# Creating Resource Group Search for `Resource groups` in the search bar ![[Pasted image 20250407122448.png]] Once on the `Resource groups` page press `Create` ![[Pasted image 20250407122551.png]] On the `Create a resource group` page in the `Basics` tab create a unique `Resource group name` ![[Pasted image 20250407122905.png]] At the bottom left hand side of your screen select `Review + create` ![[Pasted image 20250407123113.png]] On the `Review + create` tab select `Create` ![[Pasted image 20250407123317.png]] Now go back to the `Resource groups` page and make sure you see your new resource group with the `Name` you selected ![[Pasted image 20250407123447.png]] # Creating Virtual Machines and Subnet on Azure ## Creating Windows Virtual Machine and Virtual Network Search for `Virtual machines` in the search bar then select it ![[Pasted image 20250407123731.png]] On the `Virtual machines` tab select the `Create` drop-down then select `Azure virtual machine` ![[Pasted image 20250407123914.png]] In the `Create a virtual machine` do the following in the `Project details` section: - [ ] In `Resource group` click the dropdown then select the `Resource group` that was created in [[Microsoft Azure Compute and Networking#Creating Resource Group|Creating Resource Group]] - [ ] Create a Unique `Virtual machine name` - [ ] Select the `Region` that you selected for your `Resource group` - [ ] In `Image` select `Windows 10 Pro, version 22H2 - x64 Gen2 (free services eligible)` ![[Pasted image 20250407124129.png]] - [ ] For `Size` select anything that has at least 2 Virtual Central Processing Units (VCPUS) - [ ] Type in a `Username` and `Password` that you will remember - [ ] Press the checkbox at the bottom next to `I confirm I have an eligible Windows 10/11 license with multi-tenant hosting rights.` - [ ] Select `Next: Disks >` ![[Pasted image 20250407125743.png]] On the `Disks` page select `Next: Networking >` ![[Pasted image 20250407125911.png]] On the `Networking` tab next to `Virtual network` select `Create new` ![[Pasted image 20250407130036.png]] Change the name of your `Virtual network` then press `OK` at the bottom of the page ![[Pasted image 20250407130228.png]] Press `Review + create` at the bottom of the page ![[Pasted image 20250407130437.png]] After the Validation has passed select `Create` at the bottom of the page ![[Pasted image 20250407130654.png]] ## Creating Ubuntu virtual machine On the search bar look for then select `Virtual machines` ![[Pasted image 20250407131150.png]] On the `Virtual machines` page select the `Create` drop down then select `Azure virtual machine` ![[Pasted image 20250407131453.png]] In the `Create a virtual machine` do the following in the `Project details` section: - [ ] Ensure you choose the `Resource group` that is the same as the one you created and choose for your Windows Virtual Machine - [ ] Type in a `Virtual machine name` - [ ] Make sure the `Region` is the same as the `Region` you choose when creating the `Resource group` and on the Windows Virtual Machine - [ ] In the `Image` section select `Ubuntu Server 24.04 LTS - x64 Gen2 (free services eligible)` - [ ] Scroll down ![[Pasted image 20250407131848.png]] Ensure the following is updated: - [ ] On the `Size` section select anything that has at least 2 Virtual Central Processing Units - [ ] Next to `Authentication type` select `Password` then enter a `Username` and `Password` - [ ] At the bottom of the page select `Next: Disks >` ![[Pasted image 20250407132612.png]] Select `Next: Networking >` ![[Pasted image 20250407132949.png]] Next to `Virtual network` select the one you created with the Windows Virtual Machine then select `Review + Create` at the bottom of the page ![[Pasted image 20250407134813.png]] On the `Review + Create` screen after the Validation has been passed select `Create` at the bottom of the screen ![[Pasted image 20250407135401.png]] ## Ensuring both VMs are in same subnet In the search bar look for `Virtual machines` ![[Pasted image 20250407140718.png]] For the red boxed `Public IP