Date:

Experiment – 7

Aim: Demonstrate following Networking Commands for troubleshooting.

Commands: ping, traceroute, hostname, netstat, nslookup, route

Ping
The ping command is used to test connectivity between two hosts. It sends ICMP echo request messages to the
destination. The destination host replies with ICMP reply messages. If the ping command gets a reply from the
destination host, it displays the reply along with round-trip times.

The ping command uses the following syntax.

ping destination host IP or name

The following command tests connectivity between the host computer and Google's server.

ping google.com
The following image shows the output of this command.

If you specify the hostname as an argument, the ping command uses the configured DNS client service to
automatically translate the hostname into the IP address.

traceroute Command:
tracert 192.168.1.1

In the above example, the tracert command is used to show the path from the networked computer
on which the tracert command is being executed by a network device, in this case, a router on a
local network, that's assigned the 192.168.1.1 IP address.

The result displayed on the screen will look something like this:
Tracing route to 192.168.1.1 over a maximum of 30 hops 1 <1 ms <1
ms <1 ms 192.168.1.254
2 <1 ms <1 ms <1 ms 192.168.1.1
Trace complete.
 In this example, you can see that tracert found a network device using the IP address of
192.168.1.254, let's say a network switch, followed by the destination, 192.168.1.1, the router.
Information Technology Department

tracert www.google.com

With the tracert command shown above, we're asking tracert to show us the path from the local
computer all the way to the network device with the hostname www.google.com.
Tracing route to www.l.google.com [209.85.225.104] over a
maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.1.0.1
2 35 ms 19 ms 29 ms 98.245.140.1
3 11 ms 27 ms 9 ms te-0-3.dnv.comcast.net [68.85.105.201]
...
13 81 ms 76 ms 75 ms 209.85.241.37
14 84 ms 91 ms 87 ms 209.85.248.102
15 76 ms 112 ms 76 ms iy-f104.1e100.net [209.85.225.104]
Trace complete.

In this example, we can see that tracert identified fifteen network devices including our router at
10.1.0.1 and all the way through to the target of www.google.com, which we now know uses the
public IP address of 209.85.225.104, one of Google's many IP addresses.

hostname Command:

Your Computer Name (also known as the computer’s hostname)

1. In command prompt window type hostname and press Enter.

2. The name of your computer will be displayed.

netstat Command:

To get started with netstat, use these steps:

76
Information Technology Department
1. Open Start.
2. Search for Command Prompt, right-click the top result, and select the Run as
administrator option.
3. Type the following command to show all active TCP connections and press Enter:
netstat

nslookup command:

Microsoft Windows includes a tool called NSLOOKUP that you can use via the command prompt. This
tool can be used to check DNS records propagation and resolution using different servers, and perform
other troubleshooting steps.

1. Type nslookup and hit Enter. The displayed information will be your local DNS server and its
IP address. You can specify the DNS server (IP address), type of record, and domain name.

2. Type nslookup and domain name and the command will return the A record for the domain
you run a query
for.
Information Technology Department

In computing, is a command used to view and manipulate the IP routing table in Unix-
route
like and Microsoft Windows

Questions:
1. Write use of tracert command.
2. What is host Name?
3. Write use of nslookup command.

Conclusion:
Information Technology Department

Experiment – 8 Date:
Aim: Identify your Desktop/Laptop IP Address by the following.

1. Ipconfig command
2. Default/Manual Network & Internet setting

The ipconfig command is used to display information about your network

configuration and refresh DHCP and DNS Settings. By default, the ipconfig command
displays your IP Address, Subnet Mask, and default gateway. But with correct
parameters, you can get a lot more information out of it.

How to use the ipconfig command.

1. Press Windows key + X or Right Click on the start menu

To use the IP config command we will need to open Command Prompt or PowerShell

2. Select Windows PowerShell or Command Prompt

Information Technology Department
3. Type ipconfig and press enter
This will show you the basic network information from your network adapters

As you can see in the screenshot above, the command will return information about each
network adapter on your computer. In this case, we have an ethernet adapter (for our wired
network connection) and a wireless network adapter.

