npm - chiwormjava - Versions diffs - 2.0.3 → 2.0.5 - Mend

chiwormjava 2.0.3 → 2.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/readme.md +1079 -171

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "chiwormjava",
-  "version": "2.0.3",
+  "version": "2.0.5",
   "main": "index.js",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"

package/readme.md CHANGED Viewed

@@ -43,222 +43,1139 @@ javacodewatch
 ---
 ---
+Step 1: Place devices
+Add in Packet Tracer:
+2 Routers (2621XM)
+2 Switches (2960)
+4 PCs
+Arrange as:
+PC1 PC2        PC3 PC4
+ |    |          |    |
+Switch1          Switch2
+    |                |
+  Router1 ---- WAN ---- Router2
+Step 2: Add Serial Ports
+Click Router -> Physical tab
+Turn Power OFF
+Insert WIC-2T module
+Turn Power ON
+Now Serial0/0/0 and Serial0/0/1 will be available
+Step 3: Connect cables
+LAN:
+PC to Switch using Copper Straight-Through
+Switch to Router using Copper Straight-Through
+WAN:
+Use Serial DCE cable
+Router1 Serial0/0/0 to Router2 Serial0/0/0
+Step 4: Configure Router1
+enable
+configure terminal
+interface gigabitEthernet 0/0
+ip address 192.168.1.1 255.255.255.0
+no shutdown
+exit
+interface serial 0/0/0
+ip address 172.16.1.1 255.255.255.252
+clock rate 64000
+no shutdown
+exit
+Step 5: Configure Router2
+enable
+configure terminal
+interface gigabitEthernet 0/0
+ip address 10.0.0.1 255.255.255.248
+no shutdown
+exit
+interface serial 0/0/0
+ip address 172.16.1.2 255.255.255.252
+no shutdown
+exit
+Step 6: Configure PCs
+Left network:
+PC1 IP 192.168.1.2 Mask 255.255.255.0 Gateway 192.168.1.1
+PC2 IP 192.168.1.3 Gateway 192.168.1.1
+Right network:
+PC3 IP 10.0.0.2 Mask 255.255.255.248 Gateway 10.0.0.1
+PC4 IP 10.0.0.3 Gateway 10.0.0.1
+Step 7: Configure Routing
+Router1:
+ip route 10.0.0.0 255.255.255.248 172.16.1.2
+Router2:
+ip route 192.168.1.0 255.255.255.0 172.16.1.1
+Step 8: Verify interfaces
+Run:
+show ip interface brief
+Status should be up up
+If not, use no shutdown
+Step 9: Test connectivity
+From PC1:
+ping 10.0.0.2
+Expected reply from destination
+Step 10: Simulation Mode
+Click Simulation
+Reset Simulation
+Edit Filters and select ARP and ICMP
+Send packet using Add Simple PDU from PC1 to PC3
+Click Play or Capture/Forward
+Expected packet flow:
+PC1 -> Switch1 -> Router1 -> Router2 -> Switch2 -> PC3
+First ARP then ICMP communication successful
+Step 1: Setting Up the Topology
+Add devices:
+1 Router (2911 or similar)
+1 Switch (2960)
+3 PCs (PC0, PC1, PC2)
+1 Cloud or Server
+Step 2: Assign IP Addresses
+Private Network:
+PC0 IP 192.168.1.2 Mask 255.255.255.0 Gateway 192.168.1.1
+PC1 IP 192.168.1.3 Mask 255.255.255.0 Gateway 192.168.1.1
+PC2 IP 192.168.1.4 Mask 255.255.255.0 Gateway 192.168.1.1
+Step 3: Configure Router Interfaces
+Router> enable
+Router# configure terminal
+Interface gig0/0
+Router(config)# interface gig0/0
+Router(config-if)# ip address 192.168.1.1 255.255.255.0
+Router(config-if)# no shutdown
+Interface gig0/1
+Router(config)# interface gig0/1
+Router(config-if)# ip address 203.0.113.1 255.255.255.0
+Router(config-if)# no shutdown
+Assign IP to Cloud/Server
+IP 203.0.113.2
+Mask 255.255.255.0
+Step 4: Configure NAT
+Define inside and outside interfaces
+Router(config)# interface gig0/0
+Router(config-if)# ip nat inside
+Router(config-if)# exit
+Router(config)# interface gig0/1
+Router(config-if)# ip nat outside
+Router(config-if)# exit
+Configure PAT
+Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255
+Router(config)# ip nat inside source list 1 interface gig0/1 overload
+Step 5: Configure Routing
+Router(config)# ip route 0.0.0.0 0.0.0.0 203.0.113.2
+Step 6: Test Configuration
+From PC command prompt:
+ping 203.0.113.2
+If reply is received, NAT is working
+Verify NAT translations
+Router# show ip nat translations
+AIM:
+To analyze packet fragmentation by changing packet size and observing its effect using Wireshark.
+Step 1: Open Wireshark
+Launch Wireshark
+Select active interface (WiFi or Ethernet)
+Click Start Capture
+Step 2: Check MTU size
+Open Command Prompt and run:
+netsh interface ipv4 show subinterfaces
+Note MTU value (usually 1500 bytes)
+Step 3: Test without fragmentation
+ping 8.8.8.8 -f -l 1472
+1472 + 28 header = 1500, fits MTU
+Output: Reply received, no fragmentation
+Step 4: Force fragmentation error
+ping 8.8.8.8 -f -l 2000
+Output: Packet needs to be fragmented but DF set
+Meaning: Packet too large and fragmentation not allowed
+Step 5: Allow fragmentation
+ping 8.8.8.8 -l 2000
+Packet is divided into fragments
+May observe delay or packet loss
+Step 6: Analyze in Wireshark
+Apply filter:
+ip.flags.mf == 1 or ip.frag_offset > 0
+Observation:
+Multiple packets for single ping
+Fragmented packets visible
+Observations:
+Fragmented packets have same Identification ID
+Different Fragment Offset values
+MF flag indicates more fragments
+Last packet has MF = 0
+Performance Impact:
+More packets generated
+Increased delay
+Possible packet loss
+Final Observation:
+Small packet: No fragmentation
+Large packet with DF: Error
+Large packet without DF: Fragmentation occurs
+Conclusion:
+If packet size exceeds MTU, it is divided into smaller fragments, affecting performance
+Output:
+Ping command results showing success or error
+Wireshark showing fragmented packets using filter
+Result:
+Fragmentation observed and analyzed successfully
+AIM:
+To identify vulnerabilities and secure the network using Access Control List (ACL) and Port Security.
+Step 1: Topology Setup
+Add devices:
+1 Router (2911)
+1 Switch (2960)
+2 PCs
+Step 2: Connections
+PC1 FastEthernet0 to Switch Fa0/1 using Copper Straight-Through
+PC2 FastEthernet0 to Switch Fa0/2 using Copper Straight-Through
+Switch Fa0/24 to Router GigabitEthernet0/0
+Step 3: Configure PCs
+PC1 IP 192.168.1.10 Mask 255.255.255.0 Gateway 192.168.1.1
+PC2 IP 192.168.1.20 Mask 255.255.255.0 Gateway 192.168.1.1
+Step 4: Configure Router
+enable
+configure terminal
+interface g0/0
+ip address 192.168.1.1 255.255.255.0
+no shutdown
+exit
+Step 5: Test Before Security
+From PC2:
+ping 192.168.1.10
+Communication should be successful
+Step 6: Apply ACL
+access-list 1 deny 192.168.1.20
+access-list 1 permit any
+Apply ACL:
+interface g0/0
+ip access-group 1 in
+exit
+Step 7: Test After Security
+From PC2:
+ping 192.168.1.10
+Should fail
+From PC1:
+ping 192.168.1.20
+Should work
+Step 8: Configure Port Security on Switch
+enable
+configure terminal
+interface fa0/1
+switchport mode access
+switchport port-security
+switchport port-security maximum 1
+exit
+Vulnerabilities Identified:
+No access control
+No device restriction
+No traffic filtering
+Security Measures Applied:
+ACL controls communication between devices
+Port Security restricts number of devices per port
+Additional Concepts:
+IDS detects suspicious activities such as unusual traffic
+IPsec encrypts data for secure transmission
+Simulation (Optional):
+Use Simulation mode
+Filter ICMP
+Observe packet drop due to ACL
+Final Result:
+PC2 is blocked
+PC1 is allowed
+Switch ports are secured
+Network is protected successfully
+AIM:
+To demonstrate IP Spoofing attack and implement security measures to prevent unauthorized access.
+Step 1: Topology Setup
+Devices required:
+1 Router (2911)
+1 Switch (2960)
+PC1 (Trusted user)
+PC2 (Attacker)
+1 Server
+Connections:
+PC1 to Switch Fa0/1
+PC2 to Switch Fa0/2
+Switch Fa0/24 to Router G0/0
+Server to Router G0/1
+Step 2: IP Configuration
+PC1 IP 192.168.1.10 Gateway 192.168.1.1
+PC2 IP 192.168.1.20 Gateway 192.168.1.1
+Server IP 10.0.0.2 Gateway 10.0.0.1
+Step 3: Configure Router
+enable
+configure terminal
+interface g0/0
+ip address 192.168.1.1 255.255.255.0
+no shutdown
+exit
+interface g0/1
+ip address 10.0.0.1 255.255.255.0
+no shutdown
+exit
+Step 4: Configure Routing
+ip route 10.0.0.0 255.255.255.0 10.0.0.1
+Step 5: Apply Trust-Based ACL
+access-list 10 permit 192.168.1.10
+access-list 10 deny any
+interface g0/0
+ip access-group 10 in
+Step 6: Test Before Attack
+From PC1:
+ping 10.0.0.2 (should work)
+From PC2:
+ping 10.0.0.2 (should fail)
+Step 7: Simulate IP Spoofing
+Change PC2 IP to 192.168.1.10
+Test again:
+ping 10.0.0.2 (should work)
+Step 8: Impact
+Unauthorized access
+Security bypass
+Fake identity
+Step 9: Countermeasure 1 Anti-Spoofing ACL
+ip access-list extended ANTI-SPOOF
+deny ip 192.168.1.0 0.0.0.255 any
+permit ip any any
+interface g0/1
+ip access-group ANTI-SPOOF in
+Step 10: Countermeasure 2 uRPF
+interface g0/0
+ip verify unicast source reachable-via rx
+Step 11: Switch Port Security
+enable
+configure terminal
+interface fa0/1
+switchport mode access
+switchport port-security
+switchport port-security maximum 1
+switchport port-security mac-address sticky
+switchport port-security violation shutdown
+Final Understanding:
+Before ACL everyone allowed
+ACL allows only trusted IP
+Spoofing bypasses security
+uRPF blocks spoofed packets
+Conclusion:
+IP-based trust is not secure and must be verified using mechanisms like uRPF and port security
+Result:
+Attack simulated successfully
+Vulnerability identified
+Security measures implemented
+AIM:
+To allow normal UDP communication and block unwanted UDP traffic using ACL.
+Step 1: Build the Network
+Devices required:
+1 Router (2911)
+1 Switch (2960)
+PC1 (Client)
+PC2 (Attacker)
+1 Server
+Connections:
+PC1 FastEthernet0 to Switch Fa0/1
+PC2 FastEthernet0 to Switch Fa0/2
+Server FastEthernet0 to Switch Fa0/3
+Switch Fa0/24 to Router GigabitEthernet0/0
+Step 2: IP Configuration
+PC1 IP 192.168.1.10 Gateway 192.168.1.1
+PC2 IP 192.168.1.30 Gateway 192.168.1.1
+Server IP 192.168.1.20
+Subnet Mask 255.255.255.0
+Step 3: Configure Router
+enable
+configure terminal
+interface g0/0
+ip address 192.168.1.1 255.255.255.0
+no shutdown
+exit
+Step 4: Enable UDP Service on Server
+Open Server -> Services -> DNS
+Turn DNS ON
+Add entry:
+Name example.com
+Address 192.168.1.20
+Step 5: Test UDP Communication
+From PC1:
+nslookup example.com 192.168.1.20
+UDP communication should work
+Step 6: Apply ACL to Block Attacker
+Router(config)# access-list 100 deny udp host 192.168.1.30 any
+Router(config)# access-list 100 permit ip any any
+Apply ACL:
+interface g0/0
+ip access-group 100 in
+exit
+Step 7: Test After ACL
+From PC2:
+nslookup example.com 192.168.1.20 (should fail)
+From PC1:
+nslookup example.com 192.168.1.20 (should work)
+Step 8: Block DNS Service (Port-Based ACL)
+Router(config)# access-list 101 deny udp any any eq 53
+Router(config)# access-list 101 permit ip any any
+Apply:
+interface g0/0
+ip access-group 101 in
+exit
+Test:
+From PC1:
+nslookup example.com 192.168.1.20 (should fail)
+Step 9: Important Concept
+If all devices are in same network, traffic bypasses router
+Communication becomes PC -> Switch -> Server
+ACL will not work
-##  Step 2: Add Serial Ports (MOST IMPORTANT FIX)
+Step 10: Fix Topology
+Change Server network:
+Server IP 10.0.0.2 Gateway 10.0.0.1
-By default, routers don’t have serial ports.
+Configure Router:
+interface g0/1
+ip address 10.0.0.1 255.255.255.0
+no shutdown
-### Do this for BOTH routers:
+Now traffic flows through router:
+PC -> Router -> Server
+ACL works correctly
-1. Click Router → **Physical tab**
-2. Turn **Power OFF**
-3. From modules:
- Drag **WIC-2T** into slot
-4. Turn **Power ON**
+Concepts:
+UDP is fast and connectionless protocol
+ACL filters traffic based on rules
+Port 53 is used for DNS
+Router must be in path for ACL to work
-Now you will see:
+Result:
+UDP communication tested
+Attacker blocked using ACL
+DNS service blocked using port-based ACL
+Network secured successfully
-```
-Serial0/0/0
-Serial0/0/1
-```
----
-## Step 3: Connect cables (CORRECT WAY)
-### LAN connections
-* PC → Switch → **Copper Straight-Through**
-* Switch → Router (Gig0/0 or Fa0/0) → **Copper Straight-Through**
----
-### WAN connection (Router ↔ Router)
-* Select **Serial DCE cable**
-* Router1 → `Serial0/0/0`
-* Router2 → `Serial0/0/0`
----
-## Step 4: Configure Router1
-Go to CLI:
-```bash
+AIM:
+Create a network, enable DNS (UDP), allow normal user, and block attacker using ACL.
+Step 1: Topology
+PC1 (Client) and PC2 (Attacker) connected to Switch
+Switch connected to Router G0/0
+Router G0/1 connected to Server
+Step 2: Connections
+Use Copper Straight-Through cables
+PC1 to Switch Fa0/1
+PC2 to Switch Fa0/2
+Switch to Router G0/0
+Router G0/1 to Server
+All links should be active
+Step 3: IP Configuration
+PC1 IP 192.168.1.10 Mask 255.255.255.0 Gateway 192.168.1.1 DNS 10.0.0.2
+PC2 IP 192.168.1.30 Mask 255.255.255.0 Gateway 192.168.1.1 DNS 10.0.0.2
+Server IP 10.0.0.2 Mask 255.255.255.0 Gateway 10.0.0.1
+Step 4: Router Configuration
 enable
 configure terminal
-interface gigabitEthernet 0/0
+interface g0/0
 ip address 192.168.1.1 255.255.255.0
 no shutdown
 exit
-interface serial 0/0/0
-ip address 172.16.1.1 255.255.255.252
-clock rate 64000
+interface g0/1
+ip address 10.0.0.1 255.255.255.0
 no shutdown
 exit
-```
----
+Step 5: Enable DNS on Server
+Open Server -> Services -> DNS
+Turn DNS ON
+Add entry:
+Name example.com
+Address 10.0.0.2
-## Step 5: Configure Router2
+Step 6: Initial Testing
+From PC1:
+ping 10.0.0.2
+This builds ARP
-```bash
-enable
+Then:
+nslookup example.com
+Should work successfully
+Step 7: Apply ACL Security
 configure terminal
-interface gigabitEthernet 0/0
-ip address 10.0.0.1 255.255.255.248
+access-list 101 deny udp host 192.168.1.30 any
+access-list 101 permit ip any any
+interface g0/0
+ip access-group 101 in
+exit
+Step 8: Final Testing
+From PC1:
+nslookup example.com
+Should work
+From PC2:
+nslookup example.com
+Should fail
+Concepts:
+Router must be in path for ACL to work
+DNS uses UDP port 53
+First ping builds ARP and avoids timeout
+ACL filters traffic based on rules
+Final Result:
+PC1 allowed
+PC2 blocked
+DNS working
+ACL applied successfully
+AIM:
+Simulate a DNS-based UDP hijacking scenario, observe its impact on the client, and apply basic protection.
+Step 1: Topology Setup
+Connect devices using Copper Straight-Through:
+PC1 to Switch
+PC2 to Switch
+Server to Switch
+Switch to Router
+Ensure all connections are active
+Step 2: IP Configuration
+PC1 IP 192.168.1.10 Mask 255.255.255.0 Gateway 192.168.1.1 DNS 192.168.1.100
+PC2 IP 192.168.1.20 Gateway 192.168.1.1
+Server IP 192.168.1.100 Gateway 192.168.1.1
+Step 3: Router Configuration
+enable
+configure terminal
+interface g0/0
+ip address 192.168.1.1 255.255.255.0
 no shutdown
 exit
-interface serial 0/0/0
-ip address 172.16.1.2 255.255.255.252
+Step 4: Enable DNS on Real Server
+Open Server -> Services -> DNS
+Turn DNS ON
+Add entry:
+example.com maps to 192.168.1.100
+Step 5: Test Normal Output
+From PC1:
+nslookup example.com
+Expected result:
+Name example.com
+Address 192.168.1.100
+Step 6: Simulate Attack
+Turn OFF real server
+On PC2 change IP to 192.168.1.100
+Enable DNS on PC2
+Add entry:
+example.com maps to 5.5.5.5
+Step 7: Test Attack Output
+From PC1:
+nslookup example.com
+Expected result:
+Name example.com
+Address 5.5.5.5
+Observation:
+Before attack DNS resolves to 192.168.1.100
+After attack DNS resolves to 5.5.5.5
+Client is misled
+Step 8: Apply Basic Protection using Port Security
+On Switch CLI:
+enable
+configure terminal
+interface fa0/2
+switchport mode access
+switchport port-security
+switchport port-security maximum 1
+switchport port-security mac-address sticky
+switchport port-security violation shutdown
+exit
+Step 9: Final Check
+Attempt attack again
+Port security blocks attacker or shuts down port
+Output Observation Methods:
+Command Line:
+Use nslookup example.com before and after attack
+Simulation Mode:
+Select Simulation
+Filter DNS or UDP
+Run nslookup
+Observe source IP, destination IP, and UDP port 53
+Conclusion:
+DNS over UDP can be exploited by spoofing
+Client blindly trusts DNS response
+Security measures like port security help prevent attacks
+Result:
+Attack successfully simulated
+Impact observed
+Basic protection applied
+AIM:
+Simulate a DoS condition using continuous requests, observe its impact on a server, and apply prevention techniques.
+Step 1: Topology
+Devices:
+PC1, PC2, PC3, Server connected to Switch
+Switch connected to Router G0/0
+Ensure all connections are active
+Step 2: IP Configuration
+PC1 IP 192.168.1.10
+PC2 IP 192.168.1.20
+PC3 IP 192.168.1.30
+Server IP 192.168.1.100
+Mask 255.255.255.0
+Gateway 192.168.1.1
+Step 3: Router Configuration
+enable
+configure terminal
+interface g0/0
+ip address 192.168.1.1 255.255.255.0
 no shutdown
 exit
-```
----
+Step 4: Enable Server Service
+Open Server -> Services -> HTTP
+Turn HTTP ON
-## Step 6: Configure PCs
+Step 5: Normal Test
+From PC1:
+ping 192.168.1.100
+Stable replies indicate normal operation
-### Left network (Router1 side)
+Step 6: Simulate DoS Attack
+From PC2:
+ping 192.168.1.100 -t
-* PC1
-  IP: `192.168.1.2`
-  Mask: `255.255.255.0`
-  Gateway: `192.168.1.1`
+From PC3:
+ping 192.168.1.100 -t
-* PC2
-  IP: `192.168.1.3`
-  Gateway: `192.168.1.1`
+Continuous traffic is generated
----
+Step 7: Observe Impact
+From PC1:
+ping 192.168.1.100
-### Right network (Router2 side)
+Expected results:
+Request timed out
+High delay
+Packet loss
-* PC3
-  IP: `10.0.0.2`
-  Mask: `255.255.255.248`
-  Gateway: `10.0.0.1`
+Indicates server overload and network congestion
-* PC4
-  IP: `10.0.0.3`
-  Gateway: `10.0.0.1`
+Step 8: Important Concept
