Author Profile - My name is Joke (pronounced \yō-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List.
What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.
Wireshark 1.2.0 & GeoIP
A cool new feature in Wireshark.
Wireshark supports MaxMind's GeoIP. You can use their databases to match IP addresses to countries, city's and other bits of information. The information about all known IP address locations can be displayed on a map.
In this article I will tell you which steps you have to take to use this new feature.
Get Wireshark Now
Click here to get the latest version.
It's free!
Windows - OS X - Linux - Others
GeoIP databases
Download the following databases:
http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
Updates are scheduled each month.
Create a new folder, for instance C:\Program Files\Wireshark\GeoIP or C:\GeoIP.
Unzip the files GeoIP.dat, GeoLiteCity.dat and GeoIPASNum.dat. to the new folder.
Launch Wireshark and go to Edit -> Preferences -> Name Resolution -> GeoIP database directories.
Add the path to the folder with the databases.
Note:
You have to Quit Wireshark and launch it again.
Show GeoIP information in Packet Details Pane
Open a capture file.
To show the GeoIP information in thet Packet Details Pane:
Go to Edit -> Preferences -> Protocols -> IP
Select Enable GeoIP lookups.
Or right-clik Internet Protocol in the Packet Details Pane and select Protocol preferences -> Enable GeoIP lookups.
GeoIP information in the Endpoints window.
Go to Statistics -> Endpoints to open the Endpoints window.
You can see the GeoIP info at each tab, that contains IP addresses: e.g. IPv4, TCP, UDP.
Select tab IPv4.
Not all rows will show geolocation details. For instance the 192.168.xxx.xxx addresses are not locatable.
To open the IP Location Map hit the button Map at tab IPv4.
This will launch the default webbrowser. Click the markers to view detailed information.
Note:
the browser must have javascript enabled
Have fun:)
Recent Comments