There are many reasons why you might want to set a static IP address for your Windows 10 PC.
In most cases, your router will assign your computer a dynamic IP address, meaning it changes
from time to time. This can make it hard to access your computer remotely, use certain
programs, and let other users on your network send you files. Here’s how to set a static IP
address on your Windows PC.

Click the magnifying glass icon in the bottom-left corner of your screen.
Then type IP Address into the search bar and click Open. You can also hit Enter on your
keyboard if you see Ethernet settings.

80
Information Technology Department
1. Then click Change adapter options. You will see this under Related settings. This will
open a control panel window.

Next, right-click on WiFi or Ethernet. This will depend on what kind of connection
you are using. If your computer is hooked up to your router via an Ethernet cable, right-
click that option. If your computer is connected via WiFi, right-click that option. You
should be able to tell which adapter you are using by looking at the red Xs and green
bars.
Then select Status.

Next, click Details.

81
Information Technology Department

Then take note of your IPv4 address, IPv4 subnet mask, IPv4 default gateway, and IPv4
DNS server. It is a good idea to write this information down, as you will need it later.

82
Information Technology Department
Then go back to the Network Connections window, right-click your network, and
select Properties. You can do this by exiting out of the Network Connection Details
and Status windows by clicking the X in the top-right corner.

Next, select Internet Protocol Version 4 (TCP/IPv4) and click Properties.

Then click the radio button next to Use the following IP address.

83
Information Technology Department
Next, enter the static IP address, subnet mask, default gateway, and DNS server you want
to use.
IP Address: Use the first 3 segments of your current IP address. So, if your computer’s IP
address is currently 192.168.0.1, you can use any IP address that starts with 192.168.0.X, where
X is any number between 1 and 254. Or, if your computer’s IP address is 10.0.0.1, you can use
an IP address that starts with 10.0.0.X, where X is any number between 1 and 254. But make
sure you don’t set your computer’s IP address to be the same as your router’s IP address.
Subnet Mask: Usually, on a home network, the subnet mask is 255.255.255.0.
Default Gateway: This is your router’s IP address, or the IP address of any other gateway, such
as an access point
DNS Server: If you see any numbers already filled in this box, you can use those. If not, you
can use the DNS server numbers you saw in the Network Connection Details window. Or you
can use Google’s preferred DNS server of 8.8.8.8 and 8.8.4.4.

Finally, click OK and then close the Properties window. Your changes will not go into effect
until you close the WiFi/Ethernet Properties window.
Questions:

1. What is default gateway?

2. How to check ip configuration of computer?

Conclusion:

84
Information Technology Department

Experiment – 9 Date:
Aim: Install following peripheral devices in your Desktop/Laptop.

A. Computer Mouse Wireless

B. Printer
C. Webcam

Peripheral Device:
​ A peripheral device is generally defined as any auxiliary device such as a computer
mouse or keyboard, which connects to and works with the computer in some way.

List of Peripheral Devices:

​ Computer Mouse (Wired/Wireless), Webcam, Microphone, Digital Camera, Scanner,
Printer, USB Flash Drive -Smartphone or Tablet Computer Storage Interface -CD/DVD
Drive

A. Computer Mouse (wired/wireless):

​ Step to Install Wireless Mouse:

1. Turn on your mouse, Connecting a Mouse with a Wireless Receiver. Plug in your
mouse's receiver. The receiver should fit into one of your computer's USB ports. You can
typically find USB ports, which are thin, rectangular slots, on the sides of laptops and on
the front of desktops' CPU boxes. Plugging in the receiver before turning on the mouse
will allow your computer to install any drivers or software needed to use the mouse.
Information Technology Department

2. On your Windows 10 PC, select Connect if a notification appears for your mouse, then
wait for it to get set up.

Don’t see the notification? Go to Start > Settings > Devices > Bluetooth & other
devices > Add Bluetooth or other device > Bluetooth > Microsoft Bluetooth
Mouse > Done.

