I'm curious as to why Wireshark, with it's powerful monitoring abilities, isn't detected and marked as malware by anti-viruses for having - what I would at times consider - a sketchy behavior? I imagine anti-viruses have algorithms to detect programs' behavior and ability to arbitrarily monitor the machine's traffic? Is Wireshark whitelisted? Does it use masking techniques? If not, then why isn't it needed? And what keeps malware from doing exactly what Wireshark does?
