Getting IP Location Information in Wireshark

By Daniel Miessler on June 28th, 2009: Tagged as Information Security

wireshark_location

Laura Chappell just posted a great tutorial on getting GeoIP working with the new version of Wireshark (1.2). I set it up myself recently and it only took a couple of minutes.

Abridged Instructions

  1. Download the GeoIP (Lite) database files for country, city, and ASN.
  2. Decompress them to a permanent directory on your hard drive.
  3. Go to Wireshark’s preferences and click on the Location menu.
  4. Add the location you created in step 2.
  5. Restart Wireshark if it’s already running.
  6. Once you’re capturing, got to Statistics -> Endpoints -> IPv4
  7. Become happy.

Yes, extremely cool stuff. And here’s Laura’s tutorial video. ::

  • dale

    this is pretty sweet but most of my packet analysis doesn't need that info. I'll probably set up anyway. What's even better is that there is a new wireshark out.


Top

Popular

Information Security / Technology

Politics

Philosophy & Religion

Technology & Science

Culture & Society

Miscellaneous

Arguments

Projects

Collections

Twitter

What I'm Reading

Favorite Books and Essays

Top Blog Categories

Inputs