2. Click Start, and then click Control Panel.
3. Click Network and Internet Connections.
4. Click Network Connections.
5. Right-click Local Area Connection and then click Properties.
6. Click the General tab, click Internet Protocol (TCP/IP) in the
connection uses the following items list, and then click Properties.

7. In the Internet Protocol (TCP/IP) Properties dialogbox, click Obtain

an IP address automatically (if it is not already selected), and then
click OK.

Note:You can also assign a unique static IP address in the range of 192.168.0.2
to192.168.0.254.For example, you can assign the following staticIP address, subnet
mask, and default gate way:

8. IP Address 192.168.31.202
9. Subnet mask 255.255.255.0
1. Default gateway192.168.31.1

2. In the Local Area Connection Properties dialogbox, click OK.

3. Quit Control Panel.

5
 EXPERIMENTNO:2
(2a)

NAME OF THE EXPERIMENT: Bit Stuffing.

OBJECTIVE: Implement the datalink layer framing method.
RESOURCE: Turbo C
PROGRAM LOGIC: The new technique allows data frames to contain an arbitrary
number if bits and allows character codes with an arbitrary no of bits per character. Each
frame begins and ends with special bit pattern, 01111110, called a flag byte. Whenever the
sender’s data link layer encounters five consecutive ones in the data, it automatically stuffs a
0bit in to the outgoing bit stream. This bit stuffing is analogous
To character stuffing, in which a DLE is stuffed in to the outgoing character stream before DLE
in the data.

SOURCECODE:
//BIT Stuffingprogram
#include<stdio.h>#inc
lude<conio.h>#includ
e<string.h>voidmain()
{
inta[20],b[30],i,j,k,count,n;cl
rscr();
printf("Enterframelength:");
scanf("%d",&n);
printf("Enter input frame(0's&1'sonly):");
for(i=0;i<n;i++)
scanf("%d",&a[i])
;i=0;
count=1;j
=0;
while(i<n)
{
if(a[i]==1)
{
b[j]=a[i];
for(k=i+1;a[k]==1&&k<n&&count<5;k++)
{
j++;
b[j]=a[k];count+
+;if(count==5)
{
j++;b[j]=
0;
}
i=k;

6
}
}
else
{
b[j]=a[i];
}i+
+;j+
+;
}
printf("After stuffing the frame is:");
for(i=0;i<j;i++)
printf("%d",b[i]);
getch();
}

OUTPUT:

Viva questions:

1. What is Stuffing?
2. What is use of Stuffing?
3. With bit stuffing the boundary between two frames can be un ambiquously recognize by?
4.................is a analogous to character stuffing?
5.The senders datalink layer encounters ......... no of1’s consecutively

7
 EXPERIMENTNO:2
2(b)

NAME OF THE EXPERIMENT: Character

Stuffing. OBJECTIVE: Implement the datalink layer framing methods
.RESOURCE: Turbo C
PROGRAM LOGIC:
The framing method gets around the problem of re synchronization after an error by having
A frame start with the ASCII character sequence DLESTX and the sequence DLE ETX. If
the destination ever losses the track of the frame boundaries all it has to do is look for
DLESTX or DLEETX characters to figure out. The data link layer on the receiving end
removes the DLE before the data are given to the network layer. This technique is called
character stuffing.

PROCEDURE: Go to debug->run or press CTRL+F9 to run the program.

SOURCECODE:
//PROGRAM FOR CHARACTER STUFFING
#include<stdio.h>#inc
lude<conio.h>#includ
e<string.h>#include<p
rocess.h>voidmain()
{
inti=0,j=0,n,pos;chara[20],b[50],ch;
clrscr();
printf("enter
string\n");scanf("%s",&a);
n=strlen(a);
printf("enter position\n");
scanf("%d",&pos);if(po s>n)
{
printf("invalid position, Enter again:");
scanf("%d",&pos);
}
printf("enter thecharacter\n");
ch=getche();
b[0]='d';
b[1]='l';
b[2]='e';
b[3]='s';
b[4]='t';
b[5]='x';j=
6;

8
while(i<n)
{
if(i==pos-1)
{
b[j]='d';
b[j+1]='l';
b[j+2]='e';
b[j+3]=ch;b[j+4]
='d';
b[j+5]='l';
b[j+6]='e';
j=j+7;
}
if(a[i]=='d'&&a[i+1]=='l'&&a[i+2]=='e')
{
b[j]='d';
b[j+1]='l';
b[j+2]='e';
j=j+3;
}
b[j]=a[i];i
++;
j++;
}
b[j]='d';
b[j+1]='l';
b[j+2]='e';
b[j+3]='e';
b[j+4]='t';
b[j+5]='x';
b[j+6]='\0';
printf("\nframe after stuffing:\n");printf("%s
",b);
getch();
}

9
OUTPUT:

Viva Questions:
1. What is Character stuffing?
2. What is the use of character stuffing?
3. ________ Are the delimiters for the character stuffing?
4. Expand DLESTX?
5. Expand DLEETX?

10
 EXPERIMENTNO:3
NAME OF THE EXPERIMENT: Program to implement data link layer framing method check sum.
OBJECTIVE: The Check sum is an error detection method that detected errors in data/message
while it is transmitted from sender to receiver. This method is used by the higher layer protocols
and makes use of the Check sum Generator on the Sender side and Checksum Checker on the
Receiver side.
RESOURCE: Turbo C
PROGRAM LOGIC or APPROACH: The given problem can be divided in to two
Following parts:
 Generating the Checksum value of the sender’s message can be done using the following
steps:
 Divide the message in to the binarystrings of the given block size.
 All the binarystrings are added together to get the sum.
 The One’s Complement ofthe binary string representing the sum is the required
checksum value.
 Check if the value ofthe received message (i.e, rec_message + senders_checksum) is
equal to 0.
 The checksum of the received message can be calculated similarly to the checksum
calculated in the above process.
 If the checksum value is 0, the message is transmitted properly with no errors
otherwise, some error has occurred during the transmission.
Below is the implementation of the above approach:

//C++implementation of the above approach

#include<bits/stdc++.h>using name spacestd;

//Function to find the One's complement

// of the given binary string
stringOnes_complement(stringdata)
{
for(inti=0;i<data.length();i++){
if(data[i]=='0')
data[i]='1';
else
data[i]='0';
}

Return data;
}

//Function to return the checksum value of

//the given string when divided in K size blocks
string checkSum(string data, intblock_size)

11
{
//Check data size is divisible by block_size
//Otherwise add'0'frontofthedata
intn=data.length();
if(n%block_size!=0){
intpad_size=block_size-(n%block_size);
for(inti=0;i<pad_size;i++){ data =
'0'+ data;
}
}

//Binary addition of all blocks with carry

string result = "";

//First block of data stored in result variable

for(inti=0;i<block_size;i++){ result +=
data[i];
}

//Loop to calculate the block

//wise addition of data
for(inti=block_size;i<n;i+=block_size){

//Stores the data of the next block

string next_block = "";

for(intj=i;j<i+block_size;j++){
next_block += data[j];
}

//Stores the binary addition of two blocks

string additions = "";
intsum=0,carry= 0;

//Loop to calculate the binary addition of

//the current two blocks of k size
for(int k=block_size-1;k>=0;k--){ sum +=
(next_block[k] - '0')
+(result[k]-'0'); carry
= sum / 2;
if(sum==0){
additions='0'+additions;
sum = carry;
}
elseif(sum==1){
additions='1'+additions;
sum = carry;
}
elseif(sum==2){
additions= '0'+ additions;

12
 sum= carry;
}
else{
additions='1'+additions;
sum = carry;
}
}

//Afterbinaryaddoftwoblockswithcarry,
//ifcarryis1thenapplybinaryaddition string
final = "";

if(carry==1){
for(intl=additions.length()-1;l>=0; l--) {
if(carry==0){
final=additions[l]+final;
}
elseif(((additions[l]-'0')+carry)%2
==0){
final="0"+final; carry
= 1;
}
else{
final="1"+final; carry
= 0;
}
}

result=final;
}
else{
result=additions;
}
}

//Return One's complements of result value

//which represents the required check sum value
returnOnes_complement(result);
}

//Function to check if the received message

//is same as the sender smessage
boolchecker(stringsent_message,
stringrec_message,
intblock_size)
{

//Check sum Value of the sender smessage

string sender_checksum

13
 =check Sum(sent_message,block_size);

//Check sum value for the receivers message

string receiver_checksum = checkSum(
rec_message+sender_checksum,block_size);

//If receivers check sum value is 0

if(count(receiver_checksum.begin(),
receiver_checksum.end(),'0')
==block_size){
returntrue;
}
else{
returnfalse;
}
}

//Driver Code
intmain()
{
stringsent_message
="10000101011000111001010011101101";
stringrecv_message
="10000101011000111001010011101101";
intblock_size=8;

if(checker(sent_message,
recv_message,
block_size)){
cout<<"NoError";
}
else{
cout<<"Error";
}

return0;
}

Output

No Error
Time Complexity: O(N)
Auxiliary Space: O(block_size)

14
 EXPERIMENTNO:4
NAME OF THE EXPERIMENT: Write a program for Hamming Code generation for Error
detection and correction OBJECTIVE: Hamming Code generation for Error
detection and correction. RESOURCE: Turbo C
PROGRAM LOGIC:

.#include<stdio.h>
.#include<conio.h>
.voidmain(){
. intdata[7],rec[7],i,c1,c2,c3,c;
. printf("this works for message of 4 bits in size\n enter message bit
.one by one:");
. scanf("%d%d%d%d",&data[0],&data[1],&data[2],&data[4]);
. data[6]=data[0]^data[2]^data[4];
. data[5]=data[0]^data[1]^data[4];
. data[3]=data[0]^data[1]^data[2];
. printf("\n the encoded bits are given below:\n");
. for(i=0;i<7;i++){
. printf("%d",data[i]);
. }
. printf("\n enter the received data bits one by one:");
. for(i=0;i<7;i++){
. scanf("%d",&rec[i]);
. }
. c1=rec[6]^rec[4]^rec[2]^rec[0];
. c2=rec[5]^rec[4]^rec[1]^rec[0];
. c3=rec[3]^rec[2]^rec[1]^rec[0];
. c=c3*4+c2*2+c1;
. if(c==0){
. printf("\n congratulations there is no error:");
. }else{
. printf("\n error on the postion: %d\n the correct message is\n", c);
. if(rec[7-c]==0)
. rec[7-c]=1;else
. rec[7-c]=0;
. for(i=0;i<7;i++){
. printf("%d",rec[i]);
. }
. }
. getch();
.}

15
Output

16
 EXPERIMENTNO:5

NAME OF THE EXPERIMENT: Cyclic Redundancy Check. OBJECTIVE:Implementon a

dataset of characters the three CRC polynomials–CRC12,CRC16andCRCCCIP.
RESOURCE:Turbo C

PROGRAM LOGIC:
CRC method can detect a single burst of length n, since only one bit per column will
be changed, a burst of length n+1 will pass un detected, if the first bit is inverted, the last bit
is inverted and all other bits are correct. If the block is badly garbled by a long burst or by
multiple shorter burst, the probability that any of the n columns will have the correct parity
That is 0.5.so the probability of a bad block being expected when it should not be 2 power(- n).
This scheme sometimes known as Cyclic Redundancy Code

PROCEDURE: Go to debug->run or press CTRL+F9 to run the program.

SOURCECODE:
//PROGRAM FOR CYCLIC REDUNDENCY CHECK
#include<stdio.h>#inc
lude<conio.h>
intgen[4],genl,frl,rem[4];
voidmain()
{
inti,j,fr[8],dupfr[11],recfr[11],tlen,flag;clrsc
r();
frl=8;genl
=4;
printf("enter frame:")
;for(i=0;i<frl;i++)
{
scanf("%d",&fr[i]);dup
fr[i]=fr[i];
}
printf("entergenerator:");
for(i=0;i<genl;i++)scan
f("%d",&gen[i]);tlen=fr
l+genl-
1;for(i=frl;i<tlen;i++)
{
dupfr[i]=0;
}
remainder(dupfr);for(i
=0;i<frl;i++)

17
{
recfr[i]=fr[i];
}
for(i=frl,j=1;j<genl;i++,j++)
{
recfr[i]=rem[j];
}
remainder(recfr);f
lag=0;for(i=0;i<4
;i++)
{
if(rem[i]!=0)flag+
+;
}
if(flag==0)
{
printf("framereceivedcorrectly");
}
Else
{
printf("the received frame is wrong");
}
getch();
}
remainder(intfr[])
{
int
k,k1,i,j;for(k=0;k<frl;k
++)
{
if(fr[k]==1)
{
k1=k;for(i=0,j=k;i<genl;i++,
j++)
{
rem[i]=fr[j]^gen[i];
}
for(i=0;i<genl;i++)
{
fr[k1]=rem[i];k1+
+;
}
}
}
}

18
OUTPUT:

Viva Questions:

1. What is CRC?
2. What is the use of the CRC?
3. Name the CRC standards?
4. Define Checksum?
5. Define generator polynomial?

19
 EXPERIMENTNO:6

NAME OF THE EXPERIMENT: Program to implement Sliding Window Protocol

For go back N
OBJECTIVE: Go back n: Sender transmits all frames present in the window that occurs after
the error bit including error bit also.
RESOURCE: Turbo C
PROGRAM LOGIC: Go-Back-N protocol, also called Go-Back-N Automatic Repeat re Quest, is a
data link layer protocol that uses a sliding window method for reliable and sequential delivery of data
frames. It is a case of sliding window protocol having to send window size of N and receiving window
size of 1.
Working Principle
Go – Back – N ARQ provides for sending multiple frames before receiving the acknowledgment for
the first frame. The frames are sequentially numbered and a finite number of frames. The maximum
number of frames that can be sent depends upon the size of the sending window. If the
acknowledgment of a frame is not received within an agreed upon time period, all frames starting
from that frame are re transmitted.
CODE IN C:

#include<stdio.h>i
nt main()
{
Int window size, sent=0,ack,i;
printf("enter window size\n");
scanf("%d",&window size);
while(1)
{
for(i=0;i<windowsize;i++)
{
printf("Frame%d has been transmitted.\n",sent); sent
++;
if(sent== window size)
break;
}
printf("\nPlease enter the last Acknowledgement received.\n");
scanf("%d",&ack);

if(ack==window size)
break;
else
sent=ack;
}
return0;
}
20
OUTPUT:-

Enter window size

8

Frame 0 has been transmitted.

Frame 1 has been transmitted.
Frame 2 has been transmitted.
Frame 3 has been transmitted.
Frame 4 has been transmitted.
Frame 5 has been transmitted.
Frame 6 has been transmitted.
Frame 7 has been transmitted.

Please enter the last Acknowledgement received.

2

Frame 2 has been transmitted.

Frame 3 has been transmitted.
Frame 4 has been transmitted.
Frame 5 has been transmitted.
Frame 6 has been transmitted.
Frame 7 has been transmitted.

Please enter the last Acknowledgement received.

** ** **

21
EXAMPLE-2:
#include<stdio.h>
#include<conio.h>
void main()
{
Charsender[50],receiver[50];
inti,winsize;
printf("\nENTER THE WINDOWS SIZE:");
scanf("%d",&winsize);
printf("\nSENDER WINDOW IS EXPANDED TO STORE MESSAGE OR
WINDOW \n");
printf("\nENTERTHEDATATOBESENT: ");
f flush(stdin);
gets(sender);
for(i=0;i<winsize;i++)
receiver[i]=sender[i];
receiver[i]=NULL;
printf("\n MESSAGE SEND BY THE SENDER:\n");
puts(sender);
printf("\nWINDOW SIZE OF RECEIVER IS EXPANDED\n");
printf("\n ACKNOWLEDGEMENT FROM RECEIVER \n");
for(i=0;i<winsize;i++);
printf("\nACK:%d",i);
printf("\n MESSAGE RECEIVED BY RECEIVER IS:");
puts(receiver);
printf("\n WINDOW SIZE OF RECEIVER IS SHRINKED\n");
getch();
}

Output.…

22
 EXPERIMENTNO:7

NAME OF THE EXPERIMENT: Program to implement Sliding Window Protocol for

Selective Repeat.
OBJECTIVE: Selective Repeat: Sender transmits only that frame which is erroneous or is lost.
RESOURCE: Turbo C
PROGRAM LOGIC: The sliding window protocol is a flow control protocol that allows both
link nodes A and B to send and receive data and acknowledgments simultaneously.
 Here, the sender can send multiple frames without having to wait for acknowledgments.
 If no new data frames are ready for transmission in a specified time, a
separate acknowledgment frame is generated to avoid time-out.
 Each out bound frame contains a sequence number ranging from 0 to 2.
Sender Window:
Sender Window is a set of sequence numbers maintained by the sender corresponding to the
frame sequence numbers of frames sent out but not yet acknowledged.
 The sender can transmit a maximum number off names before receiving
any acknowledgment without blocking (Pipelining).
 All the frames in a sending window can be lost or damaged and hence must be saved in
Memory or buffer till they are acknowledged.
Receiving Window:
A Receiving Window isa set of sequence numbers that is maintained by the receiver. It allows
receiving and acknowledging of multiple frames.

 The size of the receiving window is fixed at a specified initial size.

 Any frame received with a sequence number outside the receiving window is discarded.
 The sending and receiving window may not have the same size or any upper or lower
limits.
Selective Repeat Protocol:
The selective repeat protocol is an implementation of the sliding window protocol. In the
selective repeat protocol, both the sender and the receiver maintain a window of outstanding
and acceptable sequence numbers.

 In SRP, the sender's window size starts at 0 and it grows to some predefined maximum.
 The receiver's window is always fixed in size and equal to the predetermined maximum.
 The receiver has the buffer reserved for each sequence number with in its fixed window.
 The sender and the receiver maintain a buffer of their window size.
 If there is an error, the receiver checks the lowered get to the last sequence number
before the lost frame sequence number.
 The receiver continues to receive and acknowledge in coming frames.

23
  The sender maintains a timeout clock for the unacknowledged frame number
and retransmits that frame after the timeout.
 The acknowledgment will be piggy backed to the sender. But when there is no traffic in
the reverse direction, piggyback is impossible, a special timer will time out for the ACK so
that the ACK is sent back as an independent packet. If the receiver suspects that the
transmission has an error, it immediately sends back a negative acknowledgment (NAK)to
the sender.

Note− SRP works better when the link is very unreliable. Because in this case, retransmission tends to
happen more frequently, selectively retransmitting frames is more efficient than retransmitting all of
them. In selective repeat protocol, the size of the sender and receiver windows must be at most one-
half of 2.

24
Sender Site Algorithm of Selective Repeat Protocol
begin
frames;//s denotes frame to be sent
frame t; //t is temporary frame
S_window=power(2,m-1);//Assign maximum window size
Seq First = 0; // Sequence number of first frame in window
Seq N = 0; // Sequence number of Nth frame window
while(true)//check repeatedly
do
Wait_For_Event();//wait for availability of packet
if ( Event(Request_For_Transfer)) then
//checkifwindowisfull
if(SeqN–SeqFirst>=S_window)then
doNothing();
end if;
Get_Data_From_Network_Layer();
s = Make_Frame();
s.seq = SeqN;
Store_Copy_Frame(s);
Send_Frame(s);
Start_Timer(s);
SeqN =SeqN +1;
end if;
if(Event(Frame_Arrival)then
r=Receive_Acknowledgement();
//Resend frame whose sequence number is with ACK
if ( r.type = NAK) then
if(NAK_No>SeqFirst&&NAK_No<SeqN)then
Retransmit(s.seq(NAK_No));
Start_Timer(s);
end if
//Remove frames from sending window with positive ACK
else if ( r.type = ACK ) then
Remove_Frame(s.seq(SeqFirst));
Stop_Timer(s);SeqFirst
=SeqFirst+1;
endif
end if
//Resend frame if acknowledgement haven’t been received
if ( Event(Time_Out)) then
Start_Timer(s);
Retransmit_Frame(s);
end if
end

25
 Receiver Site Algorithm of Selective Repeat Protocol
Begin
framef;
R Seq No=0; // Initialise sequence number of expected frame
NAKsent = false;
ACK=false;
For each slot in receive_window
Mark(slot)=false;
while(true)//check repeatedly
do
Wait_For_Event();//wait for arrival of frame
if ( Event(Frame_Arrival) then
Receive_Frame_From_Physical_Layer();
if(Corrupted(f.SeqNo)ANDNAKsent =false)then
SendNAK(f.SeqNo);
NAKsent=true;
end if
if( f.SeqNo!=RSeqNoANDNAKsent=false)then SendNAK(f.SeqNo);
NAKsent=true;
if(f.SeqNoisinreceive_window)then if (
Mark(RSeqNo) = false ) then
Store_frame(f.SeqNo);
Mark(RSeqNo)=true;
endif
end if
else
while ( Mark(RSeqNo))
Extract_Data(RSeqNo);
Deliver_Data_To_Network_Layer();
RSeqNo = RSeqNo + 1;
Send_ACK(RSeqNo);
end while
end if
endif
end while
end

26
 EXPERIMENTNO:10

NAME OF THE EXPERIMENT: Shortest Path.

OBJECTIVE: Implement Dijkstra‘s algorithm to compute the Shortest path given graph.

RESOURCE: Turbo C
PROGRAM LOGIC: Dijkstra's algorithm
Is very similar to Prim's algorithm for minimum spanning tree. Like Prim's MST, we generate
a SPT (shortest path tree) with given source as root. We maintain two sets, one set contains
vertices included in shortest path tree, and other set includes vertices not yet included in
shortest path tree.

PROCEDURE: Go to debug -> run or press CTRL+F9 to run the

program.

SOURCECODE:
//.PROGRAM FOR FINDING SHORTEST PATH FOR A GIVEN GRAPH//

#include<stdio.h>#in
clude<conio.h>voidm
ain()
{
intpath[5][5],i,j,min,a[5][5],p,st=1,ed=5,stp,edp,t[5],index;clrscr();
printf("enterthecostmatrix\n");for(i=1
;i<=5;i++)for(j=1;j<=5;j++)scanf("%
d",&a[i][j]);printf("enter the
paths\n");scanf("%d",&p);
printf("enter possible
paths\n");for(i=1;i<=p;i++)for(j=1;j
<=5;j++)scanf("%d",&path[i][j]);
for(i=1;i<=p;i++)
{t[i]=0;
stp=st;for(j=1;j<=5;j
++){
27
edp=path[i][j+1];t[i]=t[i
]+a[stp][edp];if(edp==e
d)
break;else
stp=edp;
}
}min=t[st];index=st;
for(i=1;i<=p;i++)
{
if(min>t[i])
{
min=t[i];i
ndex=i;
}
}
printf("minimumcost%d",min);printf(
"\n minimum cost path
");for(i=1;i<=5;i++)
{
printf("-->
%d",path[index][i]);if(path[index][i]
==ed)
break;
}
getch();
}

28
Output:

Viva questions:

1. Define Dijkstra’s algorithm?

2. What is the use of Dijkstra’s algorithm?
3. What is path?
4. What is minimum cost path?
5. How to find shortest path using Dijkstra’s algorithm?

29
 EXPERIMENTNO:11

NAME OF THE EXPERIMENT: Distance Vector routing.

OBJECTIVE: Obtain Routing table at each node using distance vector routing algorithm for a
given subnet.

RESOURCE: Turbo C

PROGRAM LOGIC: Distance Vector Routing Algorithms calculate a best route to reach a
destination based solely on distance. E.g. RIP.RIP calculates the reach ability based on hop
count. It’s different from link state algorithms which consider some Other factors like band
width and other metrics to reach a destination. Distance Vector routing algorithms are not
preferable for complex networks and take longer to converge.

PROCEDURE: Go to debug->runorpressCTRL+F9toruntheprogram.

SOURCECODE:
#include<stdio.h>
#include<conio.h
>struct node
{

Unsigneddist[20];
unsignedfrom[20;
}
rt[10];

int main(){

30
int dmat[20][20];i
ntn,i,j,k,count=0;c
lrscr();
printf("\nEnter the number of nodes : ");
scanf("%d",&n);
printf("Enterthecostmatrix:\n");
for(i=0;i<n;i++)
for(j=0;j<n;j++)

scanf("%d",&dmat[i][j]);dm
at[i][i]=0;rt[i].dist[j]=dmat[
i][j];rt[i].from[j]=j;
}

Do
{
count=0;for(i=0;i<n;i+
+)for(j=0;j<n;j++)for(
k=0;k<n;k++)
if(rt[i].dist[j]>dmat[i][k]+rt[k].dist[j])
{
rt[i].dist[j]=rt[i].dist[k]+rt[k].dist[j];rt[i].fro
m[j]=k;count++;
}
}while(count!=0);for(i
=0;i<n;i++)
{
printf("\nState value for router %d is\n",i+1);
for(j=0;j<n;j++)
{
printf("\nnode%dvia%dDistance%d",j+1,rt[i].from[j]+1,rt[i].dist[j]);
}
}
printf(“\n”);
}

31
Output:

Viva Questions:

1. What is routing?
2. What is best algorithm among all routing algorithms?
3. What is static routing?
4. Differences between static and dynamic?
5. What is optimality principle?

32
 EXPERIMENTNo:12

NAME OF THE EXPERIMENT: Broadcast Tree.

OBJECTIVE:Implement broadcast tree for a given subnet of hosts
RESOURCE: Turbo C
PROGRAM LOGIC:
This technique is widely used because it is simple and easy to understand. The
Idea of this algorithm is to build a graph of the subnet with each node of the graph representing a router
and each arc of the graph representing a communication line.To choose a route between a given
Pair of routers the algorithm just finds the broadcast between the month graph.

PROCEDURE: Go to debug->runorpressCTRL+F9toruntheprogram.
SOURCECODE:
//Writea ‘c’ program for Broadcast
tree from subnet of host
#include<stdio.h>
#include<conio.h>
intp,q,u,v,n;
intmin=99,mincost=0;
i nt t[50][2],i,j;
intparent[50],edge[50][50];
main()
{
clrscr();
printf("\nEnter the number of nodes");
scanf("%d",&n);
for(i=0;i<n;i++)
{
printf("%c\t",65+i);
parent[i]=-1;
}
printf("\n");
for(i=0;i<n; i++)
{
printf("%c",65+i);
for(j=0;j<n;j++)
scanf("%d",&edge[i] [j]);
}
for(i=0;i<n;i++)
{
for(j=0;j<n;j++)
if(edg e[i][j]!=99)
if(min>edge[i][j])
{
min=edge[i][j];
u=i;
33
v=j;
}
p=find(u);
q=find(v);
if(p!=q)
{
t[i][0]=u;
t[i][1]=v;
min cost=min cost+edge[u][v];
s union(p,q);
}

Else
{
t[i][0]=-1;t[i][1]=-1;
}
min=99;
}
printf("Minimum cost is %d\n Minimum spanning tree is\n", min cost);
for(i=0;i<n;i++)
if(t[i][0]!=-1&&t[i][1]!=-1)
{
printf("%c%c%d",65+t[i][0],65+t[i][1],edge[t[i][0]][t[i][1]]);printf("\n");
}
getch();
}
S union(int l,int m)
{
parent[l]=m;
}
find(intl)
{
if(parent[l]>0)

i=parent[i];

return i;

34
Output:

Viva questions:

1. What is spanning tree?

2. What is broad cast tree?
3. What are the advantages of broadcast tree?
4. What is flooding?
5. What is subnet?

35
 EXPERIMENTNo:13
13(i)

NAME OF THE EXPERIMENT: Packet Capture Using Wire Shark.

OBJECTIVE: It can capture, dissect, and decode various protocols.
RESOURCE: Wire shark, Linux sys admin, TurboC.
PROGRAM LOGIC:

Wire shark is an opensource network packet analyzer.

It can capture, dissect, and decode various protocols. This helps Linux sys admin to trouble
shoot network issues.

A part from using wire shark as a standlone application for debugging network packets, you
can also write your own extension or plugin using wire shark libraries for your custom
application.

This tutorial explains how to use wire shark libraries to write custom code to debug network
packets using a C example program.

The code explains two parts. First, to capture network packets. Second, to decode packets
using lib wire shark.

As a pre requisite, your system should have both lib cap and wire shark libraries installed.

To capture a packet, refer to How to Perform Packet Sniffing Using Lib pcap with C Example
Code.

You can also open an existing pcap file using the following api inside your C program:

pd=pcap_open_offline(pcap_path,errbuf);

Wire shark code uses its own dissection engine(ep an module library)to dissect the network
packets.

The following code shows the necessary steps to initialize it properly.

The functions mentioned below are from the wire shark opensource code, which will initialize
the packet dissection engine, required data structures, variables, GUID mapping, memory
allocation sub system, registering all the protocol dissect or handles, host name look up, that
are necessary for dissection process.

36
 An example:
The code below makes use of the lib pcap functions to achieve a basic packet capture.After
capturing the packets, inside the callback function, the length of each packet is printed on std
out.

#include<pcap.h>
#include<stdio.h>
#include<stdlib.h>
#include<errno.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<arpa/inet.h>
#include<netinet/if_ether.h>
#include<netinet/tcp.h>
#include<netinet/ip.h>
#include<string.h>

voidcallback(u_char*useless,conststructpcap_pkthdr*pkthdr,constu_char*
packet)
{
staticintcount=1;
printf("\nPacketnumber [%d],lengthofthispacketis:%d\n",count++,pkthdr->len);
}
int main(intargc,char**argv)
{
char*dev;
charerrbuf[PCAP_ERRBUF_SIZE];
pcap_t*descr;
structbpf_programfp; /*to hold compiledprogram*/
bpf_u_int32pMask; /*subnetmask*/
bpf_u_int32pNet; /*ipaddress*/
pcap_if_t*alldevs,*d;
chardev_buff[64]={0};
inti=0;

//Checkifsufficientargumentsweresupplied
if(argc!=3)
{
printf("\nUsage:%s[protocol][number-of-packets]\n",argv[0]);
return0;
}
//Preparea listofallthe devices
if(pcap_find all devs(&alldevs,errbuf)==-1)
37
 {
fprintf(stderr,"Error in pcap_find all devs:%s\n",errbuf);
exit(1);
}

//Print the list to user

//so that a choice can be
//made
printf("\nHere is a list of available devices on your system:\n\n");
for(d=alldevs;d;d=d->next)
{
printf("%d.%s",++i,d->name);
if(d->description)
printf("(%s)\n",d->description);
else
printf("(Sorry, Node scription available for this device)\n");
}

//Ask user to provide the interface name

printf("\nEnter the interface name on which you want to run the packet sniffer :");
fgets(dev_buff,sizeof(dev_buff)-1,stdin);

//Clear off the trailing new line that

//f gets sets
dev_buff[strlen(dev_buff)-1]='';

//Check if something was provided

//by user
if(strlen(dev_buff))
{
dev=dev_buff;
printf("\n---You opted for device[%s]to capture[%d]packets---\n\nStarting capture...",dev,
(atoi)(argv[2]));
}
//If something was not provided
//return error .
if(dev==NULL)
{
printf("\n[%s]\n",errbuf);
return-1;
}

//fetch the network address and network mask

pcap_lookupnet(dev, &pNet,&pMask,errbuf);

38
 //Now,open device for sniffing
descr=pcap_open_live(dev,BUFSIZ, 0,-1,errbuf);
if(descr ==NULL)
{
printf("pcap_open_live()faileddueto[%s]\n",errbuf);
return-1;
}

//Compile the filter expression

if(pcap_compile(descr,&fp,argv[1], 0,pNet)==-1)
{
printf("\npcap_compile() failed\n");
return-1;
}

//Set the filter compiled above

if(pcap_setfilter(descr,&fp)==-1)
{
printf("\npcap_setfilter()failed\n");
exit(1);
}

//For every packet received,call the callback function

//Fornow,maximum limit on number of packets is specified
//byuser.
pcap_loop(descr,atoi(argv[2]),callback,NULL);

printf("\nDone with packet sniffing!\n");

return0;
}

Output: In the code above:

 The function pcap_find all devs() is used to fetch a list of all available interface devices. This
list can be shown to the users that the intended interface can be selected to sniff packet
son.Please note that these is exists a function pcap_lookup dev() that also returns an interface
device but the problem with this function is that it returns the first available non loop-back
device. So incase I am using wireless network connection and the interface device for my
connection is‘wlan0’but pcap_lookupdev() function would stillreturn‘eth0’as it encounters this
interface first. So using pcap_findall devs() is a better option as it produces a list of interface
devices to choose from.
 The list returned by the function pcap_findall devs() is given to user and the user’s input
is taken from stdin.

