Microsoft Azure Virtual Machines Traffic Inspection

In this tutorial I analyze and observe various network traffic protocols between Azure Virtual Machines with Wireshark. This is a great excercise for anyone who seeks to learn about and observe network traffic in a controlled environment.

Environments and Technologies Used

  • Microsoft Azure (Virtual Machines) abbreviated VM. VMs are used to install the software that is used to analyze the traffic being sent.

  • Remote Desktop Protocol (RDP) is used to connect to the virtual machines and it is one type of traffic observed in wireshark.

  • Various Command-Line Tools are used such as Command Prompt for ping commands and Powershell to ssh into the second virtual machine.

  • Network Protocols (SSH, RDH, DNS, ICMP, DHCP) are observed in wireshark as both VMs communicate with each other under various commands.

  • Wireshark is the network traffic analyzer used to observe the different types of traffic being sent between both VMs.

Operating Systems Used

  • Windows 10 (21H2)

  • Ubuntu Server 20.04

Pre-Requisites

Creating the virtual machines

Step 1.a – After signing in to your Azure account, go into Resource Groups and create a Resource Group.

1.b Give the resource group a name (click review and create).

1.c Then click create and wait a few moments….

1.d The Resource Group is Created

Step 2.a – Create two Virtual Machines. One Windows and one Linux (as displayed below).

2b. Choose the resource group, name, region and operating system for the VM. Then click review and create.

2c. Choose the size, create a username and password, click the confirm box then click review and create.

2d. Also create a VM using Ubuntu as the operating system

2e. The virtual machine has been created

Step 3 – Log in to VM1 using it’s ip address

Step 4 – After logging in to the VM, navigate to Microsoft Edge and install Wireshark

Now that you have logged in you can continue on to the traffic observation steps detailed below.

Actions and Observations

These observations are made by inputting commands that corresond to the type of traffic one wishes to observe and then filtering Wireshark by the corresponding traffic type.

Below is RDP (Remote Desktop Protocol) traffic observation after filtering for RDP traffic in Wireshark

Below is DHCP (Dynamic Host Control Protocol) traffic observation using Wireshark

Below is DNS (Domain Name System) traffic observation using Wireshark

Below is SSH (Secure Shell) traffic observation using Wireshark

Below are the steps for ICMP (nternet Control Message Protocol) traffic observation from a perpetual ping and ICMP traffic stop after the inbound firewall rule is set

1. Set the perpetual ping comand to ping VM2 and observe the ICMP traffic

2. Change the Inbound firewall rule to deny ICMP traffic

3. Observe the ping request times out after the firewall rule was put in place (*note – The ping request timed out due to the ICMP traffic being denied as the firewall rule blocked the traffic)

Thank Your for looking! ☺

error: Content is protected !!
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?