ISO 9001: 2000

Laboratory Manual

Level – IV

Sub :Network Engineering

BE (IT)

Kasegaon Education Society’s

Rajarambapu Institute of Technology, Rajaramnagar.

Post – Sakharale,
Tal : Walwa, Dist : Sangli- 416 414.
 Rajarambapu Institute of Technology,
Rajaramnagar.
Document No : SP-PP-01
Practical Plan Issue No./ Date :
Subject : Network Engg. Revision No./Date :
Ref. : Procedure RIT-7.5.1-01 Page : 1 of 1
TITLE : Practical Plan

Sr. Document
Document Title
No No.

01 Introduction To Subject

02 NE-PP-01 Introduction to Networking Devices.

03 NE-PP-02 Windows 2003 Server- Installation

Windows 2003- Study and configuration of TCP/IP

04 NE-PP-03

Windows 2003- Study and configuration of DHCP service with

05 NE-PP-04
static as well as dynamic address binding

06 NE-PP-05 Windows 2003- Study and configuration of Active Directory

Windows 2003- Study and configuration of File server with DISK

07 NE-PP-06
QUOTAS
08 Windows 2003- Study and configuration of Mail Server (SMTP,
NE-PP-07
POP3)

09 NE-PP-08 Linux- Installation & basic configurations

10 NE-PP-9 Linux- Study and management of users and groups

11 NE-PP-10 Study of different security tools:Nmap,Nessus,Nikto,Snort

12 NE-PP-11 Study of GnuPG

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
 Experiment No. 1
Title: Introduction to Networking devices.

Aim: To study basics of Network devices.

Objective: To learn about network -basics, models, protocols, architectures and

devices.

Relevance: Prerequisites for implementing networks.

Theory:
Networking Basics:
A network is comprised of two fundamental parts, the nodes and the links. A
node is some type of network device, such as a computer. Nodes are able to
communicate with other nodes through links, like cables.
Other than computer, different network devices can occur in network to link to
another nodes. The some of them are as follows:
1. Network Repeater

A repeater connects two segments of your network cable. It retimes and

regenerates the signals to proper amplitudes and sends them to the other
segments. When talking about, ethernet topology, you are probably talking about
using a hub as a repeater. Repeaters require a small amount of time to regenerate
the signal. This can cause a propagation delay which can affect network
communication when there are several repeaters in a row. Many network
architectures limit the number of repeaters that can be used in a row. Repeaters
work only at the physical layer of the OSI network model.

2. Bridge

A bridge reads the outermost section of data on the data packet, to tell where the
message is going. It reduces the traffic on other network segments, since it does
not send all packets. Bridges can be programmed to reject packets from
particular networks. Bridging occurs at the data link layer of the OSI model,
which means the bridge cannot read IP addresses, but only the outermost
hardware address of the packet. In our case the bridge can read the ethernet data
which gives the hardware address of the destination address, not the IP address.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
 Bridges forward all broadcast messages. Only a special bridge called a
translation bridge will allow two networks of different architectures to be
connected. Bridges do not normally allow connection of networks with different
architectures. The hardware address is also called the MAC (media access
control) address. To determine the network segment a MAC address belongs to,
bridges use one of:

• Transparent Bridging - They build a table of addresses (bridging table) as they

receive packets. If the address is not in the bridging table, the packet is
forwarded to all segments other than the one it came from. This type of bridge is
used on ethernet networks.
• Source route bridging - The source computer provides path information inside
the packet. This is used on Token Ring networks.

3. Network Router

A router is used to route data packets between two networks. It reads the
information in each packet to tell where it is going. If it is destined for an
immediate network it has access to, it will strip the outer packet, readdress the
packet to the proper ethernet address, and transmit it on that network. If it is
destined for another network and must be sent to another router, it will re-
package the outer packet to be received by the next router and send it to the next
router. The section on routing explains the theory behind this and how routing
tables are used to help determine packet destinations. Routing occurs at the
network layer of the OSI model. They can connect networks with different
architectures such as Token Ring and Ethernet. Although they can transform
information at the data link level, routers cannot transform information from one
data format such as TCP/IP to another such as IPX/SPX. Routers do not send
broadcast packets or corrupted packets. If the routing table does not indicate the
proper address of a packet, the packet is discarded.

4. Gateway

A gateway can translate information between different network data formats or

network architectures. It can translate TCP/IP to AppleTalk so computers
supporting TCP/IP can communicate with Apple brand computers. Most
gateways operate at the application layer, but can operate at the network or
session layer of the OSI model. Gateways will start at the lower level and strip
information until it gets to the required level and repackage the information and
work its way back toward the hardware layer of the OSI model. To confuse
issues, when talking about a router that is used to interface to another network,
the word gateway is often used. This does not mean the routing machine is a
gateway as defined here, although it could be.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
 There are basically two different network techniques for establishing
communication between nodes on a network: the circuit switched network and the
packet-switched network techniques.

The two most common types of networks are peer-to-peer and client/server.
Both networks serve the same purpose. They allow users to share information or
resources. The most basic way to allow multiple users to share information or
resources, such as printers and fax machines, is to connect multiple computers in a
peer-to-peer network. In a client/server network, a single computer(the server
hardware) is used to store and manage information and resources in a central location.
That computer is loaded with server software that is designed to perform specific tasks
and provide specific services such as file sharing, print processing, Internet connectivity
and e-mail for each of the network’s “client” computers. The clients in the client/server
network can be individual computers, printers, or other remote devices

Several different connection strategies and protocols exist that can be used to
maintain communication among many network devices.

Local Area Networks (LANs) are used for connecting network devices over a
relatively short distance. Typically, a LAN operates in a limited space, such as an office
building, a school or a home. LANs are usually owned and managed by a single person
or organization. They also use certain specific connectivity technologies, often some
type of shared media. An important feature of a LAN is its topology, where the term
topology refers to the layout of connected network devices on a network. We can think
of topology as a network's shape. Network topologies can be categorized into the
following basic types:

The bus topology uses a shared communication medium, often referred to as a

common bus, to connect all network devices (Figure 4). A device that wants to
communicate with another device on the network sends the packet onto the bus.
All devices that are connected to the bus will receive the sent packet but the
Intended recipient is the only device that actually accepts and processes the
packets.

The ring topology is structured in such a way that every network device on the
network has exactly two neighbors for their communication purposes. All
packets travel along a ring in the same direction The star topology features a
logical communication center to which all network devices are directly
connected. Each device requires a separate cable to the central point and
consequently all packets will travel through the communication center.

The star topology features a logical communication center to which all network
devices are directly connected. Each device requires a separate cable to the
central point and consequently all packets will travel through the communication
center
Prepared by : Approved by:
Ms. A.R.Jakhale Head of Department
There are several different protocols that can be utilized together with each network
topology. Aside from identifying the standards of communications between the network
devices, a protocol sets the technical specifications needed to transmit data within a
network. To transmit a message to another device in a network, the message is split into
data packets. These data packets are then transmitted via the communication media and
are reassembled again at the receiving end. The standardized protocols utilize different
network topologies together with the cable and antenna layer to build different LAN
architectures that are either wired or wireless. These protocols offer the second building
block for successful digital communications, the transmission layer.

The Internet protocol suite is a layered protocol family where each layer builds upon
the layer below it, adding new functionality. The lowest layer is concerned purely with
sending and receiving data utilizing the transmission layer. At the top are protocols
designed for specific tasks, such as sending and receiving motion pictures, sound and
control information. The protocols in between handle things such as dividing the
message data into packets and forwarding them reliably between network devices.

Internet Protocol
The Internet Protocol (IP) is the basis of the Internet protocol suite and is the single
most popular network protocol in the world. IP enables data to be transmitted across
and between local area networks, hence the name: Inter-net Protocol. Data travels over
an IPbased network in the form of IP packets (data units). Each IP packet includes both
a header and the message data itself, where the header specifies the source, the
destination, and other information about the data. IP is a connectionless protocol where
each packet is treated as a separate entity, like a postal service. Any mechanisms for
ensuring that sent data arrives in a correct and intact manner are provided by higher-
layer protocols in the suite. Each network device has at least one IP address that
uniquely identifies it from all other devices on the network. In this manner,
intermediate nodes can correctly guide a sent packet from the source to the destination.

Transport Protocol
The Transport Control Protocol (TCP) is the most common protocol for assuring that
an IP packet arrives in a correct and intact manner. TCP provides reliable transmission
of data for upper layer applications and services in an IP environment. TCP offers
reliability in the form of a connection-oriented, end-to-end packet delivery through an
interconnected network. The Internet Protocol suite provides an adaptation to the
transmission layer protocols and offers a standardized architecture for communication
over an interconnected collection of LANs, i.e. a WAN. This is a tremendous advance,
mainly because we’re able to connect and communicate over different physical
connections in a standardized way. With IP as the basis, the Internet Protocol suite
provides the third building block for successful digital communications, the IP layer.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
 In network, some computers are used specifically for providing services, that
useful for managing the network, routing packets, applicational level services. These
services are used by overall network and required to be configured with server
operating systems. These computers are always referred as servers. Network operating
systems (NOS) typically are used to run computers that act as servers. They provide the
capabilities required for network operation. Network operating systems are also
designed for client computers and provide functions so the distinction between network
operating systems and stand alone operating systems is not always obvious. Network
operating systems provide the following functions:

• File and print sharing.

• Account administration for users.
• Security.

Installed Components

• Client functionality
• Server functionality

Functions provided:

• Account Administration for users

• Security
• File and print sharing

Network services

• File Sharing
• Print sharing
• User administration
• Backing up data

Practical Work: -

Output/Conclusion:
Communication between two computer is accomplished by the IP and group of
computers (homogenous/heterogeneous) when connected together to perform specific
task is called as network.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
Experiment No. 2
Title: Windows 2003 Server- Installation

Aim: To install Windows 2003 Server- Installation

Objective: Understanding Windows 2003 Server- Installation steps and its overview.

Relevance: Windows 2003 Server is major server operating system having tools for
network implementation as well as network administration.

