retoolkit icon indicating copy to clipboard operation
retoolkit copied to clipboard
verified publisher icon mentebinaria

Add Wireshark

Open BretMcDanel opened this issue 2 years ago • 3 comments

Wireshark (network analysis and capture tool + USB capture) is GPL2. There should be no barrier to redistribution. The protocol analyzers are quite nice. Blah blah blah, everyone knows about Wireshark.

BretMcDanel avatar Jul 31 '23 22:07 BretMcDanel

We've discussed it a bit here. My thoughts are: you capture the VM traffic from outside and use Wireshark in your host machine to analyze PCAPs, so no need to have it installed in a malware VM. What do you think? :)

merces avatar Aug 01 '23 15:08 merces

My thought is of a corporate environment. I may have rights to have virtual machines but not run wireshark on the host box. Inside the VM is a more tolerable solution for some companies.

I personally like the fact that everything is self contained, all the tools needed are present in that environment. Though I understand the desire to not have the bloat, especailly when someone is cloning VMs on a per application basis and may have several apps being worked on in parallel.

BretMcDanel avatar Aug 01 '23 15:08 BretMcDanel

Thanks for sharing your thoughts. :)

I'll left it open until I start working on the next release when I can evaluate how much work it'll require.

merces avatar Aug 02 '23 17:08 merces