39
  Then the function pcap_lookup net() is used to fetch the ip address and network mask.
 Through the function pcap_open_live()the pcap library is initialized with the inter face
device selected.
 Through pcap_compile() function,we can compile any filter on protocol etc set by the user.
 Through pcap_setfilter(), this filter is applied.
 Finally through function pcap_loop() the library starts packet capture on the selected device
with the filter applied and with every relevant packet captured, the callback function is
called.

Here is the output of above program:

$ sudo./pcaptcp10
[sudo]password for himanshu:

Here is a list of available devices on your system:

1.eth0(Sorry, Node scription available for this device)

2.wlan0(Sorry, Node scription available for this device)
3.usbmon 1 (USB bus number 1)
4.usbmon 2 (USB bus number 2)
5.usbmon 3 (USB bus number 3)
6.usbmon 4 (USB bus number 4)
7.usbmon 5 (USB bus number 5)
8.usbmon 6 (USB bus number 6)
9.usbmon 7 (USB bus number 7)
10.any(Pseudo-device that captures on all inter faces)
11.lo(Sorry, No description available for this device)

Enter the inter face name on which you want to run the packet sniffer:wlan0

---You opted for device[wlan0]to capture[10]packets---

Startingcapture...
Packet number [1],length of this packet is:496
Packet number [2],length of this packet is:66
Packet number [3],length of this packet is:357
Packet number [4],length of this packet is:66
Packet number [5],length of this packet is:238
Packet number [6],length of this packet is:66
Packet number [7],length of this packet is:403
Packet number [8],length of this packet is:66

Packetnumber [9],lengthofthispacketis:121
Packetnumber [10],lengthofthispacketis:66
Done with packet sniffing!

40
 EXPERIMENTNo:13
13(ii)

ii)Start Capturing

The following methods can be used to start capturing packets with Wireshark:

 You can double-click on an interface in the welcome screen.

 You can select an interface in the welcome screen, then select Capture→Start or click the
first tool bar button.
 You can get more detailed information about available interfaces using
Section4.5,“The“Capture Options” Dialog Box” (Capture → Options…).
 If you already know the name of the capture interface you can start Wireshark from
the command line:

$wireshark-ieth0-k

This will start Wireshark capturing on interface eth0.More detail scan be found at Section
11.2,“Start Wireshark from the command line”.

41
 EXPERIMENTNo:13
13(iii)

Viewing Packets You Have Captured:

Once you have captured some packets or you have opened a previously saved capture file, you
can view the packets that are displayed in the packet list pane by simply clicking on a packet in
the packet list pane, which will bring up the selected packet in the tree view and by the view
panes.

You can then expand any part of the tree to view detailed information about each protocol
in each packet. Clicking on an item in the tree will high light the corresponding by t e s in
the byte view.

An example with a TCP packet selected is shown in Figure6.1,“Wireshark with a TCP packet
selected for viewing”. It also has the Acknowledgment number in the TCP header selected,
which shows up in the byte view as the selected bytes.

Figure6.1.Wireshark with a TCP packet selected for viewing:

42
You can also select and view packets the same way while Wireshark is capturing if you selected
“Update list of packets in real time” in the “Capture Preferences” dialog box.

In addition you can view individual packets in a separate window as shown in

Figure6.2,“Viewing a packet in a separate window”. You can do this by double-clicking on an
item in the packetlist or by selecting the packet in which you are interested in the packet list
pane and selectingView→ShowPacket in New Window. This allows you to easily compare
two or more packets, even across multiple files.

43
Figure6.2.Viewingapacketinaseparatewindow

Along with double-clicking the packet list and using the main menu there are a number of
other ways to open a new packet window:

44
 EXPERIMENTNo:13
13(iv)

(iv) The “Statistics” Menu

The Wireshark Statistics menu contains the fields shown in Table3.9,“Statistics menu items”.

Figure3.9. The “Statistics” Menu

Each menu item brings up an e w window showing specific statistics.

45
 Table3.9. Statistics menu items

Menu Item Accelerator Description

Capture File Properties Show information about the capture file,

see Section8.2, “The “Capture File
Properties” Dialog”.

Resolved Addresses See Section8.3, “Resolved Addresses”

Protocol Hierarchy Display a hierarchical tree of protocol

statistics, see Section8.4, “The “Protocol
Hierarchy” Window”.

Conversations Display a list of conversations (traffic

between two end points), see
Section8.5.1,“The“Conversations”Windo
w”.
Endpoints Display a list of endpoints (traffic
to/from an address), see
Section8.6.1,“The “Endpoints”
Window”.
Packet Lengths See Section8.7, “Packet Lengths”

I/O Graphs Display user specified graphs (e.g., the

number of packets in the course of
time), see Section 8.8, “The “I/O
Graphs” Window”.

Service Response Time Display the time between a request and

the corresponding response, see
Section8.9, “Service Response Time”.

DHCP(BOOTP) See Section8.10,“DHCP(BOOTP)

Statistics”

46
Net Perf Meter See Section8.11,“Net Perf Meter
Statistics”

ONC-RPC Programs See Section 8.12, “ONC-RPC

Programs”

29West See Section 8.13, “29West”

ANCP See Section 8.14, “ANCP”

BACnet See Section 8.15, “BACnet”

Collect d See Section 8.16, “Collectd”

DNS See Section 8.17, “DNS”

Flow Graph See Section 8.18, “Flow Graph”

HART-IP See Section8.19,“HART-IP”

HPFEEDS See Section 8.20, “HPFEEDS”

47
HTTP HTTP request/response statistics,
see Section 8.21, “HTTP Statistics”

HTTP2 See Section 8.22, “HTTP2”

Sametime See Section 8.23, “Sametime”

TCP Stream Graphs See Section 8.24, “TCP Stream

Graphs”

UDP Multi cast Streams See Section 8.25, “UDP Multicast

Streams”

Reliable Server Pooling (R Ser See Section 8.26, “Reliable Server

Pool) Pooling (R Ser Pool)”

F5 See Section 8.27, “F5”

IPv4Statistics See Section 8.28, “IPv4 Statistics”

IPv6Statistics See Section 8.29, “IPv6Statistics”

48
 EXPERIMENTNo:14

NAME OF THE EXPERIMENT: How to Run a Simple N map Scan.

OBJECTIVE: Ensuring that your router is protected from unwanted intruders is one of the
foundations of a secure network.
RESOURCE: N map Installer, Linux, Windows
PROGRAM LOGIC: Ensuring that your router is protected from unwanted intruders is one of
the foundations of a secure network. One of the basic tools for this job is Nmap, or Network
Mapper. This program will scan a target and report which ports are open and which are closed,
among other things. Security special lists use this program to test the security of a network. To
learn how to use it yourself, see Step 1 below.

How to Run a Simple N map Scan

1. Download the installer.

2. Run the installer.
3. Open N Map/Zen map.
4. Enter the target address.
5. Choose a profile.
6. Click Scan.
7. Review the results.

Using Zen map Download Article

1. Download the N map installer. This can be found for free from the developer’s website. It
is highly recommended that you download directly from the developer to avoid any potential
viruses or fake files. Downloading the N map installer includes Zen map, the graphical
interface for N map which makes it easy for newcomers to perform scans without having to
learn command lines.
 The Zen map program is available for Windows, Linux, and Mac OSX. You can find
the installation files for all operating systems on the Nmap website.

49
.

50
 2. Install N map. Run the installer once it is finished downloading. You will be asked which
components you would like to install. In order to get the full benefit of N map, keep all of
these checked. Nmap will not install any adware or spyware.

