Cybersecurity Lab for Beginners: Using Virtual Machines with NMAP & Wireshark

A home lab is a personal setup where you can safely explore and practice your skills in ethical hacking and cybersecurity.

It usually consists of one or more computers, often using virtual machines to simulate different operating systems and environments.

The reason we use a home lab is that it provides a controlled space where you can experiment without putting real systems or sensitive data at risk.

You can practice attacking and defending networks, test security tools, and learn about vulnerabilities in a safe way. This hands-on experience is crucial for understanding how to protect networks and improve overall security.

---

Virtual Machines in Your Home Lab

Virtual machines (VMs) are virtual computers that run inside your physical computer. They allow you to run multiple operating systems simultaneously without additional hardware. In cybersecurity, this means you can create an isolated testing environment without risking your main system.

Key Components:

• Host: Your physical computer running the main operating system

• Guest OS: The operating systems running inside your virtual machines

• Hypervisor: Software that manages VMs and allocates resources (CPU, RAM, storage)

For this lab, we'll use a hypervisor like VirtualBox or VMware Workstation, which runs on top of your existing operating system.

---

Today's Home Lab Exercise

In today’s practical exercise, we'll create a simple cybersecurity testing environment:

1. Setup Two Virtual Machines:

   • A Windows 10 VM (target system)

   • A Kali Linux VM (attacking system)

2. Capture and Analyze Network Traffic:

   • Run Wireshark on Windows to monitor network activity

   • Execute an Nmap scan from Kali Linux to probe the Windows VM

   • Observe how the scan appears in real-time packet captures

This exercise demonstrates fundamental security testing concepts while teaching you how different tools interact across systems. By the end, you'll understand:

• How port scanning works at the packet level

• What information Nmap reveals about target systems

• How to interpret network traffic using Wireshark

Let's get started with setting up our virtual machines!

---

Step 1: Download a Virtual Machine Hypervisor

To begin using virtual machines, the first step is to select a suitable software program that will allow you to run them on your computer. Depending on whether you’re using a Mac or Windows, there are several options available.

Mac Options for Virtual Machines

Parallels Desktop

Parallels Desktop is a popular choice for Mac users looking to run Windows and other operating systems alongside macOS. Known for its user-friendly interface, Parallels allows seamless integration between the host and guest systems, making it easy to switch between operating environments.

Installation Steps:

1. Download and Install: Visit the Parallels website to download the software and install it by following the on-screen instructions.

2. Create a New Virtual Machine: Once installed, launch Parallels and select “New.” Choose your installation method based on the operating system you want to install, such as Windows or Linux.

3. Configure the Settings: After creating the VM, click on it, then the gear icon to adjust settings. Here, you can allocate CPU, RAM, and disk space based on your system’s capabilities.

4. Set Up Networking: In the “Network” tab, select from Shared or Bridged networking options to connect your VM to the internet.

UTM (FREE)

For those seeking a free alternative, UTM is an excellent choice. It is designed to be lightweight and user-friendly while providing essential virtualization features.

Installation Steps:

1. Download UTM: Go to the UTM website and download the latest version of the application.

2. Create a Virtual Machine: Open UTM and click the “+” button to start a new VM. Choose between "Virtualize" or "Emulate" based on your desired operating system.

3. Select the ISO File: Choose an ISO file for the OS you intend to install, such as Kali Linux or Ubuntu.

4. Configure VM Settings: After creation, click on the VM and access settings to fine-tune aspects such as CPU, memory, and disk space.

5. Networking Options: In the “Network” tab, decide on your preferred network setup, allowing you to connect to the internet for updates and testing.

---

Windows Options for Virtual Machines

VMware Workstation

VMware Workstation is a popular choice for users operating within a Windows environment. It offers powerful features designed for developers and testers, making it well-suited for a homelab.

Installation Steps:

1. Download and Install: Access the VMware website to download VMware Workstation Player and follow the installation prompts.

2. Create a New Virtual Machine: Launch VMware and select “Create a New Virtual Machine.” You can install the OS from an ISO file or a physical disk.

3. Configure Machine Settings: Customize the VM settings, including allocating memory and disk space, to match your system's performance.

4. Network Configuration: Under the “Network Type” section, choose either Bridged or NAT, depending on your desired network accessibility.

Hyper-V

Hyper-V is built into Windows Pro and Enterprise editions, providing a robust platform for virtualization. It allows users to create and manage virtual machines directly from their Windows operating system.

