Open BretMcDanel opened 1 year ago
We've discussed it a bit here. My thoughts are: you capture the VM traffic from outside and use Wireshark in your host machine to analyze PCAPs, so no need to have it installed in a malware VM. What do you think? :)
My thought is of a corporate environment. I may have rights to have virtual machines but not run wireshark on the host box. Inside the VM is a more tolerable solution for some companies.
I personally like the fact that everything is self contained, all the tools needed are present in that environment. Though I understand the desire to not have the bloat, especailly when someone is cloning VMs on a per application basis and may have several apps being worked on in parallel.
Thanks for sharing your thoughts. :)
I'll left it open until I start working on the next release when I can evaluate how much work it'll require.
Wireshark (network analysis and capture tool + USB capture) is GPL2. There should be no barrier to redistribution. The protocol analyzers are quite nice. Blah blah blah, everyone knows about Wireshark.