B. Printer:
It is an output Device

​ Install a printer in Windows 10

​ When you connect a printer to your PC or add a new printer to your home network, you
can usually start printing right away. Windows 10 supports most printers, so you
probably won't have to install special printer software.

​ Additional printer drivers and support might be available if you update Windows 10.

​ To install or add a network, wireless, or Bluetooth printer If your printer is on and

connected to the network, Windows should find it easily. Available printers can include
all printers on a network, such as Bluetooth and wireless printers or printers that are
plugged into another computer and shared on the network. You might need permission to
install some printers.

1. Select the Start button, then select Settings > Devices > Printers & scanners.
2. Select Add a printer or scanner. Wait for it to find nearby printers, then choose the one you
want to use, and select Add device. If your printer isn't in the list, select the printer that I
want isn't listed, and then follow the instructions to add it manually using one of the options.

Notes:
▪ If you use wireless access points, extenders or multiple wireless routers with separate
SSIDs, you'll need to ensure that you're connected to the same network as the printer for your
PC to find and install it.
▪ If you have a new wireless printer that hasn’t been added to your home network, read the
instructions that came with the printer, and check the printer manufacturer’s website to learn
more
Information Technology Department
and to get up-to-date software for your printer.
C. Webcam:
A webcam is an input device that captures digital images. These are transferred to the
computer, Laptops and desktops are often equipped with a webcam.

​ Install a USB Webcam in Windows 10

1. Plugging in the Camera and Mounting it to your Monitor

Begin by removing all the plastic from your new camera. The brace opens and retracts so
that you may balance the camera on top of your monitor. Untie the USB cable, plug the cable
into your computer, and balance the camera on your monitor.
2. Windows Configuration
This is a plug-and-play device. After plugging in your camera, Windows 10 will have a pop-
up that says “Setting up a device”.

After that, a pop-up will say that the device is installed and configured.
3. Test Your Webcam
Your webcam is no ready for use with software such as Zoom or Skype. You may test your
webcam in Windows 10 by using the Camera application.
4. Click the Windows Start Menu Button.

87
Information Technology Department

5. Click Camera.

6. Confirm that you see the picture from your camera.

Questions:

1. Define peripheral devices & Write examples of peripheral devices

2. Define computer mouse (wired/wireless).
3. What is basic use of Webcam?
4. What are the 3 types of printers?

Conclusion:

88
Information Technology Department

Experiment – 10 Date:
Aim: Compile various cyber incidents by visiting the site
https://cert-in.org.in.

● CERT-In is an acronym for 'Indian Computer Emergency Response Team'. CERT-In is

the National Incident Response Centre for major computer security incidents in its
constituency i.e. Indian cyber community.
● CERT-In's primary role is to raise security awareness among Indian cyber community
and to provide technical assistance and advise them to help them recover from computer
security incidents.
● CERT-In provides technical advice to System Administrators and users to respond to
computer security incidents. It also identifies trends in intruder activity, works with other
similar institutions & organisations to resolve major security issues, and disseminates
information to the Indian cyber community.
● CERT-In also enlightens its constituents about the security awareness and best practices
for various systems; networks by publishing advisories, guidelines and other technical
documents

❖ Compile various cyber incidents

1. Go to the CERT website https://www.cert-in.org.in/ & Click on “Vulnerability Notes”.

Information Technology Department

2. After Cliking the Vulnerability Notes, This section shows year wise Vulnerability notes.

3 . Select any year link to open the Year wise Vulnerability notes and make report.

CERT-In Vulnerability Note CIVN-2021-0374

“Remote Code Execution Vulnerability in Microsoft 4K Wireless Display Adapter”

Original Issue Date: December 28, 2021

Severity Rating: HIGH

Software Affected
Microsoft 4K Wireless Display Adapter version prior to 3.9520.47

Overview
A vulnerability has been reported in Microsoft 4K Wireless Display Adapter which could allow
a remote attacker to execute arbitrary code on the targeted system.

