Threat Analysis, Firewall Hardening, and Packet Inspection
Overview In this project, the goal was to create a virtual lab to explore how common network threats behave, how to detect them, and how to defend against them using fundamental tools. The setup involved two VMs (Ubuntu and Windows 10), basic firewall configuration, router security hardening, and packet inspection with Wireshark. **Note** This project was completed on July 12th 2025.
Focus The hands-on experience focus was recognizing basic threats (viruses, worms, trojans, phishing, monitoring internal network traffic via Wireshark, and applying foundational security controls like firewalls and encryption.
Setup
- Created two virtual machines in VirtualBox: Ubuntu and Windows 10
- Set up an Internal Network to isolate traffic from the internet
- Installed Wireshark on the Windows VM
- Configured basic Windows Firewall rules
- Logged into my home router via default gateway (
ipconfig) and: - Verified WPA2-PSK (AES) encryption
- Replaced default Wi-Fi password with a strong Bitwarden-generated one
PCAP Investigation Once both machines could communicate (verified through pinging VMs), I launched Wireshark to inspect internal traffic. With prior experience using Wireshark from a home lab in my Network and Security Administration class, I was able to efficiently capture traffic and filter for the specific protocols I wanted to investigate. I filtered for HTTP to identify unencrypted GET requests, and DNS to observe hostname lookups. What I found: Noted how even simple browsing reveals a lot of info over the network. Successful pings between the two VMs. Multiple HTTP GET requests to external servers. DNS traffic clearly showing the domains being requested. **See images in full write up linked at the end of this post**
Key Takeaways Even in a small lab environment, default configurations can expose sensitive traffic.
- Firewalls are essential for limiting unauthorized access
- Encryption –and changing default credentials — at the router level adds a critical security layer (which may not be pre-configured)
- Tools like Wireshark offer deep insight into traffic, even in isolated labs with low traffic
Challenges Faced
You almost always run into some kind of challenge in a home lab — and honestly, that’s part of the value. It’s less about everything going perfectly and more about how you troubleshoot and push through. In my case, Wireshark wasn’t capturing any traffic at first, and it took a bit of digging to realize I had selected the wrong network adapter. After that, I ran into connectivity issues between my Ubuntu and Windows VMs, which came down to a mix of misconfigured VirtualBox networking and some firewall rules that needed adjusting. Each of these roadblocks forced me to slow down, problem-solve, and better understand how the pieces of the lab actually fit together and how they would in real environments– and that’s exactly the kind of experience that makes you sharper over time.
Next Steps If this were a real environment:
- Monitor for suspicious DNS or HTTP activity more regularly to help establish baselines, detect anomalies, and strengthen overall network defense.
- Configure logs to forward into Splunk or a different SIEM system.
- Add detection rules for known threats or indicators of compromise (IOCs).
Final Thoughts
This was more than to me than just a “setup walkthrough” — it helped me grasp how defenders think: observing traffic, applying policy, and asking why something looks off on your own. It’s a small start, but it’s how you build security intuition.
Full PDF Report & Screenshots:
