Getting IP Location Information in Wireshark

By Daniel Miessler on June 28th, 2009: Tagged as Information Security

wireshark_location

Laura Chappell just posted a great tutorial on getting GeoIP working with the new version of Wireshark (1.2). I set it up myself recently and it only took a couple of minutes.

Abridged Instructions

Download the GeoIP (Lite) database files for country, city, and ASN.
Decompress them to a permanent directory on your hard drive.
Go to Wireshark’s preferences and click on the Location menu.
Add the location you created in step 2.
Restart Wireshark if it’s already running.
Once you’re capturing, got to Statistics -> Endpoints -> IPv4
Become happy.

Yes, extremely cool stuff. And here’s Laura’s tutorial video. ::

A Simple Script for Harvesting DNS, Country, State, and City Information From a List of IP Addresses
A Mobile GeoLocation App That Doesn’t Give Location Updates Without User Intervention Isn’t a Mobile GeoLocation App
Twitter Trendsmap
Git: Ignore Wordpress Cache Files using .gitignore
How To Create Dynamic Digg/Reddit/Del.icio.us Buttons For Your Pages (Includes Code)

Comments

dale

this is pretty sweet but most of my packet analysis doesn't need that info. I'll probably set up anyway. What's even better is that there is a new wireshark out.

Getting IP Location Information in Wireshark

By Daniel Miessler on June 28th, 2009: Tagged as Information Security

Abridged Instructions

Related Posts

Sample Original Content

Information Security

Tutorials and Primers

Culture & Society

Technology & Science

Politics

Philosophy & Religion

Miscellaneous

Tools & Projects

Blog Archives