 | 1 | initial version |
is it possible to determine the zip code in which a network is operating from the network traffic using wireshark
Not if it's not operating in the United States, as "ZIP code" (Zone Improvement Plan) is the term for postal codes in the US; other countries have different postal codes.
And not if a network is operating on more than one postal code; all addresses in a LAN are probably in the same postal code, but if it's a metropolitan or wide-area network, it may operate in more than one postal code.
In any case, what can sometimes be mapped to a location is an IP address. That location might not be precise enough to determine the postal code of the location, however.
A Web search for
geolocation ip address
will find some Web sites that you can use.
In addition, if Wireshark was built with the MaxMind geolocation library, you can download MaxMind's GeoLite2 free database, install it in some directory, and then add the directory containing the MaxMind files (not the directory containing that directory) to the list of "MaxMind database directories" in the "Name Resolution" preference (scroll the "Name Resolution" pane to the bottom if you don't see "MaxMind database directories"). That should show locations for IP addresses in IPv4 and IPv6 headers if one can be found in the database.
Going from that to a postal code is up to you.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.