Installation Steps:

1. Enable Hyper-V: Go to the Control Panel, select “Programs,” and then “Turn Windows features on or off.” Check the box for Hyper-V and follow the prompts to enable it.

2. Open Hyper-V Manager: After installation, launch Hyper-V Manager from the Start Menu.

3. Create a New Virtual Machine: In Hyper-V Manager, choose “New” and then “Virtual Machine.” Follow the wizard to set up your VM, selecting resource allocation and networking options.

4. Configure Networking: When prompted, choose the virtual switch that will provide an internet connection to your VM.

Now that you are familiar with the available software, let’s move on to the next step: installing Windows and Kali Linux as virtual machines to build out your home lab.

---

Step 2: Install Windows and Kali Machines

To set up your home lab, you’ll be installing both Windows and Kali Linux as virtual machines. This process begins by acquiring the necessary ISO files for each operating system. Following that, you'll need to configure the network settings to ensure your virtual machines function effectively.

Obtaining the ISO Files

ISO files are disc image files that contain the complete contents of an optical disc. In the context of setting up virtual machines, these files serve as the installation media for the operating systems.

1. Windows ISO: For Windows, you can obtain the ISO file directly from the Microsoft website for Windows 10 or Windows 11. The site guides users through downloading a legitimate copy to ensure you have the latest updates and security patches.

2. Kali Linux ISO: Similarly, for Kali Linux, visit the Kali Linux official website to download the latest version. Choose the ISO file that corresponds to your system architecture, typically 64-bit.

Setting Up the Virtual Machines

Once you have your ISO files ready, the next step involves creating the virtual machines in your chosen virtualization software.

1. Create a New Virtual Machine: Launch your virtualization program, whether it’s UTM, Parallels, VMware, or Hyper-V. Select the option to create a new virtual machine and specify the ISO file you just downloaded as the installation medium.

2. Allocate Resources: During the setup process, assign enough resources to the VM. A minimum of 2 GB of RAM and 20 GB of disk space is typically recommended for both Windows and Kali Linux.

3. Network Settings: This is a crucial step in ensuring your VMs operate effectively. Set the networking to Bridged Mode. This configuration allows each virtual machine to act as a standalone entity on your network, obtaining its own IP address. This setup mimics a physical machine connecting directly to the network, enabling realistic network interactions when running scans or testing configurations.

Installing the Operating Systems

Now that your virtual machines are configured, boot from the ISO files to start the installation processes.

1. Boot the VM: Start your virtual machine, which will initiate the installation from the specified ISO file.

2. Follow Installation Prompts: For both Windows and Kali Linux, you'll be guided through a series of installation prompts. This includes selecting your preferred language, keyboard layout, and installation type. Opt for a custom installation to initiate the fresh setup.

3. Completing the Installation: Follow through with the installation instructions specific to the operating system. This process usually involves partitioning the virtual disk and configuring basic settings.

4. Updates and Finishing Touches: After installation, ensuring that both operating systems are updated is vital for security and performance enhancements.

By following these steps, you will successfully set up Windows and Kali Linux in your home lab environment, providing a foundation for hands-on learning in ethical hacking and network security.

---

Step 3: Start Wireshark on Windows VM

Wireshark is a leading network protocol analyzer that allows users to capture and inspect the data traversing their networks.

This section will walk you through the steps for installing Wireshark on your Windows VM, capturing traffic during your Nmap scans, and interpreting the data.

Installing Wireshark

To begin, you’ll need to install Wireshark on your Windows VM. This straightforward process enhances your ability to analyze network activity generated from scans performed on your other virtual machines.

1. Download Wireshark: Navigate to the official Wireshark website. Here, you will find the latest version available for download. Choose the installer that corresponds to your Windows operating system (32-bit or 64-bit).

2. Run the Installer: Once the download completes, open the installer and follow the on-screen prompts. During the installation process, you can opt to install WinPcap or Npcap, which are necessary for packet capturing. Choose the default installation settings unless you have specific preferences.

3. Complete the Setup: After installing, launch Wireshark. You are now ready to set up capturing sessions on your network interface.

Capturing Traffic on the Windows VM

With Wireshark installed, it’s time to capture network traffic. First, launch the application on your Windows VM and select the network interface that connects to your network.