Theory:

Windows 2003 Server overview

Windows Server 2003 (also referred to as Win2K3) is a server operating system
produced by Microsoft. Introduced on April 24, 2003 as the successor to Windows
2000 Server. According to Microsoft, Windows Server 2003 is more scalable and
delivers better performance than its predecessor, Windows 2000. Unlike Windows 2000
Server, Windows Server 2003's default installation has none of the server components
enabled, to reduce the attack surface of new machines. Windows Server 2003 includes
compatibility modes to allow older applications to run with greater stability. It was
made more compatible with Windows NT 4.0 domain-based networking. Incorporating
and upgrading a Windows NT 4.0 domain to Windows 2000 was considered difficult
and time-consuming, and generally was considered an all-or-nothing upgrade,
particularly when dealing with Active Directory. Windows Server 2003 brought in

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
enhanced Active Directory compatibility, and better deployment support, to ease the
transition from Windows NT 4.0 to Windows Server 2003 and Windows XP
Professional.

New and updated features:

• Internet Information Services (IIS) v6.0 - A significantly improved version of

IIS.
• Increased default security over previous versions, due to the built-in firewall and
having most services disabled by default.
• Significant improvements to Message Queuing.
• Manage Your Server - a role management administrative tool that allows an
administrator to choose what functionality the server should provide.
• Improvements to Active Directory, such as the ability to deactivate classes from
the schema, or to run multiple instances of the directory server (ADAM)
• Improvements to Group Policy handling and administration
• Improved disk management, including the ability to back up from shadows of
files, allowing the backup of open files.
• Improved scripting and command line tools, which are part of Microsoft's
initiative to bring a complete command shell to the next version of Windows.
• Support for a hardware-based "watchdog timer", which can restart the server if
the operating system does not respond within a certain amount of time.

Practical Work:
Planning the Server Installation

Before you install Windows Server 2003 on a computer, particularly in cases when you
are creating a new network infrastructure, you should create a map of what your
network will look like. In particular, you should outline the servers and other resource
devices, such as printers, that will provide your network clients with services. The role
that a particular server will fill on the network should be determined long before you
install the network operating system. The server's role, such as acting as a domain
controller or a multihomed router (a Windows Server 2003 configured with more than
one network interface card) or a NAT server, dictates not only the server's hardware
configuration, but also the configuration of that server

Windows Server 2003 Standard Edition System Requirements:

Component Requirement

Computer and PC with a 133-MHz processor required; 550-MHz or faster

processor processor recommended (Windows Server 2003 Standard Edition
supports up to four processors on one server)
Memory 128 MB of RAM required; 256 MB or more recommended; 4 GB

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
Component Requirement

maximum
Hard disk 1.25 to 2 GB of available hard-disk space
Drive CD-ROM or DVD-ROM drive
Display VGA or hardware that supports console redirection required; Super
VGA supporting 800 x 600 or higher-resolution monitor
recommended

Steps to install windows 2003 server:

1. Insert bootable CD of Windows 2003 server in CDROM
2. After setup scanning file system, select the option “install Windows 2003
server”. (Other options will be “Repair” and “Quit”).
3. Select the drive to which OS installs. If you have planned to install dual
boot then, select another drive e.g. d: else select c: and install fresh copy
of OS.
4. Next file system menu will be displayed to ask format, convert and leave
file system. Select appropriate option and press “Enter”.
5. Next menu is License agreement and CD-Key input dialog box.
6. After that setup will ask you for regional settings, computer name and
administrators password. Here it finalization of setup starts and setup
ends.

Output/Conclusion:
Installation of Windows 2003 Server is completed with simple steps.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
Experiment No. 3
Title: Windows 2003- Study and configuration of TCP/IP.

Aim: To study TCP/IP and learn how it is configured in W2k3.

Objective: Assigning IP address to system and its configuration.

Relevance: Some standard tools are available to setup TCP/IP protocol and its
configuration. Introduction of such tools.

Theory:
TCP/IP Overview:
The Internet standards use a specific set of terms when referring to network elements
and concepts related to TCP/IP networking. These terms provide a foundation for
subsequent chapters. Figure 1-1 illustrates the components of an IP network.
Prepared by : Approved by:
Ms. A.R.Jakhale Head of Department
Common terms and concepts in TCP/IP are defined as follows: · Node Any device,
including routers and hosts, which runs an implementation of IP. Router A node that
can forward IP packets not explicitly addressed to itself. On an IPv6 network, a router
also typically advertises its presence and host configuration information. Host A node
that cannot forward IP packets not explicitly addressed to itself (a non-router). A host is
typically the source and the destination of IP traffic. A host silently discards traffic that
it receives but that is not explicitly addressed to itself. Upper-layer protocol A protocol
above IP that uses IP as its transport. Examples include Internet layer protocols such as
the Internet Control Message Protocol (ICMP) and Transport layer protocols such as
the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
However, Application layer protocols that use TCP and UDP as their transports are not
considered upper-layer protocols. File Transfer Protocol [FTP] and Domain Name
system [DNS] fall into this category. LAN segment A portion of a subnet consisting of
a single medium that is bounded by bridges or Layer 2 switches. Subnet One or more
LAN segments that are bounded by routers and use the same IP address prefix. Other
terms for subnet are network segment and link. Network Two or more subnets
connected by routers. Another term for network is internetwork. Neighbor A node
connected to the same subnet as another node.Interface The representation of a physical
or logical attachment of a node to a subnet. An example of a physical interface is a
network adapter. An example of a logical interface is a tunnel interface that is used to
send IPv6 packets across an IPv4 network. Address An identifier that can be used as the
source or destination of IP packets and that is assigned at the Internet layer to an
interface or set of interfaces. Packet The protocol data unit (PDU) that exists at the
Internet layer and comprises an IP header and payload.