address` ensure that the first two octets (before the blue line) is the same. This means the IPV4 address is in the same subnet for 255.255.0.0 ![[Pasted image 20250407140750.png]] # Setting up Wireshark on WIN VM ## Using Remote Desktop to connect Windows Virtual Machine Search for then open `Remote Desktop` on your Windows Machine ![[Pasted image 20250407141048.png]] On the `Remote Desktop Connection` application type in the Public IPV4 on your Windows Virtual Machine. Then press `Connect` ![[Pasted image 20250407142140.png]] Enter the `Username` and `Password` you set for the windows machine ![[Pasted image 20250407151824.png]] Press `Accept` ![[Pasted image 20250407152004.png]] ## Installing Wireshark on Windows Virtual Machine Open `Microsoft Edge` then search for `Wireshark` ![[Pasted image 20250407185146.png]] Double Click `Windows x64 Installer` (the download should start) ![[Pasted image 20250407185315.png]] Once the download is complete open it by double clicking of `Wireshark` in the top right hand corner of your screen ![[Pasted image 20250407185600.png]] Click `Next` until you get to the following page ![[Pasted image 20250407185847.png]] When the `Npcap` setup starts press `Next` and accept all defaults until you get to the final installation page ![[Pasted image 20250407190437.png]] Open `Wireshark` ![[Pasted image 20250407190757.png]] ## Observing ICMP Traffic Open Wireshark click on `Ethernet` ensure before you click you see active traffic which is marked in green below ![[Pasted image 20250407191046.png]] With `Ethernet` highlighted select the blue fin ![[Pasted image 20250407191203.png]] In the search bar type icmp then press `Enter` ![[Pasted image 20250407191456.png]] Go back to Microsoft Azure and go to the `Virtual Machine` screen. Once there select your Linux VM then copy the private IPv4 address. ![[Pasted image 20250407191816.png]] On your Windows Virtual Machine search for the open `Powershell` ![[Pasted image 20250407192143.png]] In `Powershell` type the command ``` ping <LINUX-PRIVATE-IPV4-HERE/> ``` ![[Pasted image 20250407192301.png]] Then press `Enter` You should get `ICMP Replys` ![[Pasted image 20250407192345.png]] When you open `Wireshark` you should see four`ICMP Echo Request` and four `ICMP Echo Reply` ![[Pasted image 20250407192848.png]] If you click on a packet it will open at the bottom of your screen. Here you can look what a ICMP Echo Request payload looks like (the first 23 letters of the alphabet). ![[Pasted image 20250407193421.png]] # Configuring a Firewall (Network Security Group) on Microsoft Azure Open PowerShell and start a nonstop ping ``` ping <LINUX-PRIVATE-IPV4-HERE/> ``` In `Wireshark` you should see nonstop ICMP Echo Request and ICMP Echo Reply's ![[Pasted image 20250407194358.png]] Open Microsoft Azure and search for then select`Network security groups` ![[Pasted image 20250407194504.png]] On the `Network security groups` screen select the network security group that's named after your Linux Virtual Machine ![[Pasted image 20250407194727.png]] Select `Settings > Inbound security rules > + Add` ![[Pasted image 20250407194821.png]] Ensure the highlighted boxes match the below screenshot then press `Add` ![[Pasted image 20250407195102.png]] Now go back to your Windows Virtual machine RDP session and open `Powershell`. You should start to see `Request timed out` after about one minute. ![[Pasted image 20250407195324.png]] Open Microsoft Azure then delete the security rule you just created for the Linux machine (it should be the first rule on the list since it has the highest priority) ![[Pasted image 20250407195547.png]] Open the RDP session with the Windows Virtual Machine. You should start to see the ICMP Echo Reply's reaching the Linux machine now. ![[Pasted image 20250407195630.png]] # Observing traffic with Wireshark ## Observing SSH Traffic Open `Wireshark` and select `Ethernet` ![[Pasted image 20250407200138.png]] Press the Blue Fin ![[Pasted image 20250407200213.png]] ## Observing DHCP Traffic ## Observing DNS Traffic ## Observing RDP Traffic