Ask Your Question

Revision history [back]

I think the answer is, "It depends."

First of all, if you just want to learn about protocols and analyze some sample traffic, you can find packet capture files readily available if you search for them. One example: You aren't going to get into any trouble or cause any problems by just viewingpre-existing capture files.

Second, Wireshark is a passive sniffer and with the exception of name resolution via DNS lookups, it doesn't generate any packets. You can disable name resolution to avoid even those packets from being injected. You aren't going to damage anything by using Wireshark. If you're capturing large amounts of traffic for a long duration, you might run out of memory or disk space on the capture PC, so don't do that. :)

As Step 1 on the Wireshark CaptureSetup wiki page asks, the real question is Are you allowed to do this? If you're capturing packets on your own private network at home, then the answer is "Yes, of course", but if you're at work, your employer might tell you "No". If you use a virtual machine, then you avoid any legal issues of capturing and avoid breaking corporate policy, for example.

To summarize:

  • Don't break the law
  • Don't break any corporate policies
  • You can't damage anything by using Wireshark, except maybe your career or your freedom if you don't adhere to the previous 2 bullet points