Wireshark requires field work, that is, you have to be in the surroundings of the target networks to have greater precision in the intersection of packets, and that requires other more technical measures and other procedures that involve other types of illegal activities (such as hiding, surveillance techniques, disguises, etc).
Puedo decirte que en repetidas ocasiones me toco hacer pruebas para una empresa privada,que requeria un analisis de sus comunicaciones, y me toco desplazarme a las distintas franquicias de la empresa para realizar el pen testing usando wireshark, logrando detectar de esta forma (solo estando en la franquicia especifica donde se originaron los paquetes) el saber su origen. Como referencia el proceso llevo 6 meses, en cada caso es diferente siempre.
Maltego is paid, currently the free tools that exist do not provide access to the deep layers of information that are required to have the data that clients really need (access to photos, emails and social media), that is the difference.
It's not illegal if the university is teaching students in a controlled environment. Thanks for the additional information.
A "controlled environment" does not simulate the real conditions that will be faced in a real event. It never will. The random factor is present, and for example it is not the same to go against the clock knowing, for example, that other hackers are trying to obtain the same information as you, while the network administrators or the police are after you.
In a controlled environment you do not learn to develop your skills, and even worse, it does not prepare you to face reality, which is very different from what they propose in the movies.
kind off true