Description
This Vulnerability exits in Microsoft 4K Wireless Display Adapter due to an improper input
validation. A remote attacker could exploit this vulnerability by convincing a victim to open a
specially-crafted content. Successful exploitation of this vulnerability could allow a remote
attacker to execute arbitrary code on the targeted system.

Solution
Apply appropriate updates as mentioned by vendor:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-4389
9
Information Technology Department
Vendor Information
Microsoft
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43899

References
Microsoft
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43899

CERT-In Vulnerability Note CIVN-2022-0002

Multiple Vulnerabilities in Google Chrome

Original Issue Date: January 06, 2022

Severity Rating: HIGH

Software Affected
Google Chrome versions prior to 97.0.4692.71.

Overview
Multiple vulnerabilities have been reported in Google Chrome which could be exploited by a
remote attacker to execute arbitrary code on the targeted system.

Description
These vulnerabilities exists in Google Chrome due to Use after free in Storage, Screen Capture,
Sign-in, Swift Shader, PDF, Autofill and File Manager API; Inappropriate implementation in
Dev Tools, Navigation, Autofill, Blink, Web Share, Passwords and Compositing; Heap buffer
overflow in Media streams API, Bookmarks and ANGLE; Type Confusion in V8; Incorrect
security UI in Autofill, Browser UI; Out of bounds memory access in Web Serial; Uninitialized
Use in File API and Policy bypass in Service Workers. A remote attacker could exploit these
vulnerabilities by enticing a victim to visit a specially crafted webpage.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute

arbitrary code on the targeted system.

Solution
Update to Google Chrome version 97.0.4692.71.
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html

Vendor Information
Google Chrome
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html

References
Google Chrome
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
Information Technology Department
CERT-In Vulnerability Note CIVN-2020-0449

Multiple Vulnerabilities in Foxit Reader and Phantom PDF

Original Issue Date: December 24, 2020

Severity Rating: HIGH

Software Affected

Foxit Reader versions 10.1.0.37527 and earlier

Foxit Phantom PDF versions 10.1.0.37527 and earlier

Overview
Multiple vulnerabilities have been reported in Foxit Reader and Phantom PDF which could
allow a remote attacker to cause Out-of-Bounds Write Remote Code Execution, Type
Confusion Memory Corruption, denial of service condition or execute arbitrary code on the
target system. Description These vulnerabilities exist due to insufficient validation of objects,
incorrect processing of PDF files, lack of proper validation when an incorrect argument is
passed to the app.media. open Player function, access or use of a deleted pointer and array
overflow issue. A remote attacker could exploit these vulnerabilities by sending specially
crafted malicious file on the target system.

Successful exploitation of these vulnerabilities could allow the attacker to cause Out-of-Bounds
Write Remote Code Execution, Type Confusion Memory Corruption, denial of service
condition or execute arbitrary code on the target system.

Solution
Upgrade to the Foxit Reader 10.1.1 and Foxit Phantom PDF
10.1.1
https://www.foxitsoftware.com/support/security-bulletins.html

Vendor Information
Foxit Software
https://www.foxitsoftware.com/support/security-bulletins.html
References
Foxit Software
https://www.foxitsoftware.com/support/security-bulletins.html

Questions:

1. Deffine “CERT”
2. What is Vulnerability to Internet Crimes?

Conclusion:
Information Technology Department

Experiment – 11 Date:
Aim: Analyse suspicious files and URLs to detect types of malwares by
using https://www.virustotal.com

● VirusTotal was founded in 2004 as a free service that analyses files and URLs for
viruses, worms, trojans and other kinds of malicious content. Our goal is to make the
internet a safer place through collaboration between members of the antivirus industry,
researchers and end users of all kinds. Fortune 500 companies, governments and leading
security companies are all part of the VirusTotal community, which has grown to over
500,000 registered users.

