Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Oserve the immediate non-stop spam of traffic? Why do you think it’s non-stop spamming vs only showing traffic when you do an activity?Īnswer: because the RDP (protocol) is constantly showing you a live stream from one computer to another, therefor traffic is always being transmittedĭelete the Resource Group(s) created at the beginning of this lab Observe the DNS traffic being show in WireSharkīack in Wireshark, filter for RDP traffic only (tcp.port = 3389) Observe the DHCP traffic appearing in WireSharkīack in Wireshark, filter for DNS traffic onlyįrom your Windows 10 VM within a command line, use nslookup to see what and ’s IP addresses are Type commands (username, pwd, etc) into the linux SSH connection and observe SSH traffic spam in WireSharkĮxit the SSH connection by typing ‘exit’ and pressing īack in Wireshark, filter for DHCP traffic onlyįrom your Windows 10 VM, attempt to issue your VM a new IP address from the command line (ipconfig /renew) Re-enable ICMP traffic for the Network Security Group your Ubuntu VM is usingīack in the Windows 10 VM, observe the ICMP traffic in WireShark and the command line Ping activity (should start working)īack in Wireshark, filter for SSH traffic onlyįrom your Windows 10 VM, “SSH into” your Ubuntu Virtual Machine (via its private IP address) Open the Network Security Group your Ubuntu VM is using and disable incoming (inbound) ICMP trafficīack in the Windows 10 VM, observe the ICMP traffic in WireShark and the command line Ping activity Initiate a perpetual/non-stop ping from your Windows 10 VM to your Ubuntu VM Observe ping requests and replies within WireSharkįrom The Windows 10 VM, open command line or PowerShell and attempt to ping a public website (such as and observe the traffic in WireShark Retrieve the private IP address of the Ubuntu VM and attempt to ping it from within the Windows 10 VM Open Wireshark and filter for ICMP traffic only Within your Windows 10 Virtual Machine, Install Wireshark Use Remote Desktop to connect to your Windows 10 Virtual Machine Observe Your Virtual Network within Network Watcher While create the VM, select the previously created Resource Group and Vnet While creating the VM, allow it to create a new Virtual Network (Vnet) and Subnet While creating the VM, select the previously created Resource Group High-Level Deployment and Configuration Steps Microsoft Azure (Virtual Machines/Compute).Tip: you can always use filter in Wireshark to just display the packets you want to see.This documentation illustrates the use of Wireshark to analyze network activity. You should use your own screenshot.ĭo you see any parallel connections your browser makes? If so, how many can you see in your screenshot? Again, use Wireshark to capture the traffic while you open up the page.Įxample screenshot below. Now, we will open a webpage with embeded objects (e.g., cnn.com which has a lot of images/videos embeded) in a browser. Example screenshot below.ĭescribe the TCP packets that you see, i.e., how each packet corresponds to TCP handshake, data transfer and closing connection steps. After the curl/wget is done, stop the capture in Wireshark. Warning: keep your other network activities to the minimum for a better experience, e.g., avoid streaming Netflix when capturing in Wireshark. Then you should be able to see packets flowing! Click the red square button on top to stop the capture. On the left side, select one (or more) interfaces that you want to capture from, then click “Start”. If you run into any problems, you can refer to for more detailed help. On Mac and Linux, you can also install from command line (homebrew/macports, yum install, apt-get install). You can find installation instructions here: We will use Wireshark, a network packet capture tool, to look at TCP packets when grabbing a webpage.
0 Comments
Leave a Reply. |