51
 3. Run the "Nmap–Zen map" GUI program. If you left your setting sat default during
installation, you should be able to see an icon for it on your desktop. If not, look in your
Start menu. Opening Zen map will start the program.

.
52
 4. Enter in the target for your scan. The Zen map program makes scanning a fairly
simple process. The first step to running a scan is choosing your target. You can enter a
domain
(example.com),an IP address(127.0.0.1),a network(192.168.1.0/24), or a combination of
those.

 Depending on the intensity and target of your scan, running an Nmap scan may be
against the terms of your internet service provider, and may land you in hot water.
Always check your local laws and your ISP contract before per forming Nmap scans
on targets other than your own network.

53
 5. Choose your Profile. Profiles are preset grouping so f modifiers that change what is scanned.
The profiles allow you to quickly select different types of scans without having to type in the
modifiers on the command line. Choose the profile that best fits your needs:[1]

 Intense scan - A comprehensive scan. Contains Operating System (OS) detection,

version detection, script scanning, trace route, and has aggressive scan timing. This
is considered an intrusive scan.
 Ping scan -This scan simply detects if the targets are on line, it does not scan
any ports.
 Quick scan-This is quicker than a regular scan due to aggressive timing and only
scanning select ports.
 Regular scan-This is the standard Nmap scan without any modifiers. It will return
ping and return open ports on the target.
.

54
 6. Click Scan to start scanning. The active results of the scan will be displayed in the Nmap
Output tab. The time the scan takes will depend on the scan profile you chose, the physical
distance to the target, and the target’s network configuration.

7. Read your results. Once the scan is finished, you’ll see the message "Nmap done" at the
bottom of the Nmap Output tab. You can now check your results, depending on the type of
scan you performed. All of the results will be listed in the main Nmap Output tab, but you
can use the other tabs to get a better look at specific data.[2]

 Ports/Hosts- This tab will show the results of your port scan, including the services
for those ports.
 Topology- This shows the trace route for the scan you performed. You can see
how many hops your data goes through to reach the target.
 Host Details-This shows a summary of your target learned through scans, such as
the number of ports, IP addresses, hostnames, operating systems, and more.
 Scans-This tab stores the commands of your previously-run scans. This allows
you to quickly re-scan with a specific set of parameters.
55
 METHOD-2

UsingtheCommandLine

1. Install Nmap. Before using Nmap, you will need to install it so that you can run it from
the command line of your operating system. Nmap is small and available for free from the
developer. Follow the instructions below for your operating system:
.

 Linux-Download and install Nmap from your repository. Nmap is available through
most of the major Linux repositories. Enter in the command below based on your
distribution:
Red Hat, Fedora, SUSE
rpm-v h U http://nmap.org/dist/nmap-6.40-1.i386.rpm(32-bit)OR
rpm -v h U http://nmap.org/dist/nmap-6.40-1.x86_64.rpm (64-bit)
 Debian, Ubuntu
sudoapt-get install nmap

 Windows-Download the Nmap installer. This can be found for free from the developer’s
website. It is highly recommended that you download directly from the developer to
56
 Avoid any potential viruses or fake files. Using the installer allows you to quickly install
the command line Nmap tools without having to worry about extracting to the right
folder.

 If you don’t want the Zen map graphical user interface, you can un check it during
the installation process.

 Mac OS X – Download the Nmap disk image. This can be found for free from the
developer’s website. It is highly recommended that you download directly from the
developer to avoid any potential viruses or fake files. Use the included installer to
install Nmap on your system. Nmap requires OS X 10.6 or later.

57
 2. Open your command line. Nmap commands are run from the command line, and the
results are displayed beneath the command. You can use variables to modify the scan.
You can run the scan from any directory on the command line.
 Linux-Open the terminal if you are using a GUI for your Linux distribution. The
location of the terminal varies by distribution
 Windows-This can be accessed by pressing the Windows key + R and then typing
"cmd" in to the Run field. Windows 8 users can press Windows key+ X and select
Command Prompt from the menu. You can run an Nmap scan from any directory.
 Mac OS X- Open the Terminal application located in the Utility sub folder of
your Applications folder.

58
.

59
 3. Run a scan of you target’ sports. To start a basic scan, type nmap <target>. This
will ping the target and scan the ports. This is an easily-detected scan. The results
will be displayed on your screen. You may need to scroll back up to see all of the
results.
.
 Depending on the intensity and target of your scan, running an Nmap scan may be
against the terms of your internet service provider, and may land you in hot water.
Always check your local laws and your ISP contract before performing Nmap scans
on targets other than your own network.

60
 4. Run a modified scan. You can use command line variables to change the
parameters of the scan, resulting in more detailed or less detailed results. Changing the
scan Variables will change the in trusiveness of the scan. You can add multiple variables by
placing as place between each one. Variables come before the target: nmap <variable>
<variable><target>[3]
.
 -sS-This is a SYN steal the scan. It is less detectable than a standard scan, but
may take longer. Many modern firewalls can detect an –sS scan.
 -sn-This is a ping scan. This will disable port scanning, and will only check to see
if the host is online.
 -O-This is an operating system scan. The scan will attempt to determine the
operating system of the target.
 -A-This variable enables several of the most commonly used scans: OS detection,
version detection, script scanning, and traceroute.
 -F-This enables fast mode,and will reduce the number of ports scanned.
 -v-This will show more in formation in your results, making them easier to read.

.
61
5. Output the scan to an XML file. You can set your scan results to be out putted as an
XML file so that you can easily read the min any web browser. To do this, you will need
to Use the-oX variable, as well as set a file name for the new XML file. A completed command
would look similar to nmap –oX Scan Results.xml <target>.

 The XML file will be saved to whatever your current working location .

62
 EXPERIMENTNo:15

NAME OF THE EXPERIMENT: Operating System Detection using Nmap

OBJECTIVE:Nmap uses TCP/IP stack fingerprinting for OS detection
RESOURCE: Nmap Installer, Linux, Windows
PROGRAM LOGIC: OS Detection

One of Nmap's best-known features is remote OS detection using TCP/IP stack fingerprinting.
Nmap sends a series of TCP and UDP packets to the remote host and examines practically
every bit in the responses. After performing dozens of tests such as TCP ISN sampling, TCP
options support and ordering, IP ID sampling, and the initial window size check, Nmap
compares the results to its nmap-os-db data base of more than 2,600 known OS finger prints
and prints out the OS details if there is a match. Each fingerprint includes a free form textual
description of the OS, and a classification which provides the vendor name (e.g. Sun), under
lying OS(e.g. Solaris), OS generation(e.g. 10), and device type (general purpose, router,
switch, game console, etc). Most fingerprints also have a Common Platform Enumeration
(CPE) representation, like cpe:/o:linux:linux_kernel:2.6.

If Nmap is unable to guess the OS of a machine, and conditions are good (e.g. atleast one open
port and one closed port were found), Nmap will provide a URL you can use to submit the
fingerprint if you know (for sure)the OS running on the machine. By doing this you contribute
to the pool of operating systems known to Nmap and thus it will be more accurate for everyone.

OS detection enables some other tests which make use of information that is gathered during
the process anyway. One of these is TCP Sequence Predict ability Classification. This
measures approximately how hard it is to establish a forged TCP connection against there
mote host.It is useful for exploiting source-IP based trust relationships (rlogin, firewall filters,
etc) or for hiding the source of an attack. This sort of spoofing is rarely performed any more,
but many machines are still vulnerable to it.The actual difficulty number is based on statistical
sampling and may fluctuate. It is generally better to use the English classification such as
“worthy challenge” or “trivial joke”. This is only reported in normal output in verbose(-v)
mode. When verbose mode is enabled along with -O, IP ID sequence generation is also
reported. Most machines are in the “incremental” class, which means that they increment the
ID field in the IP header for each packet they send. This makes them vulnerable to several
advanced information gathering and spoofing attacks.

An other bit of extra information enabled by OS detection is a guess at a target's up time.This

uses the TCP time stamp option (RFC1323) to guess when a machine was last re booted. The
guess can be inaccurate due to the time stamp counter not being initialized to zero or the
counter overflowing and wrapping around, so it is printed only in verbose mode.

