This tutorial details the prerequisites and installation steps for Wireshark and explains how to use it to monitor various network protocols and view real-time network traffic using two virtual machines in Microsoft Azure.
- Microsoft Azure
- Wireshark
- Windows Powershell
- Windows 10
- Ubuntu Linux
- Microsoft Azure Subscription
- Wireshark
- Microsoft Windows PC
- Windows Powershell
- Microsoft Azure (1 Resource Group, 2 Virtual Machines, and a Virtual Network)
Step 1: Create a Resource Group
Create a Resource Group using the Azure Portal website (A resource group can also be created using the Azure CLI, see my other tutorial for that method)
Step 2: Create a Windows 10 Virtual Machine (VM)
a. While creating the Virtual Machine, select the previously created Resource Group.
Step 3: Create a Linux (Ubuntu) Virtual Machine
a. While creating the Virtual Machine, select the previously created Resource Group and VNET.
Step 4: Observe Your Virtual Network Topology within Network Watcher
Step 5: Connect to the Windows 10 Virtual Machine and install Wireshark
a. Use Remote Desktop to connect to your Windows 10 Virtual Machine.
b. Within your Windows 10 Virtual Machine, Install Wireshark.
Step 6: Open Wireshark and filter for ICMP traffic
a. Retrieve the private IP address of the Ubuntu Virtual Machine and attempt to ping it from within the Windows 10 Virtual Machine.
b. Observe ping requests and replies within WireShark.
Step 7: Initiate a perpetual/non-stop ping from your Windows 10 Virtual Machine to your Ubuntu Virtual Machine
a. Open the Network Security Group your Ubuntu Virtual Machine is using and disable (deny) incoming (inbound) ICMP traffic.
b. Back in the Windows 10 Virtual Machine, observe the ICMP traffic in WireShark and the command line Ping activity (notice the perpetual ping has stopped due to inbound ICMP traffic being disabled).
c. Re-enable ICMP traffic for the Network Security Group your Ubuntu Virtual Machine is using.
d. Back in the Windows 10 Virtual Machine, observe the ICMP traffic in WireShark and the command line Ping activity (it should resume working again).
Step 8: Observe SSH Traffic
a. Back in Wireshark, filter for SSH traffic.
b. From your Windows 10 Virtual Machine, “SSH into” your Ubuntu Virtual Machine (via its private IP address). Type commands (username, pwd, etc) into the Linux SSH connection and observe SSH traffic in WireShark.
Step 9: Observe DHCP Traffic
a. Back in Wireshark, filter for DHCP traffic.
b. From your Windows 10 Virtual Machine, attempt to issue your Virtual Machine a new IP address from the command line (ipconfig /renew) Observe the DHCP traffic appearing in WireShark.
Step 10: Observe DNS Traffic
a. Back in Wireshark, filter for DNS traffic.
b. From your Windows 10 within a command line, use nslookup to see the google.com IP address. Observe the DNS traffic being shown in WireShark.
Lab Cleanup (DON’T FORGET TO DO THIS)
a. Close your Remote Desktop connection.
b. Delete the Resource Group(s) created at the beginning of this lab.
A big shoutout to Course Careers and Josh Madakor for providing the inspiration for this lab!