First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How Important is it to use a virtual Machine for using Wireshark?

Hey Guys,

First of all, My Name is Paul and I only started using Wireshark today.I learn it from an Instructor in an Online course. I am starting an apprenticeship as an IT-Specialist next month and I wanted to learn Wireshark for a long time now and before I get into my apprenticeship I wanted to learn it (atleast for a bit). The Instructor said it is recommended using an VirtualBox for using Wireshark.Maybe I am really impatient about it and maybe he tells me later about it, But why is it important to use a virtualbox to run Wireshark?I dont really wanna go any further maybe because of damaging anything. I am really grateful for your help and I hope my english was good enough haha. Thanks in Advance and have a great day!

  • Paul
Infinity246's avatar
1
Infinity246
asked 2018-07-13 14:43:28 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

2

I think the answer is, "It depends."

First of all, if you just want to learn about protocols and analyze some sample traffic, you can find packet capture files readily available if you search for them. One example: https://pcapr.net/home. You aren't going to get into any trouble or cause any problems by just viewingpre-existing capture files.

Second, Wireshark is a passive sniffer and with the exception of name resolution via DNS lookups, it doesn't generate any packets. You can disable name resolution to avoid even those packets from being injected. You aren't going to damage anything by using Wireshark. If you're capturing large amounts of traffic for a long duration, you might run out of memory or disk space on the capture PC, so don't do that. :)

As Step 1 on the Wireshark CaptureSetup wiki page asks, the real question is Are you allowed to do this? If you're capturing packets on your own private network at home, then the answer is "Yes, of course", but if you're at work, your employer might tell you "No". If you use a virtual machine, then you avoid any legal issues of capturing and avoid breaking corporate policy, for example.

To summarize:

  • Don't break the law
  • Don't break any corporate policies
  • You can't damage anything by using Wireshark, except maybe your career or your freedom if you don't adhere to the previous 2 bullet points
cmaynard's avatar
11.1k
cmaynard
answered 2018-07-13 15:55:42 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer