Skip to content

MikeDC93/azure-network-protocols

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 

Repository files navigation

Traffic Examination

Network Security Groups (NSGs) and Inspecting Traffic Between Azure Virtual Machines

In this tutorial, we observe various network traffic to and from Azure Virtual Machines with Wireshark as well as experiment with Network Security Groups.

Environments and Technologies Used

  • Microsoft Azure (Virtual Machines/Compute)
  • Remote Desktop
  • Various Command-Line Tools
  • Various Network Protocols (SSH, RDH, DNS, HTTP/S, ICMP)
  • Wireshark (Protocol Analyzer)

Operating Systems Used

  • Windows 10 (21H2)
  • Ubuntu Server 20.04

High-Level Steps

  • Creating VM's (Windows 10 & Linux/Ubuntu)
  • Observe ICMP Traffic
  • Observe SSH Traffic
  • Observe DHC Traffic
  • Observe RDP Traffic
  • Observe DNS Traffic
  • Obserev DHCP Traffic

Actions and Observations

  • Creating your VM's

    -Create a windows 10 virtual machine

    -Create a linux/Ubuntu virtual machine

Disk Sanitization Steps

Disk Sanitization Steps

-While creating the Linux/Ubuntu VM be sure to chose the same vnet (Virtual Network) as the windows 10 VM

Disk Sanitization Steps

  • Observe ICMP traffic

    -Remote desktop into the windows 10 virtual machine and while in the VM download and install wireshark

    -Open WireShark and filter for ICMP traffic

    -Go into VM-2 (Linux/Ubuntu) and retrieve its private ip address and attepmt to ping it from within the Windows 10 VM.

    -View the request and replys between VM-1 and VM-2 within WireShark after pinging VM-2

    Disk Sanitization Steps

    -In VM-1 using PowerShell attempt to ping googles public ip address and observe the traffic within WireShark

    Disk Sanitization Steps

    -Within Azure go to VM-2's NetWork Security Group and disable all inbound ICMP traffic and Observe request the time outs in WireShark and PowerShell between VM-1 and VM-2

    Disk Sanitization Steps Disk Sanitization Steps

    -Enable inbound ICMP Traffic back in VM-2's NetWork Security Group and observe the succsessful ping in WireShark And PowerShell

    Disk Sanitization Steps

  • Observe ICMP traffic

    -In WireShark filter for SSH traffic

    -In VM-1 SSH into VM-2 VIA its private address

    1.Type commands usernames, pwd, exc. into the linux SSH connectionand observe the traffic in WireShark.

    Disk Sanitization Steps Disk Sanitization Steps

    -Exit the SSH connection by typing exit and pressing enter

  • Observe DHCP Traffic

    -In WireShark filter for DHCP traffic

    -In VM-1 attempt to issue you VM a new IP address using command line (ipconfig/renew)

    1.View the traffic activity in WireShark

    Disk Sanitization Steps

  • Observe DNS Traffic

    -In WireShark filter for DNS traffic

    -While in VM-1 using command prompt or PowerShell use nslookup to see what google.com and disney.com's IP addresses are

    Disk Sanitization Steps

  • Observe RDP Traffic

    -In WireShark filter for RDP traffic(tcp.port==3389)

    -Observe the constant traffic because of the RDP filter

    Disk Sanitization Steps

    End.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published