Azure networking lab analyzing ICMP, SSH, DNS, DHCP, and RDP traffic using Wireshark.
This project demonstrates how to observe and analyze network traffic using Wireshark inside a cloud environment hosted on Microsoft Azure. Virtual machines were created inside the same virtual network to generate traffic and analyze different network protocols.
The goal of the lab was to understand how protocols such as ICMP, SSH, DHCP, DNS, and RDP behave on a network and how firewall rules affect connectivity.
- Microsoft Azure
- Windows 10 Virtual Machine
- Ubuntu Linux Virtual Machine
- Wireshark
- Remote Desktop Protocol (RDP)
- PowerShell / Command Prompt
The lab environment was built using Microsoft Azure.
Infrastructure components:
- Resource Group
- Virtual Network (VNet)
- Subnet
- Windows 10 Virtual Machine
- Ubuntu Linux Virtual Machine
Both virtual machines were placed inside the same virtual network and subnet to allow communication between them.
The first step was deploying cloud infrastructure in Azure.
Actions performed:
- Created a Resource Group in Azure.
- Created a Windows 10 Virtual Machine.
- Created an Ubuntu Linux Virtual Machine.
- Ensured both VMs were connected to the same Virtual Network and Subnet.
This allowed the machines to communicate with each other using private IP addresses.
After connecting to the Windows VM using Remote Desktop, Wireshark was installed to monitor traffic.
Steps performed:
- Connected to the Windows VM using Remote Desktop Protocol (RDP).
- Installed Wireshark on the Windows VM.
- Started packet capture to observe live network traffic.
Wireshark was used to analyze different types of network packets generated during the lab.
To generate ICMP traffic:
- Retrieved the private IP address of the Ubuntu VM.
- Sent ping requests from the Windows VM to the Ubuntu VM.
- Filtered Wireshark using the ICMP protocol filter.
- Observed ping request and reply packets.
This demonstrated how ICMP is used for connectivity testing and network diagnostics.
A firewall rule was applied to control traffic between the machines.
Actions performed:
- Initiated a continuous ping from Windows VM to Ubuntu VM.
- Blocked inbound ICMP traffic.
- Observed the ping requests begin to fail.
- Re-enabled ICMP traffic and confirmed connectivity returned.
This demonstrated how firewall rules affect network communication.
Next, secure remote access traffic was generated.
Steps performed:
- Started packet capture in Wireshark.
- Filtered for SSH traffic.
- Connected to the Ubuntu VM using SSH from the Windows VM.
- Ran commands inside the Linux terminal.
This allowed observation of encrypted SSH traffic packets.
To observe DHCP activity:
- Filtered Wireshark for DHCP packets.
- Ran the command:
ipconfig /renew
This forced the system to request a new IP address and generated DHCP traffic visible in Wireshark.
DNS traffic was analyzed by performing domain lookups.
Command used:
nslookup google.com
nslookup disney.com
Wireshark showed DNS queries and responses resolving domain names to IP addresses.
Wireshark was used to filter traffic using:
tcp.port == 3389
This displayed continuous Remote Desktop traffic between systems because RDP constantly streams screen updates and user input.
- Cloud infrastructure deployment
- Virtual machine networking
- Packet analysis with Wireshark
- Firewall configuration using Network Security Groups
- Network protocol analysis (ICMP, SSH, DHCP, DNS, RDP)
- Remote administration using RDP and SSH