Requirements:

 Libraries we will be using are:

 time: To wait for a specified amount of [Link]: To hash the
content of the entire website.
 urllib: To perform the get request and load the content of the website.

Program:

REGISTER NUMBER: 22TK0041

 # Importing libraries import time
import hashlib from [Link]
import urlopen, Request # setting
the URL you want to monitor
url = Request('[Link]
'Mozilla/5.0'})
# to perform a GET request and load the
# content of the website and store it in a var response =
urlopen(url).read()
# to create the initial hash currentHash =
hashlib.sha224(response).hexdigest() print("running")
[Link](10) while True: try:
# perform the get request and store it in a var response =
urlopen(url).read()
# create a hash
currentHash = hashlib.sha224(response).hexdigest()
# wait for 30 [Link](30)
# perform the get request
response =
urlopen(url).read()
# create a new hash newHash =
hashlib.sha224(response).hexdigest()
if newHash == currentHash:
continue
else:
# notify
print("something changed")
# again read the website response = urlopen(url).read()
# create a hash
currentHash =
hashlib.sha224(response).hexdigest()
# wait for 30 [Link](30)
continue
# To handle exceptions except
Exception as e: print("error")

REGISTER NUMBER: 22TK0041

OUTPUT:

REGISTER NUMBER: 22TK0041

Requirements:
 A Gmail account Google Chrome web browser Procedure:
Part 1: Installation of Email Tracker Extension:
 Step 1: Open Google Chrome and search for "Email Tracker Extension" in the search bar.
 Step 2: Click on the first result that appears to access the Email Tracker Extension.
 Step 3: Click on "Add to Chrome" to download and install the extension.
 Step 4: Once the extension is installed, you will see an icon in your browser's toolbar
Part 2: Using Email Tracker Extension:
 Step 1: Log in to your Gmail account.
 Step 2: Compose a new email.
 Step 3: In the compose window, you will see a small checkbox next to the
"Send" button. This checkbox is labeled "Track Email."
 Step 4: Check the "Track Email" checkbox before sending the email.
 Step 5: Once the recipient opens the email, you will receive a notification in your Gmail
account.
 Step 6: To view the notification, go to your Sent folder and open the email you sent. You will
see a new section labeled "Tracking" below the email body.
 Step 7: In the Tracking section, you will see the time and date the email was opened, as well as
the number of times it was opened.
Conclusion:
 Email Tracker Extension is a powerful tool that can help you track the delivery and opening of
emails you send from your Gmail account. By following the steps outlined in this lab manual,
you can easily install and use the extension to track your emails and receive notifications when
they are opened.

REGISTER NUMBER: 22TK0041

Materials:
 A computer running a Linux operating system
 A network router with firewall capabilities
 A software firewall application, such as iptables or ufw
Steps:
 Configuring a hardware firewall:
 Connect your computer to the router using an Ethernet cable.
 Open a web browser and enter the router's IP address in the address bar.
 Log in to the router using the administrator credentials.
 Navigate to the firewall settings section.
 Configure the firewall settings according to your network's needs. This may include setting up
port forwarding, blocking specific IP addresses or websites, and enabling intrusion detection
and prevention.
 Save the changes and exit the router's configuration page.
Configuring a software firewall:
 Open a terminal on your Linux system.
 Install the firewall software of your choice (e.g. iptables or ufw) using the package manager.
 Configure the firewall settings according to your network's needs. This may include adding
specific rules to allow or deny traffic, creating custom chains, and enabling logging and
notifications.
 Save the changes and exit the firewall configuration.

REGISTER NUMBER: 22TK0041

Commands:

Configuring a hardware firewall:

 To access the router's configuration page, open a web browser and enter the router's IP address
(e.g. [Link] in the address bar.
 To log in to the router, enter the administrator username and password.
 To navigate to the firewall settings section, look for a menu item or tab labeled "Firewall" or
"Security."
 To configure the firewall settings, follow the on-screen instructions and use the appropriate
options and buttons.
 To save the changes, click on the "Apply" or "Save" button and wait for the router to reboot.
Configuring a software firewall using iptables:
 To install iptables, open a terminal and run the command: sudo apt-get install iptables
 To list the current rules, run the command: sudo iptables -L
 To add a rule to allow incoming traffic on port 80 (HTTP), run the command: sudo iptables A
INPUT -p tcp --dport 80 -j ACCEPT
 To add a rule to deny incoming traffic from a specific IP address, run the command: sudo
iptables -A INPUT -s [Link] -j DROP
 To save the rules, run the command: sudo iptables-save > /etc/iptables/rules.v4

REGISTER NUMBER: 22TK0041

Software Firewall

REGISTER NUMBER: 22TK0041

REGISTER NUMBER: 22TK0041
FIREWALLS:
Materials and tools required:
 A Linux machine with root access
 A firewall log file (e.g. [Link])
Procedure:
1. Introduction to Firewalls:
 Briefly review the concept of firewalls and their importance in network security.
2. Investigating Firewall Configurations:
 Use the command "iptables -L" to display the current firewall [Link] note of
the rules in place and any suspicious or unexpected [Link] the command
"iptablessave> [Link]" to save the configuration to a file for further analysis.
3. Analyzing Firewall Logs:
 Use the command "tail -f [Link]" to monitor the firewall log in [Link] for any
entries indicating suspicious activity, such as attempts to access blocked ports or
connections from unauthorized IP [Link] note of the timestamps, source and
destination IP addresses, and other relevant information for each entry.
4. Extracting Relevant Data:
 Use the command "grep" to filter the firewall log for specific keywords or [Link]
example, "grep 'DROP' [Link]" will show all entries where packets were dropped by
the [Link] other options with "grep" to further refine the search, such as "-i" for case-
insensitive matching or "-A" to show a certain number of lines after the match.
5. Analyzing Results:

REGISTER NUMBER: 22TK0041

  Analyze the firewall configuration and logs to identify any vulnerabilities or potential
security [Link] for patterns or trends in the data that may indicate malicious
activity or unauthorized [Link] other tools as needed, such as Wireshark or Nmap, to
further investigate any suspicious traffic.

Commands and Results:

1. iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywheretcpdpt:ssh
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

2. iptables-save > [Link]

This will save the current firewall configuration to a file called "[Link]" for
further analysis.

3. tail -f [Link]
May 7 [Link] firewall kernel: [123456.789012]
DROP IN=eth0 OUT=
MAC=[Link] SRC=[Link]
DST=[Link]
LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=12345 PROTO=TCP SPT=1234
DPT=80 WINDOW=0 RES=0x00 RST URGP=0

4. grep 'DROP' [Link]

May 7 [Link] firewall kernel: [123456.789012]
DROP IN=eth0 OUT=
MAC=[Link]

PACKET ANALYZERS:
Materials and tools required:

REGISTER NUMBER: 22TK0041

  A computer running packet analyzer software, such as Wireshark or tcpdump.
 Access to a network with traffic that can be captured and analyzed

Procedure:
1. Introduction to Packet Analyzers:
 Discuss the role of packet analyzers in network forensics and the types of
information they can provide.
 Explain how packet analyzers capture and interpret network traffic data.

2. Capturing Network Traffic:

 Use the packet analyzer software to capture network traffic on a selected
network interface.
 Start the packet capture and wait for a few minutes to gather enough data for analysis.
 Save the capture file to a directory for further analysis.

3. Filtering Traffic:
 Use the filtering options in the packet analyzer software to reduce the amount of
 Filter by protocol, source IP address, destination IP address, or other criteria to focus
on relevant traffic
 Apply the filter and analyze the filtered data.

4. Analyzing Traffic:
 Review the captured and filtered network traffic data to identify potential security
issues or anomalies.
 Look for unusual patterns or volumes of traffic, unexpected protocol usage, or other
signs of malicious activity.
 Use the packet analyzer software's analysis tools, such as graphs or statistics, to aid in
identifying unusual patterns.

FILTERING METHODS:
Materials and tools required:

 A computer running digital forensics software, such as Autopsy or Encase

 Access to a data source, such as a hard drive or memory dump.

Procedure:
1. Introduction to Filtering Methods:

REGISTER NUMBER: 22TK0041

  Discuss the purpose of filtering methods in digital forensics investigations and the types
of data they can be applied to.
 Explain the different filtering methods, such as keyword search, file type filtering, and hash
value filtering.

2. Keyword Search:
 Use the keyword search function in the digital forensics software to search for specific
terms or phrases in the data.
 Enter a search term or phrase and run the search.
 Review the search results to identify potentially relevant data.

3. File Type Filtering:

 Use the file type filtering function in the digital forensics software to filter out
irrelevant data based on file type.
 Specify the file types to include or exclude in the filter.
 Apply the filter and review the filtered data.

4. Hash Value Filtering:

 Use the hash value filtering function in the digital forensics software to identify known
files or files that have been altered.
 Generate a hash value for a known file and compare it to the hash values of files in the
data being analyzed.
 Review the files with matching hash values for potentially relevant data.
Commands and Results:
5. Run a keyword search in Autopsy:
 Select the data source to search from.
 Click the "Keyword Search" button and enter a search term or phrase in the search
box.
 Click "Search" to run the search.
 Review the search results in the "Keyword Hits" section.

6. Apply a file type filter in Encase:

 Select the data source to filter from.
 Click the "Filter" button and select "File Type Filter".
 Specify the file types to include or exclude in the filter.
 Apply the filter and review the filtered files in the "File List" section.

7. Use hash value filtering in Autopsy:

REGISTER NUMBER: 22TK0041

  Generate a hash value for a known file, such as a system file or
executable.
 Select the data source to filter from.
 Click the "Hash Filter" button and enter the hash value of the known file.
 Review the files with matching hash values in the "Files with Matches" section.
8. Save the filtered data in Encase:
 Click the "Export" button and select "Export Selected Files".
 Choose a file name and directory to save the filtered files to.
 Select a file format, such as "dd" or "E01", to save the filtered data in.

OUTPUT:

ubuntu@ubuntu:~$ tshark-i enp0s3 -w /tmp/test_capture.pcap

ubuntu@ubuntu:~$ sudo apt -get update

ubuntu@ubuntu:~$ sudo apt install autopsy

REGISTER NUMBER: 22TK0041

REGISTER NUMBER: 22TK0041