​ How it works
​ VirusTotal inspects items with over 70 antivirus scanners and URL/domain block listing
services, in addition to a myriad of tools to extract signals from the studied content. Any
user can select a file from their computer using their browser and send it to VirusTotal.
VirusTotal offers a number of file submission methods, including the primary public web
interface, desktop uploaders, browser extensions and a programmatic API. The web
interface has the highest scanning priority among the publicly available submission
methods. Submissions may be scripted in any programming language using the HTTP-
based public API.

​ As with files, URLs can be submitted via several different means including the
VirusTotal webpage, browser extensions and the API.

​ Upon submitting a file or URL basic results are shared with the submitter, and also
between the examining partners, who use results to improve their own systems. As a
result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to
raise the global IT security level.

​ This core analysis is also the basis for several other features, including the VirusTotal
Community: a network that allows users to comment on files and URLs and share notes
with each other. VirusTotal can be useful in detecting malicious content and also in
identifying false positives -- normal and harmless items detected as malicious by one or
more scanners.

Free and unbiased

VirusTotal is free to end users for non-commercial use in accordance with our Terms of
Service. Though we work with engines belonging to many different organizations,
VirusTotal does not distribute or promote any of those third-party engines. We simply act as
an aggregator of information. This allows us to offer an objective and unbiased service to
our users.
Information Technology Department

Many contributors

VirusTotal's aggregated data is the output of many different antivirus engines, website
scanners, file and URL analysis tools, and user contributions. The file and URL
characterization tools we aggregate cover a wide range of purposes: heuristic engines,
known- bad signatures, metadata extraction, identification of malicious signals, etc.

Raising the global IT security level through sharing

Scanning reports produced by VirusTotal are shared with the public VirusTotal community.
Users can contribute comments and vote on whether particular content is harmful. In this
way, users help to deepen the community’s collective understanding of potentially harmful
content and identify false positives (i.e. harmless items detected as malicious by one or more
scanners).

The contents of submitted files or pages may also be shared with premium VirusTotal
customers. The file corpus created in VirusTotal provides cybersecurity professionals and
security product developers valuable insights into the behaviours of emerging cyber threats
and malware. Through our premium services commercial offering, VirusTotal provides
qualified customers and anti-virus partners with tools to perform complex criteria-based
searches to identify and access harmful files samples for further study. This helps
organizations discover and analyze new threats and fashion new mitigations and defences.

Real-time updates

Malware signatures are updated frequently by VirusTotal as they are distributed by antivirus
companies, this ensures that our service uses the latest signature sets.

Website scanning is done in some cases by querying vendor databases that have been shared
with VirusTotal and stored on our premises, and in other cases by API queries to an antivirus
company's solution. As such, as soon as a given contributor blocklists a URL it is
immediately reflected in user-facing verdicts.

Detailed results

VirusTotal not only tells you whether a given antivirus solution detected a submitted file as
malicious, but also displays each engine's detection label (e.g., I-Worm.Allaple.gen). The
same is true for URL scanners, most of which will discriminate between malware sites,
phishing sites, suspicious sites, etc. Some engines will provide additional information,
stating explicitly whether a given URL belongs to a particular botnet, which brand is
targeted by a given phishing site, and so on.

94
Information Technology Department
1. Go the Web site: https://www.virustotal.com

2. Select File and upload the suspicious files for analysed & Confirm Upload

3. No threat detected.

95
Information Technology Department
4. Select URL and type the weblink, here www.youtube.com website is analysed.

5. Select search & type covin.gov.in portal

Questions:

1. Deffine “VirusTotal”
2. What is Vulnerability to Internet Crimes?

Conclusion:

