This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to let wireshark to demonstrates the country name when plot ip addresses

0

As we know, Wireshark has the capability to plot ip addresses on the world map if we configured it with GEOIP database files. It does shows the ip addresses on the map when I click on Statistics->Endpoints->IPv4->MAP, but it does not show country names for the specific ip addresses which it has resolved successfully(I can see the exact country names in the country column of IPv4 tab), why doesn't it show that on the map too? Can I make it in Wireshark and how?

asked 14 Sep '13, 08:19

WeitaMilk's gravatar image

WeitaMilk
5114
accept rate: 0%


One Answer:

1

There are still some problems regarding GeoIP lookups, being tracked as Bug 4030.

In this case, it's likely that you have both the IPv4 and IPv6 GeoIP databases in the same directory. If you move the IPv6 database files to another directory, then IPv4 lookups should work correctly. If you later want to map IPv6 addresses, then move the IPv6 database files back into your GeoIP directory and move the IPv4 database files to another directory.

answered 16 Sep '13, 07:49

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

Thank you cmaynard, your solution partially solved my problem. At least the map will show the geographic details when I click on any plot, but what I want is displaying the details of all the plots at the same time. Now, I click on one plot, the details show up, but when I click on another plot, the former details window vanished.

By the way, do you know how to let the map to show country names even there is no point on that country?

(16 Sep '13, 09:53) WeitaMilk
1

It is currently not possible to display the details of all the plots at the same time, nor is it possible to display the country names. It may be possible to do this with some code changes, especially the latter, by utilizing other map layers. Feel free to submit an enhancement bug request.

By the way, did you really intend to award me with 11 reputation points? That leaves you with none.

If an answer satisfies your question, you can click the "thumbs up" indicating that it's useful, and also accept it by clicking the checkmark. Perhaps that is what you intended to do?

(16 Sep '13, 10:01) cmaynard ♦♦

cmaynard, thank you for your comment. I am not familiar with the site now, but you deserved that 11 points. I am a malware analyst, and that's why I want to show the details of all the plots. As you know, when I write a report regarding certain threat, such as an IRCBot, I want to display all of the detailed C&C servers' locations on the map:)

Once again, thank you for your help.

(16 Sep '13, 19:49) WeitaMilk