TCP/IP Tools in Windows

Arp Allows you to view and edit the Address Resolution Protocol (ARP) cache. The
ARP cache maps IPv4 Addresses to media access control (MAC)
addresses Windows uses these mappings to send data on the
local network.

Hostname Displays the host name of the computer.

Ipconfig Displays current TCP/IP configuration values for both IPv4 and IPv6.
Also used to manage DHCP configuration and the DNS client resolver
cache.
Lpq Displays the status of print queues on print servers running Line Printer Daemon
(LPD) software.

Nbtstat Checks the state of current NetBIOS over TCP/IP connections, updates
the Lmhosts cache, and determines the registered names and scope ID.
Prepared by : Approved by:
Ms. A.R.Jakhale Head of Department
Netsh Displays and allows you to administer settings for IPv4 or IPv6 on either the
local computer or a remote computer.

Netstat Displays statistics and other information about current IPv4 and IPv6
connections.

Nslookup Queries a DNS server.

Ping Tests IPv4 or IPv6 connectivity to other IP nodes.

Route Allows you to view the local IPv4 and IPv6 routing tables and to modify the
local IPv4 routing table.

Tracert Traces the route that an IPv4 or IPv6 packet takes to a destination.

Pathping Traces the route that an IPv4 or IPv6 packet takes to a destination and
displays information on packet losses for each router and subnet in the
path.

Practical Work:

You can use the Ipconfig tool to verify the TCP/IP configuration parameters on a host,
including the following:

-For IPv4, the IPv4 address, subnet mask, and default gateway.

- For IPv6, the IPv6 addresses and the default router.

Ipconfig is useful in determining whether the configuration is initialized and whether a

duplicate IP address is configured. To view this information, type ipconfig at a
command prompt. Here is an example of the display of the Ipconfig tool for a computer
running Windows XP that is using both IPv4 and IPv6:

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
Type ipconfig /all at a command prompt to view the IPv4 and IPv6 addresses of DNS
servers, the IPv4 addresses of Windows Internet Name Service (WINS) servers (which
resolve NetBIOS names to IP addresses), the IPv4 address of the DHCP server, and
lease information for DHCP-configured IPv4 addresses.

The Ping Tool

After you verify the configuration with the Ipconfig tool, use the Ping tool to test
connectivity. The Ping tool is a diagnostic tool that tests TCP/IP configurations and
diagnoses connection failures. For IPv4, Ping uses ICMP Echo and Echo Reply
messages to determine whether a particular IPv4-based host is available and functional.
For IPv6, Ping uses ICMP for IPv6 (ICMPv6) Echo Request and Echo Reply messages.
The basic command syntax is ping Destination, in which Destination is either an IPv4
or IPv6 address or a name that can be resolved to an IPv4 or IPv6 address.

To verify a computer’s configuration and to test for router connections, do the

following:
1. Type ipconfig at a command prompt to verify whether the TCP/IP configuration has
initialized.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
2. Ping the IPv4 address of the default gateway or the IPv6 address of the default router
to verify whether they are functioning and whether you can communicate with a node
on the local network.
3. Ping the IPv4 or IPv6 address of a remote node to verify whether you can
communicate through a router. If you start with step 3 and you are successful, then you
can assume that you would be successful with steps 1 and 2.

Also we can use graphical tools for same purpose,

Open -> start-> control Panel -> Network Connection
Select the connection and right click and goto properties. Follwing window will appper.

Select TCP/IP and click properties:

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
Here you can set IP, subnet mask, as well as default gateway for the network.

Output/Conclusion:

TCP/IP Configuration in windows can done using tool ipconfig as well as using
properties of TCP/IP in control panel.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
Experiment No. 4

Title: Windows 2003- Study and configuration of DHCP service.

Aim: To study DHCP and its implementation on Windows 2003 server.

Objective: Understanding of automatic IP address allocation.

