We will use Wireshark to observe network traffic between Azure Virtual Machines and experiment with Network Security Groups.
- Microsoft Azure (Virtual Machine Deployment)
- Wireshark (Packet Analyzer)
- RDP
- Various Command-Line Tools
- Various Network Protocols (ICMP, SSH, DHCP, HTTP/S, etc.)
- Windows 10 (21H2)
- Ubuntu Server 20.04
- Deploying the VMs on Azure
- Preparing the Wireshark
- Observing the traffic of different network protocols
- Cleaning up the lab
Begin by navigating to the Azure Portal.
Create a resource group named "LAB-Wireshark."
Set up two virtual machines within the resource group:
- Windows VM (Private IP: 10.0.0.4)
- Ubuntu VM (Private IP: 10.0.0.5)
Both virtual machines should be created within the same Virtual Network (VNet).
For more detailed documentation on the creation of the virtual machines, you can see here: https://github.com/shoganaich/azure-osticket/wiki/1.-Prerequisites-and-Virtual-Machine-Setup
Connect to the Windows VM using Remote Desktop Protocol (RDP).
Download and install Wireshark on the Windows VM.
Test the connectivity by pinging the Ubuntu VM and observe the ICMP traffic.
Check the connectivity with google.com.
Initiate a continuous ping between both VMs.
Create an inbound rule in the Network Security Group to block all ICMP traffic.
Notice that all ICMP traffic between the machines is blocked.
After removing the rule, observe the restoration of normal traffic flow.
Start an SSH session between the Windows VM and the Ubuntu VM, and observe SSH traffic.
Observe the requests and replies with each command typed in the terminal.
Type the command ipconfig /renew on the Windows VM to request a new IP address from the DHCP server, and monitor the DHCP traffic.
Inspect the RDP session traffic, which shows a continuous flow as the session remained active throughout the lab. Specifically, inspect the TCP traffic on port 3389 to analyze the RDP traffic in detail.
Delete the entire resource group to prevent unnecessary costs after the lab is complete.
This lab demonstrates network traffic setup and monitoring within an Azure environment using Wireshark. By following these steps, you have learned how to create virtual machines, configure a virtual network, and analyze different types of network traffic, including ICMP, SSH, DHCP, and RDP. These exercises are crucial for understanding network behavior and troubleshooting issues.
I highly recommend that you take a deeper dive into this topic by tweaking the network settings, trying out different types of traffic, and utilizing additional monitoring tools. This will not only improve your comprehension of network management and security but also spark your curiosity and drive to explore further.
Thank you for experiencing this lab. If you have questions or would like to explore more advanced scenarios, please reach out through the issues section of this repository or submit pull requests with your suggestions to improve this lab.
Distributed under the MIT License. See LICENSE for more information.
