Network Traffic Analysis & Firewall Management

This project focuses on analyzing network traffic and observing how firewall rules affect communication within a networked environment. I installed a packet sniffer, used Wireshark to monitor live network traffic, and initiated a perpetual ping to generate continuous ICMP activity. I then created a network firewall to observe how traffic patterns changed once rules were applied and later deleted the firewall to restore normal connectivity. This project demonstrates practical skills in packet analysis, network monitoring, and firewall behavior in a real-world environment.

---

Environments and Technologies Used

• Microsoft Azure
• Windows 10 Pro
• Ubuntu Server 22
• Windows PowerShell
• Wireshark
• Remote Desktop Protocol (RDP)
• Azure Network Security Groups (NSG)

---

Table of Contents

• 1) Create Virtual Machines
• 2) Install a Packet Sniffer
• 3) View Network Traffic in Wireshark
• 4) Start and Observe a Perpetual Ping
• 5) Deploy a Network Firewall
• 6) Delete a Network Firewall

---

1) Create Virtual Machines

1. In Microsoft Azure search Resource Groups in the search bar and select Create then give the Resource Group the following settings then create the Resource Group

• Name: RG-01
• Reigon: South Central US

2. Seach Virtual Machines then create then give the Virtual Machine the following settings then create the Virtual Machine

• Basics
  • Resource Group: RG-01
  • Name: Windows-VM
  • Image: Windows 10 Pro
  • Size: 2vcpus
  • Username: userryan
  • Password: Cyberlab123!
• Networking
  • Virtual Network: vnet-southcentralus (RG-01)
  • Subnet: snet-southcentralus-1

3. Seach Virtual Machines then create then give the Virtual Machine the following settings then create the Virtual Machine

• Basics
  • Resource Group: RG-01
  • Name: Linux-VM
  • Image: Ubuntu Server 22
  • Size: 2vcpus
  • Username: userryan
  • Password: Cyberlab123!
• Networking
  • Virtual Network: vnet-southcentralus (RG-01)
  • Subnet: snet-southcentralus-1

---

2) Install a Packet Sniffer

1. On the Windows Virtual Machine go to Wireshark.org
2. Select the Windows x64 Installer

3. When asked check the box that says Install Npcap

4. Complete Install

---

3) View Network Traffic in Wireshark

1. Open PowerShark
2. Select Ethernet
3. Click the Sharkfin in the upper left corner

---

4) Start and Observe a Perpetual Ping

1. To retrieve the Private IP Address for the linux Virtual Machine

• Click on the linux Virtual Machine in Azure
• Scroll down to the Networking Properties
• Check where it says Private IP Address

2. Open Windows PowerShell
3. Run the command ping <linux VM private IP address> -t

4. In Wireshark search icmp in the search bar
5. Observe the ICMP traffic

---

5) Deploy a Network Firewall

1. In Microsoft Azure click the linux VM
2. Open Networking and select Network Settings
3. Click the Network Security Group

4. Open Settings then Inbound Security Rules
5. Select Add

6. For the rule make the following changes:
   • Change Destination Port Ranges to *
   • For Protocol choose ICMPv4
   • For Action select Deny
   • Set the Priority to 290
7. Add rule

8. Observe the changes in network traffic in Windows PowerShell and Wireshark

---

6) Delete a Network Firewall

1. Navigate back to the page where the firewall was created
2. Click the trashcan to the right of the rule

3. Confirm the deletion
4. Observe the changes in network traffic in Windows PowerShell and Wireshark