+If all devices are in same network, traffic flows directly
+PC -> Switch -> Server
+Router is bypassed
+ACL on router will not work
----
+Step 9: Apply Switch Port Security
+enable
+configure terminal
-##  Step 7: Configure Routing (VERY IMPORTANT)
+interface fa0/2
+switchport port-security
+switchport port-security maximum 1
+switchport port-security violation shutdown
+exit
-### Router1:
+interface fa0/3
+switchport port-security
+switchport port-security maximum 1
+switchport port-security violation shutdown
+exit
+Limits attacker behavior
+Step 10: Improved Topology for Router Control
+Change Server network:
+Server IP 10.0.0.2 Gateway 10.0.0.1
+Add router interface:
+interface g0/1
+ip address 10.0.0.1 255.255.255.0
+no shutdown
+Traffic now passes through router
+Step 11: Apply ACL Protection
+ip access-list extended BLOCK_ICMP
+permit icmp host 192.168.1.10 host 10.0.0.2
+deny icmp any any
+interface g0/0
+ip access-group BLOCK_ICMP in
+Step 12: Final Testing
+From PC1:
+ping 10.0.0.2 (should work)
+From PC2 and PC3:
+ping 10.0.0.2 (should fail)
+Output Observation:
+Command Line:
+Compare ping before and during attack
+Simulation Mode:
+Filter ICMP
+Observe multiple packets and congestion
+Conclusion:
+DoS attack floods server with requests causing delay and packet loss
+Switch port security and ACL help control traffic
+Result:
+Attack simulated
+Impact observed
+Protection applied successfully
+ 1. Basic Network (OSI Flow)
+ PC
+ping 192.168.1.2 ++
+2. IPv4 Addressing + Routing
+ Router
+enable ++
+configure terminal ++
+interface g0/0 ++
+ip address 192.168.1.1 255.255.255.0 ++
+no shutdown ++
+exit ++
+interface s0/0/0
+ip address 172.16.1.1 255.255.255.252
+no shutdown
+exit
-```bash
 ip route 10.0.0.0 255.255.255.248 172.16.1.2
-```
+ PC
+ping 10.0.0.2 ++
-### Router2:
-```bash
-ip route 192.168.1.0 255.255.255.0 172.16.1.1
-```
----
-##  Step 8: Verify interfaces
-Run on both routers:
-```bash
-show ip interface brief
-```
-You MUST see:
-```
-up    up
-```
-If not:
- Use `no shutdown`
----
-##  Step 9: Test connectivity
-From PC1:
+3. NAT (PAT)
+ Router
+enable ++
+configure terminal ++
-```bash
-ping 10.0.0.2
-```
+interface g0/0 ++
+ip nat inside
+exit ++
-Expected:
+interface g0/1 ++
+ip nat outside
+exit ++
-```
-Reply from 10.0.0.2
-```
+access-list 1 permit 192.168.1.0 0.0.0.255 ++
----
+ip nat inside source list 1 interface g0/1 overload
-##  Step 10: See animation (Simulation Mode)
+ip route 0.0.0.0 0.0.0.0 203.0.113.2
+ Router (Check)
+show ip nat translations
+ PC
+ping 203.0.113.2 ++
-1. Click **Simulation**
-2. Click **Reset Simulation**
-3. Click **Edit Filters**
-   * Select only:
-     ```
-     ARP
-     ICMP
-     ```
----
-### Send packet
-* Click **Add Simple PDU (envelope icon)**
-* Click **PC1 → PC3**
----
-### Play
-* Click ▶ play or ⏭ Capture/Forward
+4. IPv4 Packet Analysis
+Wireshark
+ip.version == 4
+PC
+ping 8.8.8.8 ++
----
-## 👀 What you should see
-Packet flow:
-```
-PC1 → Switch1 → Router1 → Router2 → Switch2 → PC3
-```
-* First ARP (finding MAC)
-* Then ICMP (ping)
-* All **green ✔**
----
+ 5. Packet Fragmentation
+ PC
+netsh interface ipv4 show subinterfaces
+ping 8.8.8.8 -f -l 1472
+ping 8.8.8.8 -f -l 2000
+ping 8.8.8.8 -l 2000
+ Wireshark
+ip.flags.mf == 1 or ip.frag_offset > 0
+ 6. Network Security (ACL)
+Router
+enable ++
+configure terminal ++
+access-list 1 deny 192.168.1.20
+access-list 1 permit any
+interface g0/0 ++
+ip access-group 1 in
+exit ++
+ PC
+ping 192.168.1.10 ++
+7. IP Spoofing Protection
+ Router
+enable ++
+configure terminal ++
+ip access-list extended ANTI-SPOOF
+deny ip 192.168.1.0 0.0.0.255 any
+permit ip any any
+interface g0/1
+ip access-group ANTI-SPOOF in
+interface g0/0 ++
+ip verify unicast source reachable-via rx
@@ -272,10 +1189,25 @@ PC1 → Switch1 → Router1 → Router2 → Switch2 → PC3
+8. TCP Hijacking (Prevention)
+ Router
+enable ++
+configure terminal ++
+ip access-list extended BLOCK_TCP
+deny tcp any any eq 23
+permit ip any any
+interface g0/0 ++
+ip access-group BLOCK_TCP in
+9. UDP Hijacking (DNS)
+📍 PC
+nslookup example.com
+📍 Server (DNS setup)
+(No CLI, but concept command equivalent)
+example.com → 192.168.1.100
@@ -289,57 +1221,33 @@ PC1 → Switch1 → Router1 → Router2 → Switch2 → PC3
-Step 1: Setting Up the Topology
-1. Add Devices to the Workspace:
-o Drag and drop:
-▪ 1 Router (e.g., 2911 or similar).
-▪ 1 Switch (e.g., 2960).
-▪ 3 PCs (PC-0, PC-1, PC-2).
-▪ 1 Cloud or Server (representing the internet).
-Step 2: Assign IP Addresses
-For Private Network (PCs and Router Internal Interface)
-● Assign Private IP Addresses to the PCs:
-o PC-0: IP Address: 192.168.1.2 | Subnet Mask: 255.255.255.0 | Default Gateway:
-192.168.1.1
-o PC-1: IP Address: 192.168.1.3 | Subnet Mask: 255.255.255.0 | Default Gateway:
-192.168.1.1
-o PC-2: IP Address: 192.168.1.4 | Subnet Mask: 255.255.255.0 | Default Gateway:
-192.168.1.1
-Step 3: Configure Router interface
-1) gig0/0
-Router> enable
-Router# configure terminal
-Router(config)# interface gig0/0
-Router(config-if)# ip address 192.168.1.1 255.255.255.0
-Router(config-if)# no shutdown
-2) gig0/1
-Router(config)# interface gig0/1
-Router(config-if)# ip address 203.0.113.1 255.255.255.0
-Router(config-if)# no shutdown
-3) Assign an IP Address to the Cloud or Server:
-a. Cloud/Server IP Address: 203.0.113.2
-b. Subnet Mask: 255.255.255.0
-Step 4: Configure NAT on the Router
-Define Inside and Outside Interfaces
-Router(config)# interface gig0/0
-Router(config-if)# ip nat inside
-Router(config-if)# exit
-Router(config)# interface gig0/1
-Router(config-if)# ip nat outside
-Router(config-if)# exit
-Set Up PAT (Port Address Translation)
-Allow multiple private IPs to share one public IP:
-Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255
-Router(config)# ip nat inside source list 1 interface gig0/1 overload
-Step 5: Configure Routing
-Add a Default Route to direct traffic to the public network
-Router(config)# ip route 0.0.0.0 0.0.0.0 203.0.113.2
-Step 6: Test the Configuration
-Test Internet Access from PCs
-1. Open the Command Prompt on any PC.
-2. Ping the external Cloud/Server (e.g., ping 203.0.113.2).
-o If successful, NAT is working correctly.
-Verify NAT Translations on the Router
-On the router CLI, use the following command to see active NAT translations:
-Router# show ip nat translations
+ 10. DoS Simulation
+PC (Attack)
+ping 192.168.1.100 ++
+Switch (Protection)
+enable ++
+configure terminal ++
+interface fa0/2
+switchport port-security
+switchport port-security maximum 1
+switchport port-security violation shutdown
+interface fa0/3
+switchport port-security
+switchport port-security maximum 1
+switchport port-security violation shutdown
+MASTER REPEATED COMMAND LIST
+These appear everywhere (VERY IMPORTANT):
+enable ++
+configure terminal ++
+interface g0/0 ++
+no shutdown ++
+exit ++
+ping ++
+access-list ++
+ip access-group ++