1Scan open ports nmap --open <ip_address or URL> nmap --open 127.0.0.1

2 Scan a single port nmap -p 80 127.0.0.1

3 Scan a range of ports nmap -p 1-200 <ip_address>

4 Scan entire port range nmap -p 1-65535 <ip_address>

5 Fast scan (Top 100 ports) nmap -F <ip_address>

1 Ping Scan nmap -sP 192.168.1.0/24 2 Host Scan (ARP scan) nmap -sP nmap -sL 192.168.1.5 3️⃣ OS Scan Command: nmap -O 💡 More Nmap Commands (Advanced) 1️⃣ Scan IPs from a text file Command: nmap -iL <filename.txt>

2️⃣ Aggressive Scan Command: nmap -A <ip_address> 3️⃣ Traceroute Command: nmap --traceroute <ip_address>

🧩 PRACTICAL 3C — 1Install Snort and Npcap • Download from: https://www.snort.org/downloads • Install in default directory: C:\Snort 2 Check if Snort is installed properly snort -V Shows the Snort version installed. 3 List all network adapters snort -W 4️⃣ Prepare necessary directories C:\Snort\rules C:\Snort\log 5️⃣ Edit Snort configuration file Open this file: C:\Snort\etc\snort.conf and check for these lines:

Define local and external networks

var HOME_NET 10.1.5.0/24 var EXTERNAL_NET any

Define rule and log paths

var RULE_PATH C:\Snort\rules var LOG_PATH C:\Snort\log

Output format

output alert_fast: alert.fast

Include local rules

include $RULE_PATH/local.rules ✅ This tells Snort where your network and rule files are.

✍️ Create Custom Rules Open this file: C:\Snort\rules\local.rules Add these lines:

Detect ICMP (Ping)

alert icmp any any -> $HOME_NET any (msg:"ICMP Ping Detected"; sid:1000001;)

Detect HTTP Traffic

alert tcp any any -> any 80 (msg:"HTTP Traffic Detected"; flow:to_server,established; sid:1000002;)

Detect TCP SYN Port Scans

alert tcp any any -> any any (flags:S; msg:"TCP SYN Scan Detected"; threshold:type both, track by_src, count 5, seconds 60; sid:1000003;) ✅ These are your Snort rules — each one defines a pattern that triggers an alert.

🧱 Verify Snort Libraries Ensure the following folders exist: C:\Snort\lib\snort_dynamicpreprocessor C:\Snort\lib\snort_dynamicengine C:\Snort\lib\snort_dynamicrules These contain important Snort modules.

▶️ Run Snort as Administrator Example command: snort -i 6 -A console or snort -c C:\Snort\etc\snort.conf -i 6 -A console ✅ -i 6 → network interface number ✅ -A console → show alerts on screen ✅ -c → specify the configuration file Output Example: Initializing Network Interface 6: Intel(R) 82579LM Gigabit Network Connection Commencing packet processing

✅ Example: Local Tests Test 1 – ICMP Ping ping 10.1.1.255 In Snort console, you’ll see: [] [1:1000001:0] ICMP Ping detected [] [Priority: 0] 10/06-15:45:33.123456 -> ICMP Echo Request Test 2 – HTTP Request or Port Scan nmap -sS 10.119.154.236 or visit any website — Snort detects it.

🧩 PRACTICAL 3D — Network Sniffing using Wireshark

⚙️ How Wireshark Works (Step-by-Step) 1️⃣ Capture and Analyse Packets Steps:

1. Open Wireshark.
2. Select your network interface (Ethernet, Wi-Fi, or Loopback).
3. (Optional) Apply a capture filter (to capture specific packets only). Example capture filters: tcp port 80 host 127.0.0.1
4. Click Start Capture (blue shark fin icon).
5. Perform some network activity (e.g., open a website).
6. Click Stop (red square).
7. View details of packets captured.
8. Save results using File → Save As.

2️⃣ Apply Filters and Analyse Data Common Display Filters: • Show only HTTP packets: • http • Show only POST requests: • http.request.method == "POST" • Find a specific string: • frame contains "admin@google.com"

🕵️ Network Sniffing Example (HTTP Login) This demo shows how Wireshark can capture sensitive data if the site is not using HTTPS. Step-by-step:

1. Start Wireshark and start capturing packets.
2. Visit http://testfire.net/index.jsp (insecure website).
3. Login using: o Username: admin o Password: admin
4. In Wireshark, apply the filter:
5. http
6. In the packet list, look for HTTP POST requests — they will show login info like:
7. POST /index.jsp HTTP/1.1
8. username=admin&password=admin ✅ This shows how insecure (non-HTTPS) sites can leak login credentials.