Relevance: Network administrators must understand how DHCP works so that they
can correctly configure the components of a DHCP infrastructure to allocate IPv4
addresses and other configuration options for DHCP clients on one or more subnets

Theory:
DHCP is a TCP/IP standard that reduces the complexity and administrative overhead of
managing network client IPv4 addresses and other configuration parameters. A
properly configured DHCP infrastructure eliminates the configuration problems
associated with manually configuring TCP/IP. A DHCP infrastructure consists of the
following elements:
DHCP servers
Computers that offer dynamic configuration of IPv4 addresses and related
configuration parameters to DHCP clients.
DHCP clients
Network nodes that support the ability to communicate with a DHCP server to
obtain a dynamically leased IPv4 address and related configuration parameters.
DHCP relay agents
Network nodes, typically routers, that listen for broadcast and unicast DHCP
messages and relay them between DHCP servers and DHCP clients. Without
DHCP relay agents, you would have to install a DHCP server on each subnet
that contains DHCP clients.
Each time a DHCP client starts, it requests IPv4 addressing information from a DHCP
server, including:
· IPv4 address
· Subnet mask
· Additional configuration parameters, such as a default gateway address, Domain
Name System (DNS) server addresses, a DNS domain name, and Windows Internet
Name Service (WINS) server addresses. When a DHCP server receives a request, it
selects an available IPv4 address from a pool of addresses defined in its database
Prepared by : Approved by:
Ms. A.R.Jakhale Head of Department
(along with other configuration parameters) and offers it to the DHCP client. If the
client accepts the offer, the IPv4 addressing information is leased to the client for a
specified period of time. The DHCP client will typically continue to attempt to contact
a DHCP server if a response to its request for an IPv4 address configuration is not
received, either because the DHCP server cannot be reached or because no more IPv4
addresses are available in the pool to lease to the client. For DHCP clients that are
based on Microsoft Windows XP or Windows Server 2003 operating systems, the
DHCP Client service uses the alternate configuration when it cannot contact a DHCP
server. The alternate configuration can be either an Automatic Private IP Addressing
[APIPA] address or an alternate configuration that has been configured manually.
Requests for Comments (RFCs) 2131 and 2132 define the operation of DHCP clients
and servers. RFC 1542 defines the operation of DHCP relay agents. All DHCP
messages are sent using the User Datagram Protocol (UDP). DHCP clients listen on
UDP port 67. DHCP servers listen on UDP port 68. DHCP relay agents listen on both
UDP ports.
Practical Work:
Before you install a Windows-based DHCP server, ask yourself these questions:
Q.1. What IPv4 configuration options will DHCP clients obtain from a DHCP server
(such as default gateway, DNS servers, a DNS domain name, or WINS servers)?
The IPv4 configuration options determine how you should configure the DHCP server
and whether the options should be created for all clients in the entire network, clients on
a specific subnet, or individual clients.
Q.2.Will all computers become DHCP clients? If not, consider that non-DHCP clients
have static IPv4 addresses, and you might have to exclude those addresses from the
scopes that you create on DHCP servers. If a specific DHCP client
requires a specific IPv4 address, you must reserve the address.
Q.3.Will a DHCP server supply IPv4 addresses to multiple subnets?
If so, each subnet must contain a DHCP relay agent. If a subnet does not have a DHCP
relay agent, you must install a separate DHCP server on the subnet.
Q.4.How many DHCP servers do you require?
To ensure fault tolerance for DHCP configuration, you should use at least two DHCP
servers. You might need additional DHCP servers for branch offices of a large
organization.

To install the DHCP Server service on Windows Server 2003, do the following:
1. Click Start, click Control Panel, double-click Add or Remove Programs, and then click
Add/Remove Windows Components.
2. Under Components, click Networking Services.
3. Click Details.
4. In Subcomponents of Networking Services, click Dynamic Host Configuration Protocol
(DHCP), and then click OK.
5. Click Next. If prompted, type the full path to the Windows Server 2003 installation
files, and then click Next.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
The DHCP Server service starts automatically. The DHCP Server service must be
running to communicate with DHCP clients.

Output/Conclusion: Clients are getting IP addresses from the same range.

Experiment No. 5
Title: Windows 2003- Study and configuration of Active Directory.
Aim: Understanding concept of Active Directory and implementing it on Windows
2003 Server.
Relevance: Active Directory is the directory service for Windows Server.
Theory:

Active Directory stores information about objects on the network and makes this
information easy for administrators and users to find and use. Active Directory
directory service uses a structured data store as the basis for a logical, hierarchical
organization of directory information.

Security is integrated with Active Directory through logon authentication and access
control to objects in the directory. With a single network logon, administrators can
manage directory data and organization throughout their network, and authorized
network users can access resources anywhere on the network. Policy-based
administration eases the management of even the most complex network.

The Active Directory directory service has the following features:

• A data store, also known as the directory, which stores information about Active
Directory objects. These objects typically include shared resources such as
servers, files, printers, and the network user and computer accounts. For more
information about the Active Directory data store, see Directory data store.
• A set of rules, the schema, that defines the classes of objects and attributes
contained in the directory, the constraints and limits on instances of these
objects, and the format of their names. For more information about the schema,
see Active Directory schema overview.
• A global catalog that contains information about every object in the directory.
This allows users and administrators to find directory information regardless of
which domain in the directory actually contains the data. For more information
about the global catalog, see Global catalog.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
 • A query and index mechanism, so that objects and their properties can be
published and found by network users or applications. For more information
about querying the directory, see Finding directory information.
• A replication service that distributes directory data across a network. All domain
controllers in a domain participate in replication and contain a complete copy of
all directory information for their domain. Any change to directory data is
replicated to all domain controllers in the domain. For more information about
Active Directory replication, see Replication goals and strategies.
• Integration with the security subsystem for a secure logon process to a network,
as well as access control on both directory data queries and data modifications.
For more information about Active Directory security, see Security model.
• To gain the full benefits of Active Directory, the computer accessing the Active
Directory over the network must be running the correct client software. To
computers not running Active Directory client software, the directory will
appear just like a Windows NT directory. For more information about client
software.

The Active Directory administrative tools that are included with Windows Server
simplify directory service administration. You can use the standard tools or, using
Microsoft Management Console (MMC), create custom tools that focus on single
management tasks. You can combine several tools into one console. You can also
assign custom tools to individual administrators with specific administrative
responsibilities. For information about MMC, see Creating and opening MMC
consoles. The Active Directory administrative tools can only be used from a computer
with access to a Windows domain. The following Active Directory administrative tools
are available on the Windows Server Administrative Tools menu of all
Windows domain controllers:

• Active Directory Users and Computers

• Active Directory Domains and Trusts
• Active Directory Sites and Services

Practical Work:

Following are the steps used for installation of active directory:

1. Open “Manage your server” from control panel.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
 2. Click on Add or Remove roles.
3. Select the option “Active directory(Domain Controller)”.
4. Click “Next” to active directory installation wizard.
5. In directory installation wizard first it will ask type of domain controller. Select
“Domain Controller for a New Domain.” Click on Next.
6. Select “A New Domain”. Click on “Next”.
7. Enter “DNS full name for domain” in New Domain Name Window. e.g. cse.rit or
domain1.com. Click on “Next”.
8. Enter NetBIOS name for Domain. Click on “Next”.
9. Next few dialogs are related with files to be used by Active Directory. Click on
“Next”.
10. Finally, it will prompts you to enter AD restore mode password. Enter password
and Click on “Next”.
(Note: During installation, error might occur due to DNS server, you may select
“install DNS server” or “I will correct it later”).

Managing Active Directory:

You can manage your AD using “Manage your server wizard” .

Or you will find same functionalities in “Administrative Tools”.

These are :
1. Manage users and computers in Active Directory.
2. Manage domains and trusts.
3. Manage sites and services.

Output/Conclusion:
Prepared by : Approved by:
Ms. A.R.Jakhale Head of Department
 Thus, Active Directory is installed and users are created successfully.

Experiment No. 6

Title: Windows 2003- Study and configuration of File server with DISK QUOTAS
Aim:
Objective:

Theory:

Output/Conclusion:

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
Experiment No. 7
Title: Windows 2003- Study and configuration of Mail Server (SMTP, POP3)

Aim: Configuring Mail Server on Windows 2003 server.

Objective: Learning mailing system and protocols used to email transfer.

Theory:

POP3 is a client-server protocol in which email is received and held by a mail

server. Messages are downloaded to a local computer all at once, thereby making
offline reading easier. The POP3 (Post Office Protocol version 3) service is an email
service that retrieves email messages. Administrators can use the POP3 service to store
and manage email accounts on the mail server. Although the Microsoft Exchange
family provides more flexibility to a mail server, the user experience on an email client
Prepared by : Approved by:
Ms. A.R.Jakhale Head of Department
(such as Outlook Express) - when sending or receiving email - is the same. The end
user will not notice the difference when downloading their personal email from the
server.

Practical Work:
(Refer EmailServer.pdf)

Output/Conclusion:
The mails are successfully transmitted to users.

Experiment No. 8
Title: Linux- Installation

Aim: To install Linux Operating System.

Objective: Understanding of Linux OS and its subsystems.

Relevance: Linux is a major operating system, widely used for the server platform.

Theory:
Linux operating system is available in different distributions. Here Red Hat
Enterprise Linux is used for installation and rest of the features implementations.
Prepared by : Approved by:
Ms. A.R.Jakhale Head of Department
Linux, is only the kernel of the operating system, the part that controls hardware,
manages files, separates processes, and so forth. There are several combinations of
Linux with sets of utilities and applications to form a complete operating system. Each
of these combinations is called a distribution of Linux. The word Linux, though it in its
strictest form refers specifically to the kernel, is also widely and correctly to refer to an
entire operating system built around the Linux kernel.

Linux Features:

• multitasking: several programs running at the same time.

• multiuser: several users on the same machine at the same time (and no two-user
licenses!).
• multiplatform: runs on many different CPUs, not just Intel.
• multiprocessor:
• multithreading: has native kernel support for multiple independent threads of
control within a single process memory space.
• has memory protection between processes, so that one program can't bring the
whole system down.
• demand loads executables: Linux only reads from disk those parts of a program
that are actually used.
• shared copy-on-write pages among executables. This means that multiple
process can use the same memory to run in. When one tries to write to that
memory, that page (4KB piece of memory) is copied somewhere else. Copy-on-
write has two benefits: increasing speed and decreasing memory use.
• virtual memory using paging (not swapping whole processes) to disk: to a
separate partition or a file in the filesystem, or both, with the possibility of
adding more swapping areas during runtime (yes, they're still called swapping
areas). A total of 16 of these 128 MB (2GB in recent kernels) swapping areas
can be used at the same time, for a theoretical total of 2 GB of useable swap
space. It is simple to increase this if necessary, by changing a few lines of source
code.
• a unified memory pool for user programs and disk cache, so that all free memory
can be used for caching, and the cache can be reduced when running large
programs.
• does core dumps for post-mortem analysis, allowing the use of a debugger on a
program not only while it is running but also after it has crashed.
• mostly compatible with POSIX, System V, and BSD at the source level.
• through an iBCS2-compliant emulation module, mostly compatible with SCO,
SVR3, and SVR4 at the binary level.
• all source code is available, including the whole kernel and all drivers, the
development tools and all user programs; also, all of it is freely distributable.
Plenty of commercial programs are being provided for Linux without source, but
everything that has been free, including the entire base operating system, is still
free.
• pseudoterminals (pty's).
Prepared by : Approved by:
Ms. A.R.Jakhale Head of Department
 • multiple virtual consoles: several independent login sessions through the
console, you switch by pressing a hot-key combination (not dependent on video
hardware). These are dynamically allocated; you can use up to 64.
• Supports several common filesystems, including minix, Xenix, and all the
common system V filesystems, and has an advanced filesystem of its own,
which offers filesystems of up to 4 TB, and names up to 255 characters long.
• transparent access to MS-DOS partitions (or OS/2 FAT partitions) via a special
filesystem: you don't need any special commands to use the MS-DOS partition,
it looks just like a normal Unix filesystem (except for funny restrictions on
filenames, permissions, and so on). MS-DOS 6 compressed partitions do not
work at this time without a patch (dmsdosfs). VFAT (WNT, Windows 95)
support and FAT-32 is available in Linux 2.0
• CD-ROM filesystem which reads all standard formats of CD-ROMs.
• TCP/IP networking, including ftp, telnet, NFS, etc.
• Netware client and server
• Lan Manager/Windows Native (SMB) client and server
• Many networking protocols: the base protocols available in the latest
development kernels include TCP, IPv4, IPv6, AX.25, X.25, IPX, DDP
(Appletalk), Netrom, and others. Stable network protocols included in the stable
kernels currently include TCP, IPv4, IPX, DDP, and AX.25.

Following are some files requires for TCP/IP configuration:

/etc/resolv.conf - host name revolver configuration file

/etc/hosts - locally resolve node names to IP addresses

/etc/nsswitch.conf - System Databases and Name Service Switch configuration

file

TCP/IP ethernet configuration:

• Network configuration:
/usr/sbin/system-config-network
• /usr/bin/redhat-config-network
• Text console configuration tool:
/usr/sbin/system-config-network-tui (Text User Interface (TUI) for Fedora Core
2/3)
/usr/bin/redhat-config-network-tui
• Text console network configuration tool.
First interface only - eth0: /usr/sbin/netconfig
• /usr/bin/netcfg (GUI) (last available with RH 7.1)

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
Static IP address assignment:
/sbin/ifconfig eth0 192.168.10.12 netmask 255.255.255.0 broadcast
192.168.10.255

Practical Work:

INSTALLATION & COFIGURATION

Install Linux OS with Following specifications
1. Install Using CDROM
2. Mount points -
a. / - max possible OR 6000M
b. /home – 4000M
c. swap – 1500M
d. /boot – 500M
e. /var – 600M
3. Install Boot Loader in MBR
4. Boot Loader – Grub
5. Default OS to boot - Linux
6. Firewall – Disable
7. SELinux – Enable (Warn Only)
8. Language – English
9. Network Configuration – Static Configuration
10. Proper Time Zone
11. Packages –
a. Office Productivity
b. X & Gnome & KDE
c. Other important Utilities
d. Development tools
{Note : Don’t install any server as ftp , samba etc}
After Installation
12. Don’t register the OS

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
 Create one normal user say BECSE with proper password

Output/Conclusion:
Linux was installed successfully and login by new user is also checked.

Experiment No. 09
Prepared by : Approved by:
Ms. A.R.Jakhale Head of Department
Ti tle : Linux- Study and management of users and groups

Ai m : Creating groups, users and understanding the concepts.

O bj e c tiv e : Creating groups, users and understanding the concepts

Rel e va nce : For a administrator, most important task is creating users and assigning permissions to
them. Managing user accounts and groups is an essential part of system administration within an
organization. But to manage users effectively, a good system administrator must understand what user
accounts and groups are and how they work.

The ory :

User accounts are used within computer environments to verify the identity of the person using a
computer system. By checking the identity of a user, the system is able to determine if the user is
permitted to log into the system and, if so, which resources the user is allowed to access.

Groups are logical constructs that can be used to cluster user accounts together for a specific purpose.
For instance, if a company has a group of system administrators, they can all be placed in a system
administrator group with permission to access key resources and machines. Also, through careful group
creation and assignment of privileges, access to restricted resources can be maintained for those who
need them and denied to others.

After a normal user account is created, the user can log into the system and access any applications or
files they are permitted to access. Red Hat Linux determines whether or not a user or group can access
these resources based on the permissions assigned to them.
There are three permissions for files, directories, and applications. The following lists the symbols used
to denote each, along with a brief description:
r — Indicates that a given category of user can read a file.
w — Indicates that a given category of user can write to a file.
x — Indicates that a given category of user can execute the file.
A fourth symbol (-) indicates that no access is permitted.
Each of the three permissions are assigned to three defined categories of users. The categories are:
owner — The owner of the file or application.
group — The group that owns the file or application.
everyone — All users with access to the system.
One can easily view the permissions for a file by invoking a long format listing using the command ls -l.
For instance, if the user juan creates an executable file named foo, the output of the command ls -l foo
would look like this:
-rwxrwxr-x 1 juan juan 0 Sep 26 12:25 foo

The permissions for this file are listed are listed at the start of the line, starting with rwx. this first set of
symbols define owner access. the next set of rwx symbols define group access, with the last set of
symbols defining access permitted for all other users.
This listing indicates that the file is readable, writable, and executable by the user who owns the file
(user juan) as well as the group owning the file (which is a group named juan). the file is also world-
readable and world-executable, but not world-writable.

One important point to keep in mind regarding permissions and user accounts is that every application
run on Red Hat Linux runs in the context of a specific user. typically, this means that if user juan
launches an application, the application runs using user juan's context. however, in some cases the
application may need more access in order to accomplish a task. such applications include those that
edit system settings or log in users. for this reason, special permissions have been created.
There are three such special permissions within Red Hat Linux. they are as follows:

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
 setuid — used only for applications, this permission indicates that the application runs as the
owner of the file and not as the user executing the application. It is indicated by the character s
in place of the x in the owner category. If the owner of the file does not have execution
permissions, the S is capitalized.
setgid — used primarily for applications, this permission indicates that the application runs as
the group owning the file and not as the group executing the application. If applied to a
directory, all files a user creates within the directory are owned by the group who owns the
directory, rather than by the user's private group. It is indicated by the character s in place of the
x in the group category. If the group owner of the file or directory does not have execution
permissions, the S is capitalized.
sticky bit — used primarily on directories, this bit dictates that a file created in the directory can
be removed only by the user who created the file. it is indicated by the character t in place of
the x in the everyone category. in Red Hat Linux the sticky bit is set by default on the /tmp/
directory for exactly this reason.

Another point worth noting is that user account and group names are primarily for peoples'
convenience. Internally, the system uses numeric identifiers. for users, this identifier is known as a UID,
while for groups the identifier is known as a GID. Programs that make user or group information
available to users translate the UID/GID values into their more human-readable counterparts.

Pr a c tic a l Wor k :

Add a new user and assign them to be members of the group "accounting":
useradd -m -g accounting user2

Add a new user and assign them to be members of the initial group "accounting" and supplementary
group "floppy":
useradd -m -g accounting -G floppy user1

Group Commands:

• gpasswd: administer the /etc/group file

• groupadd: Create a new group
Format: groupadd [-g gid [-o]] [-f] [-K KEY=VALUE] group
Example: groupadd accounting
• groupmod: Modify a group
Format: groupmod [-g gid [-o ]] [-n new_group_name] group
Example - Change name of a group: groupmod -n accounting nerdyguys
• groupdel: Delete a group
Example: groupdel accounting
• vigr: Edit the group file /etc/group with vi. No arguments specified.

Permissions may be viewed by issuing the command: ls -l file-name

• File can be written by yourself and members of the group. Others may only view it.
-rw-rw-r-- user group file-size date file-name
• Directory is completely open for read/write:
drwxrwxrwx user group file-size date directory-name
• File can only be accessed by owner (user):
-rwx------ user group file-size date file-name

Where the first block of "rwx" represents the permissions for the user (u), the second is for the group (g)
and the third is for others (o). The "-" represents no access for that access placeholder for user, group
or other.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
Permissions may be granted using human readable assignments "rwx" or octal codes.

Description Abreviation Octal code

Read access r 4
Write (change) permission w 2
Execute script of binary executable x 1
Read and Execute rx 5
Read and Write rw 6
Read, Write and Execute rwx 7

Use of octal assignment does not add or remove permission, but assigns the permission explicitly.
Examples:

• Assign yourself full access to read and modify the file, allow members of the group to read it
and do not allow any others access:
chmod 640 filename
• Assign execute status to a script with the same access as the previous example. (Without it, a
script is like any other text file)
chmod 740 filename

O utput/ Con c l usi on:

Users are created successfully and permissions are assigned to them.

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
Experiment No. 10
Ti tle : Study of different security tools:Nmap,Nessus,Nikto,Snort
Ai m :
O bj e c tiv e :.

Rel e va nce :

The ory :

O utput/ Con c l usi on:

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department
Experiment No. 11
Ti tle : Study of GnuPG
Ai m :
O bj e c tiv e :
Rel e va nce : .

The ory :
O utput:

Prepared by : Approved by:

Ms. A.R.Jakhale Head of Department