Ask Your Question
0

How Important is it to use a virtual Machine for using Wireshark?

asked 2018-07-13 14:43:28 +0000

Hey Guys,

First of all, My Name is Paul and I only started using Wireshark today.I learn it from an Instructor in an Online course. I am starting an apprenticeship as an IT-Specialist next month and I wanted to learn Wireshark for a long time now and before I get into my apprenticeship I wanted to learn it (atleast for a bit). The Instructor said it is recommended using an VirtualBox for using Wireshark.Maybe I am really impatient about it and maybe he tells me later about it, But why is it important to use a virtualbox to run Wireshark?I dont really wanna go any further maybe because of damaging anything. I am really grateful for your help and I hope my english was good enough haha. Thanks in Advance and have a great day!

  • Paul
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
2

answered 2018-07-13 15:55:42 +0000

cmaynard gravatar image

I think the answer is, "It depends."

First of all, if you just want to learn about protocols and analyze some sample traffic, you can find packet capture files readily available if you search for them. One example: https://pcapr.net/home. You aren't going to get into any trouble or cause any problems by just viewingpre-existing capture files.

Second, Wireshark is a passive sniffer and with the exception of name resolution via DNS lookups, it doesn't generate any packets. You can disable name resolution to avoid even those packets from being injected. You aren't going to damage anything by using Wireshark. If you're capturing large amounts of traffic for a long duration, you might run out of memory or disk space on the capture PC, so don't do that. :)

As Step 1 on the Wireshark CaptureSetup wiki page asks, the real question is Are you allowed to do this? If you're capturing packets on your own private network at home, then the answer is "Yes, of course", but if you're at work, your employer might tell you "No". If you use a virtual machine, then you avoid any legal issues of capturing and avoid breaking corporate policy, for example.

To summarize:

  • Don't break the law
  • Don't break any corporate policies
  • You can't damage anything by using Wireshark, except maybe your career or your freedom if you don't adhere to the previous 2 bullet points
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-07-13 14:43:28 +0000

Seen: 107 times

Last updated: Jul 13