OS detection is covered in Chapter8, Remote OS Detection.

OS detection is enabled and controlled with the following options:

63
 -O (Enable OS detection)
Enables OS detection, as discussed above. Alternatively, you can use -A to enable OS
detection along with other things.

--os scan-limit (Limit OS detection to promising targets)

OS detection is far more effective if at least one open and one closed TCP port are found. Set
this option and Nmap will not even try OS detection against hosts that do not meet this criteria.
This can save substantial time, particularly on -Pn scans against many hosts. It only matters
when OS detection is requested with -O or -A.

--os scan-guess;--fuzzy(Guess OS detection results)

When Nmap is unable to detect a perfect OS match, it sometimes offer sup near-matches as
possibilities. The match has to be very close for Nmap to do this by default. Either of these
(equivalent) options make Nmap guess more aggressively. Nmap will still tell you when an
imperfect match is printed and display its confidence level (percentage) for each guess.

--max-os-tries(Set the maximum number of OS detection tries against a target)

When Nmap performs OS detection against a target and fails to find a perfect match, it usually
repeats the attempt. By default, Nmap tries five times if conditions are favorable for OS
fingerprint submission, and twice when conditions aren't so good.

Specifying a lower --max-os-tries value (such as 1) speeds Nmap up, though you miss out on
retries which could potentially identify the OS. Alternatively, a high value may be set to allow
even more retries when conditions are favorable. This is rarely done, except to generate better
fingerprints for submission and integration into the Nmap OS database.

Introduction

While Nmap has supported OS detection since 1998, this chapter describes the 2nd generation
system released in 2006.

Reasons for OS Detection

While some benefits of discovering the underlying OS and device types on a network are
obvious, others are more obscure. This section lists the top reasons I hear for discovering this
extra information.

Determining vulnerability of target hosts

It is sometimes very difficult to determine remotely when the ran available service is
susceptible or patched for a certain vulnerability. Even obtaining the application version
number doesn't always help, since OS distributors of ten back-port security fixes without
changing the version number. The surest way to verify that a vulnerability is real is to exploit
it, but that risks crashing the service and can lead to wasted hours or even days of frustrating
exploitation efforts if the service turns out to be patched.

OS detection can help reduce these false positives. For example, the R who daemonon
unpatched Sun Solaris7 through 9 may be remotely exploitable (Sunalert#57659).Remotely
64
Determining vulnerability is difficult, but you can rule it out by finding that a target system is
running Solaris 10.

Taking this from the perspective of a systems administrator rather than a pen-tester, imagine
you run a large Sun shop when alert #57659 comes out. Scan your whole network with OS
detection to find machines which need patching before the bad guys do.

Tailoring exploits

Even after you discover a vulnerability in a target system, OS detection can be helpful in
exploiting it. Buffer overflows, format-string exploits, and many other vulnerabilities often
require custom-tailored shell code with off sets and assembly pay loads generated to match
the target OS and hardware architecture. In some cases, you only get one try because the
service crashes if you get the shell code wrong. Use OS detection first or you may end up
sending Linux shellcode to a FreeBSD server.

Network inventory and support

While it isn't as exciting as busting root through a specially crafted format string exploit, there
are many administrative reasons to keep track of what is running on your network. Before you
renew that IRIX support contract for another year, scan to see if anyone still uses such
machines. An inventory can also be useful for IT budgeting and ensuring that all company
equipment is accounted for.

Detecting unauthorized and dangerous devices

With the ubiquity of mobile devices and cheap commodity networking equipment,
companies are increasingly finding that employees are extending their networks in
undesirable ways.
They may install a $20 wireless access point (WAP) in their cubicle without realizing (or
caring) that they just opened up the protected corporate network to potential attackers in the
parking lot or nearby buildings. WAPs can be so dangerous that Nmap has a special category
for detecting them, as demonstrated in the section called “SOLUTION: Detect Rogue Wireless
Access Points on an Enterprise Network”. Users may also cause sys admins grief by
connecting insecure and/or worm-infected laptops to the corporate network. Regular scanning
can detect unauthorized devices for investigation and containment.

Social engineering

Another possible use is social engineering. Lets say that you are scanning a target company
and Nmap reports a “Data voice Tx PORT PRISM 3000 T1 CSU/DSU 6.22/2.06”. You could
call up the target pretending to be Data voice support and discuss some issues with their
PRISM 3000. Tell them you are about to announce a big security hole, but are first providing
the patch to valued customers. Some naive administrators might assume that only anauthorized
engineer from Data voice would know so much about their CSU/DSU. Ofcourse the patch you
send them is a Trojan horse that gives you remote access to sniff and traipse through their
network. Be sure to read the rest of this chapter for detection accuracy and verification advice
before trying this. If you guess the target system wrong and they call the police, that will be an
65
 embarrassing story to tell your cellmates.

Usage and Examples

The inner workings of OS detection are quite complex, but it is one of the easiest features to
use. Simply add-OS to your scan options. You may want to also increase the verbosity with
- v for even more OS-related details. This is shown in Example8.1.

Example8.1.OS detection with verbosity (-O-v)

# nmap-O -vscanme.nmap.org

StartingNmap(https://nmap.org)
Nmapscanreportforscanme.nmap.org(74.207.244.221) Not
shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
646/tcpfilteredldp
1720/tcpfilteredH.323/Q.931
9929/tcpopennping-echo
31337/tcp open EliteDevice
type: general purpose
Running: Linux 2.6.X
OSCPE:cpe:/o:linux:linux_kernel:2.6.39 OS
details: Linux 2.6.39
Uptimeguess:1.674days(since FriSep912:03:042011)
Network Distance: 10 hops
TCPSequencePrediction:Difficulty=205(Goodluck!) IP
ID Sequence Generation: All zeros

Readdatafilesfrom: /usr/local/bin/../share/nmap
Nmapdone: 1 IPaddress(1host up)scannedin5.58 seconds
Rawpacketssent: 1063(47.432KB) | Rcvd: 1031 (41.664KB)

Including the -O-v options caused Nmap to generate the following extra line items:

Device type
All finger prints are classified with one or more high-level device types, such
As router, printer, firewall, or (as in this case) general purpose.These are further described
In the section called “Device and OS classification (Classlines)”. Several device types may be
shown, in which case they will be separated with the pipe symbol as in “Device Type: router|
firewall”.

Running
This field is also related to the OS classification scheme described in the section called
66
“Device and OS classification (Classlines)”. It shows the OS Family (Linux in this case) and

OS generation (2.6.X) if available. If there are multiple OS families, they are separated by
commas. When Nmap can't narrow down OS generations to one specific choice, options are
separated by the pipe symbol ('|') Examples include Open BSD 3.X, Net BSD
3.X|4.X and Linux 2.4.X|2.5.X|2.6.X.

If Nmap finds too many OS families to print concisely, it will omit this line. When there are no
perfect matches, Nmap changes the field to Running (JUST GUESSING) and adds an accuracy
percentage (100% is a perfect match) in parentheses after each candidate family name. If no
fingerprints are close matches, the line is omitted.

OSCPE
This shows a Common Platform Enumeration (CPE) representation of the operating system
when available. It may also have a CPE representation of the hardware type. OS CPE begins
with cpe:/o and hardware CPE begins with cpe:/h. Form ore about CPE see the section called
“Common Platform Enumeration (CPE)”.

OSdetails
This line gives the detailed description for each fingerprint that matches. While the Device
type and Running lines are from predefined enumerated lists that are easy to parse by a
computer, the OS details line contains free-form data which is useful to a human reading the
report. This can include more exact version numbers, device models, and architectures
specific to a given fingerprint. In this example, the only matching fingerprint was Linux
2.6.20-1 (Fedora Core 5). When there are multiple exact matches, they are comma-separated.
If there aren't any perfect matches, but some close guesses, the field is renamed Aggressive
OS guesses and fingerprints are shown followed by a percentage in parentheses which
specifies how close each match was.

