- Microsoft Azure (Virtual Machines/Compute)
- Remote Desktop
- Various Command-Line Tools
- Various Network Protocols (SSH, RDH, DNS, HTTP/S, ICMP)
- Wireshark (Protocol Analyzer)
- Windows 10 (22H2)
- Ubuntu Server 22.04
First we create our Resource Group and Virtual Machines
Make sure to have the Windows VM create a new virtual network and subnet
For the Ubuntu VM we will use the virtual network created by the Windows VM
We then use the windows vm's virtual ip to remote into it using Remote Desktop Connection
(Make sure to use the username you set during setup to login)
Inside the Windows VM, install Wireshark
Once we have this all setup, we can begin observing network protocol traffic by clicking the blue fin on the top left
Starting of with ICMP, simply type on the search bar to filter the traffic
Next we will ping our Ubuntu VM from our Windows VM and we can see traffic being sent in Wireshark
(Make sure to use the VM's private IP address and not the public one
Go over to the Ubuntu VM's Network Security Group and create a new rule to deny ICMP requests
Pinging the VM again will result in timeouts
From this exercise we know now enough to observe traffic of any network protocol.
In our Windows VM, login to the Ubuntu VM using powershell and ssh
On Command Prompt, issue the Windows VM a new IP address using the command 'ipconfig /renew'
Go back to Command Prompt and use the command 'nslookup' to generate DNS traffic
When we filter for RDP traffic (tcp.port == 3389), there will a nonstop stream of traffic. This is because the RDP (protocol) is constantly showing you a live stream from one computer to another, therefor traffic is always being transmitted
