https://github.com/itsrubenclarke/azure-network-traffic-analysis

This project focused on mirroring a real network environment by establishing a connection between two virtual machines using Windows and Linux in Microsoft Azure's Cloud environment. This allowed me to perform a basic network traffic inspection using WireShark and implement some Network Security Group rules to block, re-enable and observe effects.
https://github.com/itsrubenclarke/azure-network-traffic-analysis

azure linux-ubuntu powershell rdp-connection windows-10 wireshark

Last synced: about 1 month ago
JSON representation

This project focused on mirroring a real network environment by establishing a connection between two virtual machines using Windows and Linux in Microsoft Azure's Cloud environment. This allowed me to perform a basic network traffic inspection using WireShark and implement some Network Security Group rules to block, re-enable and observe effects.

• Host: GitHub
• URL: https://github.com/itsrubenclarke/azure-network-traffic-analysis
• Owner: itsrubenclarke
• Created: 2025-02-11T14:43:01.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2025-03-24T12:20:17.000Z (about 2 months ago)
• Last Synced: 2025-03-24T13:28:37.002Z (about 2 months ago)
• Topics: azure, linux-ubuntu, powershell, rdp-connection, windows-10, wireshark
• Homepage:
• Size: 26.4 KB
• Stars: 0
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        






Azure: Network Traffic Analysis With WireShark

 

This project is the second amongst a collection focused on implementing Azure and Active Directory.

The goal is to create a basic lab that mirrors a real working network environment, providing me with hands-on learning and practical experience with Microsoft Azure, PowerShell and WireShark.

In this project, I will establish a connection between two virtual machines using Windows and Linux in Microsoft Azure's Cloud environment. 

This will allow me to perform a basic network traffic inspection using WireShark and implement some Network Security Group rules to block, re-enable and observe different traffic types.



Prerequisites


-  Azure: Creating a Virtual Machine 

Key Objectives



  
Remote Connectivity

  

  -  Establish Remote Desktop Connection (RDP) between the Virtual Machines (VMs)




  
Basic Network Analysis and Filtering

  

  -  Capture ICMP traffic between the Virtual Machines (VMs)

  -  Use Network Security Groups (NSG) in Azure to block and re-enable ICMP Traffic


Environments and Technologies Used


- Microsoft Azure (Virtual Machines, Networking)

- Windows App (Remote Desktop Protocol)

- Wireshark (Traffic Analysis)

- PowerShell (Command-line Operations)



  
Operating Systems Used

  


| **Operating System**        | **Role**               |

|----------------------------|------------------------|

|  Windows (Windows 10 Pro) | Windows Virtual Machine |

|  Linux (ubuntu 22.04) | Linux Virtual Machine              |





Remote Desktop Connection




 Step 1: Establish Remote Desktop Connection


- Go to [Portal.azure.com](https://portal.azure.com)

- Search for "Virtual Machines" in the Azure search bar

- Select the "windows-vm" you created earlier and copy its Public IP address

- Launch your Remote Desktop Connection Application

    - Mac Users download Windows App Formerly known as "Microsoft Remote Desktop"

    - Windows Users open and use Remote Desktop

- Select "Add PC"

- Choose "Add Credentials" from the drop-down and enter the credentials you created earlier, noting to accept the security prompt and proceed

- You can now establish a remote connection to your virtual machine, by right-clicking the newly added device

  





Observe ICMP Traffic Using WireShark


Step 2: Download and Run WireShark


- Within your Windows virtual machine launch the Edge Browser

- Visit https://www.wireshark.org/download.html

- Download the Windows x64 Installer

- Launch the Wireshark installer

- Continue through the installation prompts

- Ensure to select the check box for install "Npcap" to allow Wireshark to capture live network data

- Launch the Wireshark Application once the installation is complete

- Select the Ethernet option which has began to display network activity

- Click the shark icon in the upper left corner of the application window to begin analysing the network traffic

- A new window will be displayed titled "Capturing from Ethernet" as shown below





Step 3: Confirm Connection Between Virtual Machines


- Using Wireshark filter for ICMP traffic

- Retrieve the private IP address of the Ubuntu Linux Virtual Machine (10.0.0.5)

- Attempt to ping Linux Virtual Machine from with the Windows 10 Virtual Machine

- Observe the ping requests and replies within Wireshark



Step 4: Perpetual Pings & Network Security Groups(Firewalls)


- Initial a perpetual(non-stop-ping) from your Windows Virtual Machine to your Linux Machine using the following command:

  - "ping 10.0.0.5 -t"

- In your Windows Virtual Machine observe the continiuos ping requests and replies between the machines in both PowerShell and Wireshark

- Return to [Portal.azure.com](https://portal.azure.com)

- Open the Network Security Group your Linux Virtual Machine is using and disable incoming ICMP Traffic

![NSG Ruling](https://github.com/user-attachments/assets/030d90e2-2538-4417-9b92-a97c03d3ad38)

Step 5: Adding an Inbound Security Rule


- Set the source as "any"

- Source port ranges as "*"

- Destination "any"

- Service "Custom"

- Destination port ranges "*"

- Protocol "ICMPv4"

- Action "Deny"

- Priority "290" to evaluate this rule first



- In your Windows Virtual Machine, observe the Failing ping requests and timeout notices

- Re-enable the ICMP traffic for the Network Security Group your Virtual Machine is using and notice the replies begin to resume

- Stop the ping activities using "CTRL +C"

Step 6: Making an SSH Connection & Observing Traffic


- Within your Windows Virtual Machines PowerShell

- Enter the "SSH" followed by the private ip address of your Linux machine

- You'll be prompted for your password, enter the credentials you created earlier

- Once your connection is established you can trial running some commands like "whoami" in PowerShell with the SSH filter applied in Wireshark to observe the traffic



Project Summary


🎉Congratulations! You have carried out your first network traffic analysis using WireShark!🎉

In this project we established a remote desktop connection between a Windows (Windows 10 Pro) Virtual Machine and a Linux (ubuntu 22.04) Virtual Machine together using the Remote Desktop Connection (RDP).

Upon completion of these we carried out a basic network traffic analysis using WireShark and implemented Network Security Groups (NSG) in Azure to disable, re-enable and observe different traffic types including ICMP and SSH.