- Microsoft Azure (Virtual Machines/Compute)
- Remote Desktop
- Various Command-Line Tools
- Various Network Protocols (SSH, RDH, DNS, HTTP/S, ICMP)
- Wireshark (Protocol Analyzer)
- Windows 10 (21H2)
- Ubuntu Server 20.04
- Observe ICMP Traffic
- Observe SSH Traffic
- Observe DHCP Traffic
- Observe DNS Traffic
- Observe RDP Traffic
1.) We'll start by creating a resource group to house both our virtual machines. After setting up the resource group, we'll proceed to establish our first virtual machine. This initial machine will run on Windows 10. Choose the resource group you've created and label the virtual machine as VM1. Ensure you opt for Windows 10 Pro, version 22H for the operating system. The machine should have a minimum of 2 vcpus and 16 GB of memory. Set up a username and password of your preference, and retain the default options for the inbound port rules.
2.) After this step we are going to click on next until we get to the networking page and it should automatically create a virtual network and subnet for us.
Click review and create our VM.
Now that we have created our first VM we are going to go ahead and create our second VM, but this time it will be a Ubuntu Server 20.04 LTS machine. It will be the same process as creating our first machine but instead we are going to switch the SSH public key to password instead.
Click next until we get to the networking page again.
The networking should automatically give us the virtual network from VM1 as well as the subnet.
Click review and create, and it will create our second VM.
2.) With both virtual machines operational, let's connect to our Windows 10 VM using the Remote Desktop Connection application. After connecting, navigate to your browser to download and install Wireshark.
"Wireshark is an open-source packet analyzer available at no cost. It's commonly utilized for network troubleshooting, analysis, and the development of software and communication protocols, as well as educational purposes."
3.) Open wireshark and filter for ICMP traffic only.
4.) We are going to want to retrieve the private IP address of our Ubuntu VM and then attempt to ping it from within our Windows 10 VM using wireshark. To ping the private IP address of the Ubuntu machine open CMD or Powershell on the Windows machine and type: ping 10.0.0.5 or whatever the private IP address is for your Ubuntu machine.
In either CMD or Powershell ping www.google.com and observe the traffic in wireshark.
5.) We then are going to initiate a non-stop ping from our Windows 10 VM to our Ubuntu VM.
6.) Open the Network Security Group of our Ubuntu machine and disable incoming (inbound) ICMP traffic. To disable incoming ICMP traffic click "Add" new rule and copy everything exactly from the picture. Once that is done you can create the rule and it will create automatically and show up as a new rule.
Now that we have disabled incoming ICMP traffic from VM2 if we go back to VM1 you can see the ping request is timing out.
7.) Re-enable ICMP traffic for the Network Security Group your Ubuntu VM is using Back in the Windows 10 VM, observe the ICMP traffic in WireShark and the command line Ping activity (should start working) Stop the ping activity
8.) The next thing we are going to do is Observe SSH Traffic.