To filter traffic to and from a specific IP address, enter the filter in the top bar:

ip.addr == x.x.x.x

Replace x.x.x.x with your machine’s actual IP address. Finally, click the "Start Capture" button (the shark fin icon) to begin capturing packets. This filter will display all packets with the specified IP address as either the source or destination.

Start Capture on Wireshark

Click on the "Start Capture" button (the shark fin icon) to begin capturing packets. It's best to initiate the capture just before running your Nmap scan, which we’ll do in the next step to gather relevant data.

---

Step 4: Network Scan with Nmap on Linux

Nmap, short for Network Mapper, is a powerful tool that allows users to discover hosts and services on a computer network.

Integrated seamlessly into Kali Linux, it’s an essential component for anyone interested in network security and ethical hacking.

This section will guide you through executing a basic Nmap scan across your Windows virtual machine (VM) from Kali Linux. We’ll use Wireshark on the Windows side to observe the packet traffic being generated by the NMAP scan.

How to Get the IP Address of Your Windows VM

Before running any scans, you need to determine the IP address of your Windows VM. Open the terminal in your virtual machine and use the following commands:

• In your Windows VM terminal, type:

ipconfig

• Look for the IPv4 Address, which will display the machine’s address.

• Identify the address next to inet, which is also your machine's IP.

With the IP address in hand, you are ready to begin scanning.

Run an Nmap Scan

Open a terminal in Kali Linux and input the following command to conduct a comprehensive scan and gather details about open ports and services:

nmap -sS <IP_Address_of_Windows_VM>

This command employs a stealth SYN scan, which is effective for gathering information without establishing a full TCP connection.

---

Step 5: Analyze the Results on Wireshark

If you ran the Wireshark capture on your Windows 10 VM while your NMAP scan was running on your Kali Linux VM, you should see the packets being sent via NMAP that are used to scan the target machine.

Here’s the results you should see:

In your Wireshark capture, you're seeing what's called a "SYN scan" (the -sS option in Nmap). Here's how it works:

First, the scanning computer (192.168.1.212) sends a special message called a SYN packet to a specific port on the target computer (192.168.1.213). This is like knocking on a door and saying "Hello? Anyone there?"

If the port is open (meaning a program is accepting connections there), the target computer would normally respond with a message saying "Yes, I'm here, let's talk!"

In a normal conversation, the scanning computer would then send a third message to complete what's called a "handshake," and the computers would begin communicating.

However, with a SYN scan, the scanning computer doesn't send that third message. It just notes whether the target responded positively, and then moves on to check another port. This is why it's sometimes called a "half-open" scan.

Reading Wireshark Results

Looking at our capture, here's what we’re seeing:

Each line represents one "knock" (a SYN packet) from the scanning computer to a different port on the target.

The "Source" column shows the scanning computer's address (192.168.1.212).

The "Destination" column shows the target computer's address (192.168.1.213).

In the "Info" column, you can see which ports are being checked. For example, "44790 → 2001 [SYN]" means the scanner is checking port 2001 on the target.

You'll notice the scanner is checking many different ports: 2001, 5560, 2200, 2161, 44442, 4848, 711, and so on. Each of these numbers represents a different service that might be running on the target.

---

Building Your Cyber Skills: Next Steps

Congratulations on completing this beginner cybersecurity lab! You've set up a functional testing environment and executed basic network analysis. This is a significant milestone in your learning journey.

You've accomplished creating a secure lab with Windows and Kali Linux VMs. You’ve used Wireshark for network traffic analysis and Nmap for system discovery. These skills are essential for understanding cybersecurity.

As you move forward, consider adding intentionally vulnerable virtual machines like Metasploitable. This will allow you to practice hacking into the vulnerable machine using exploits.

Comments

[richardstevenhack]

I think you forgot to mention VirtualBox as an option for a hypervisor.

[Jedidiah Blanco]

This blog post was really helpful for me as an aspiring cybersecurity professional. It explained how to set up a home lab, which is a great way to practice cybersecurity skills safely. The guide on using virtual machines like Kali Linux and Windows 10, along with tools like Nmap and Wireshark, was super useful. It showed me how to scan networks and look at the traffic, which is key to understanding how to protect systems. The step-by-step instructions made it easy to follow, and now I can set up my own lab to test out cybersecurity tools without any risk. This is a great starting point for anyone wanting to improve their skills in cybersecurity.