Uptimeguess
As part of OS detection, Nmap receives several SYN/ACKT CP packets in a row and checks
the headers for a timestamp option. Many operating systems use a simple counter for this
which starts at zero at boot time then increments at a constant rate such as twice per second.
By look in gat several responses, Nmap can determine the current values and rate of increase.
Simple linear extrapolation determines boot time. The timestamp algorithm is used for OS
detection too (see the section called “TCP timestamp option algorithm (TS)”) since the
increment rate on different systems varies from 2 Hz to 1,000 Hz.
The uptime guess is labeled a “guess” because various factors can make it completely
inaccurate. Some operating systems do not start the timestamp counter at zero, but initialize it
with a random value, making extrapolation to zero meaningless. Even on systems using a
simple counter starting at zero, the counter eventually overflows and wraps around. With a
1,000 Hz counter increment rate, the counter resets to zero roughly every50 days. So a host
that has been up for 102 days will appear to have been up only two days. Even with these
caveats, the uptime guess is accurate much of the time for most operating systems, so it is
printed when available, but only in verbose mode. The uptime guess is omitted if the target
gives zeros or no timestamp options in its SYN/ACK packets, or if it does not reply at all. The
line is also omitted if Nmap cannot discern the timestamp increment rate or it seems
suspicious (like a30-year uptime).

67
Network Distance
A side effect of one of the OS detection tests allows Nmap to compute how many routers are
between it and a target host. The distance is zero when you are scanning localhost, and one for
a machine on the same network segment. Each additional router on the path adds one to the
hop count. The Network Distance line is not printed in this example, since Nmap omits the
line when it cannot be computed (no reply to the relevant probe).

TCP Sequence Prediction

Systems with poor TCP initial sequence number generation are vulnerable to blind TCP
spoofing attacks. In other words, you can make a full connection to those systems and send
(but not receive) data while spoofing a different IP address. The target's logs will show the
spoofed IP, and you can take advantage of any trust relationship between them. This attack
was all the rage in the mid-nineties when people commonly used r log into allow logins to
their account without any password from trusted IP addresses. Kevin Mitnick is alleged to
have used this attack to break into Tsutomu Shimomura's computers in December 1994.
The good news is that hardly anyone uses rlogin anymore, and many operating systems have
been fixed to use unpredictable initial sequence numbers as proposed by RFC 1948. For these
reasons, this line is only printed in verbose mode. Sadly, many vendors still ship vulnerable
operating systems and devices. Even the fixed ones often vary in implementation, which
leaves them valuable for OS detection purposes. The class describes the ISN generation
algorithm used by the target, and difficulty is a rough estimate of how hard the system makes
blind IP spoofing (0 is the easiest). The parenthesized comment is based on the difficulty index
and ranges from Trivial joke to Easy, Medium, Formidable, Worthy challenge, and finally
Good luck! Further details about sequence tests are provided in the section called “TCP ISN
greatest common divisor (GCD)”.
While the r log in family is mostly a relic of the past, clever attackers can still find effective
uses for blind TCP spoofing. For example, it allows for spoofed HTTP requests. You don't see
the results, but just the URL (POST or GET request) can have dramatic side effects. The
spoofing allows attackers to hide their identity, frame someone else, or exploit IP address
restrictions.
IPID sequence generation Many systems unwittingly give away sensitive information about
their traffic levels based on how they generate the lowly 16-bit ID field in IP packets. This can
be abused to spoof a port scan against other systems and for other mischievous purposes
discussed in the sectioncalled“TCPIdleScan(-sI)”.This field describes the ID generation
algorithm that Nmap was able to discern. More information on how it classifies them is
available in the section called “IP IDsequence generation algorithm (TI,CI,II)”. Note that many
systems use a different IP ID space for each host they communicate with. In thatcase, they may
appear vulnerable (such as showing the Incremental class) while still being secure against
attacks such as the idle scan.
For this reason, and because the issue is rarely critical, the IP ID sequence generation line is
only printed in verbose mode. If Nmap does not receive sufficient responses during OS
detection, it will omit the whole line. The best way to test whether a host is vulnerable to being
an idle scan zombie is to test it with -s I.

While TCP fingerprinting is a powerful method for OS detection, interrogating open ports for
clues is another effective approach. Some applications, such as Microsoft IIS, only run on a
single platform(thus giving it away), while many other apps divulge their platform in overly
verbose banner messages. Adding the -s V option enables Nmap version detection, which is
68
 Trained to look for these clues(among others). In Example8.2, Nmap catches the platform
details from an FTP server.

Example8.2.Using version scan to detect the OS

# nmap-sV -O -v129.128.X.XX

StartingNmap(https://nmap.org)
Nmapscanreportfor[hostname](129.128.X.XX)
Not shown: 994 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp HP-UX10.xftpd4.1
22/tcp open sshOpenSSH3.7.1p1(protocol1.99)
111/tcp open rpc
445/tcp filteredmicrosoft-ds
1526/tcpopen oracle-tnsOracleTNSListener
32775/tcp open rpc
No exactOSmatchesforhost
TCPSequencePrediction:Class=trulyrandom
Difficulty=9999999(Goodluck!)
IP ID Sequence Generation: Incremental
ServiceInfo:OS:HP-UX

In this example, the line “No exact OS matches for host” means that TCP/IP fingerprinting
failed to find an exact match.Fortunately, the Service Info field a fewlines down discloses that
the OS is HP-UX. If several operating systems were detected (which can happen with NAT
gate way boxes that redirect ports to several different machines), the field would be OSs and
the values would be comma separated. The Service Info line can also contain hostnames and
device types found during the version scan. The focus of this chapter is on TCP/IP
fingerprinting though, since version detection was covered in Chapter7,Service and
Application Version Detection.

With two effective OS detection methods available, which one should you use? The best
answer is usually both. In some cases, such as a proxy firewall forwarding to an application on
another host, the answers may leg itimately differ. TCP/IP fingerprinting will identify the
proxy while version scanning will generally detect the server running the proxied application.
Even when no proxying or port forwarding is involved, using both techniques is beneficial. If
they come out the same, that makes the results more credible. If they come out wildly
different, investigate further to determine what is going on before relying on either. Since OS
and version detection go together so well, the -A option enables them both.

OS detection is far more effective if at least one open and one closed TCP port are found. Set
the –os scan-limit option and Nmap will not even try OS detection against hosts which do not
meet this criteria. This can save substantial time, particularly on -Pn scans against many hosts.
You still need to enable OS detection with -O(or-A) for the –os scan-limit option to have any
effect.

69
Another OS detection option is –os scan-guess. When Nmap is unable to detect a perfect OS
match, it sometimes offer supnear-matches as possibilities. The match has to be very close for
Nmap to do this by default. If you specify this option (or the equivalent –fuzzy option), Nmap
will guess more aggressively. Nmap still tells you when an imperfect match is found and
display its confidence level (percentage) for each guess.

When Nmap performs OS detection against a target and fails to find a perfect match, it usually
repeats the attempt. By default, Nmap tries five times if conditions are favorable for OS
fingerprint submission, and twice when conditions aren't so good.The --max-os-tries option lets
you change this maximum number of OS detection tries. Lowering it (usually to 1) speeds
Nmap up, though you miss out on retries which could potentially identify theOS. Alternatively,
a high value may be set to allow even more retries when conditions are favorable. This is
Rarely done, except to generate better fingerprints for submission and integration in to the
Nmap OS database.

Like just about every other part of Nmap, results ultimately come from the target machine
itself. While rare, systems are occasionally configured to confuse or mislead Nmap. Several
programs have even been developed specifically to trick Nmap OS detection (see the section
called“ OSS poofing”). Your best bet is to use numerous recon aissance methods to explore a
network, and don't trust any one of them.

TCP/IP fingerprinting requires collecting detailed information about the target's IP stack. The
most commonly useful results, such as TTL information, are printed to Nmap output whenever
they are obtained. Slightly less pertinent information, such as IP ID sequence generation and
TCP sequence prediction difficulty, is only printed in verbose mode. But if you want all of the
IP stack details that Nmap collected, you can find it in a compact form called a subject
fingerprint. Nmap sometimes prints this (for user submission purposes) when it doesn't
recognize a host.You can also force Nmap to print it (in normal, interactive, and XML formats)
by enabling debugging with (-d). Then read the section called “Understanding an Nmap
Fingerprint” to interpret it.

70