96
Information Technology Department

Experiment – 12 Date:
Aim: Prepare a document by using various digital platforms, newspapers or any
social media platform to identify cyber-crimes that have been done in your city.
Introduction:
​ Cyber crime also called computer crime, the use of a computer as an instrument to
further illegal ends, such as committing fraud, trafficking in child pornography
and intellectual property, stealing identities, or violating privacy. Cybercrime, especially
through the Internet, has grown in importance as the computer has become central to
commerce, entertainment, and government.
Cyber attacks:
Introduction of common types of attacks:
A cyber-attack is an exploitation of computer systems and networks. It uses
malicious code to alter computer code, logic or data and lead to cybercrimes, such as
information and identity theft.
Types of attacks are classified into two categories
1. Web based attacks
2. System based attacks
1. Web based attacks:
These are the attacks which occur on a website or web applications. Some of the
important web-based attacks are as follows:
1. Injection attacks
2. DNS Spoofing
3. Session Hijacking
4. Phishing
5. Brute force
6. Denial of Service
7. URL interpretation
8. Man in the middle attacks
2. System based attacks:
These are the attacks which are intended to compromise a computer or a computer
network. Some of the important system-based attacks are as follows:
1. Virus
2. Worm
3. Trojan Horse
4. Backdoors
5. Bots

97
Information Technology Department
Malware:
Malware is malicious software such as spyware, ransom ware, viruses and worms. Malware
is activated when a user clicks on a malicious link or attachment, which leads to installing
dangerous software. Cisco reports that malware, once activated can:

​ Block access to key network components (ransom ware)

​ Install additional harmful software

​ Covertly obtain information by transmitting data from the hard drive (spyware)

​ Disrupt individual parts, making the system inoperable.

​ Cyber crime in Surat

The city has witnessed nearly 300% increase in cyber crime cases compared to the previous
year till July in the pandemic period. Data shows that citizens have lost Rs three crore to cyber
frauds till July this year. Of the total money siphoned off online, around Rs 1.34 crore was
frozen in bank accounts or returned to victims after cops took action.

Police have now launched a month-long awareness campaign Cyber Sanjivani to create
awareness about such frauds. In all, 75 cyber crimes were registered in the city up to July in
2020 but 203 have already been registered this year.

Source: TIMES OF INDIA, newspaper.

​ Surat police register 27 more cyber-crime FIRs in a day

Information Technology Department
Surat: Continuing their process of registering complaints related to cyber-crime fraud
and online harassment, city police registered 27 more cases on Wednesday. Interestingly, except
one complaint of online harassment, the remaining complaints are all related to financial frauds.

While the complaints had been received a few months ago, cops have registered the FIRs
late, which they claim were being done only after preliminary investigation. However, legal
experts do not buy the police explanation and claim that investigation is possible even after
registering the complaint.

Source: TIMES OF INDIA, newspaper.

​ Cyber crooks held duping retired bank employee of Rs 43 lakh

Surat: cyber crime sleuths nabbed four persons from Uttar Pradesh and Delhi for their
alleged involvement in an online fraud through which the accused duped a 66 year old retired
bank employee of Rs 42.81 lakh. The accused were traced through their bank account
transactions five months after they committed the crime. Police arrested the accused and
recovered cash Rs 12.25 lakh from them.

The accused first contacted the victim in October 2017 and managed to convince him to buy
insurance policies worth Rs 48.35 lakh. The victim deposited Rs 1.81 lakh in the bank account.
The accused again contacted the victim in December 2020 and offered to get the maturity
amount paid before the policy period ends. The victim agreed after which the accused asked
him to deposit the money, as payment of various charges, in different bank accounts. The victim
paid a total Rs 42.81 lakh in multiple transactions in three months.

When the victim did not receive any money despite paying a huge amount he realized that
he was duped. He then approached police and logged a complaint in March. Police started
tracing the bank accounts in which the victim was asked to transfer the money. The victim never
met the accused and in hope of getting money he kept paying!

Source: TIMES OF INDIA, newspaper.

Information Technology Department

Questions:

1. What is cyber crime?

2. What are the various types of cyber-crimes?
3. Define malware.

Conclusion: