Ask Your Question
0

GeoIP unreadable file html

asked 2020-03-25 10:19:36 +0000

Yseurk gravatar image

updated 2020-03-25 12:50:34 +0000

grahamb gravatar image

Hello guys,

First, I tried to look about this problem over the Internet and on this forum as well and didn't find any useful information.

I'm not fluent in English, so sorry for any language's mistake.

I'm diving into Wireshark, already read the User's manual, currently reading the Wireshark Network Analysis book by Laura Chappell and I'm actually encountering an issue regarding GeoIP.

I downloaded the mmdb files, put into a folder, linked Wireshark to the folder in the preferences. I have the "Map" button in Statistics > Endpoints, however when I click on "Open in a browser.." nothing happens.

I tried to export a HTML file ("Save as" button), and when I click to open it I can read this message on my browser (Firefox 74.0 / Ubuntu 19.10) :

https://imgur.com/6zIucev

Tried to apply a chmod 777 to the file, then a blank page opens, and that's all.

If someone can help me, I would appreciate. I'm currently preparing the WCNA :)

Thanks

EDIT : When I open Wireshark through a terminal, and then I click on "OPen in a browser.." here is what I see :

[code]05:35:10.030     Main Warn QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
Running Firefox as root in a regular user's session is not supported.  ($XAUTHORITY is /run/user/1000/gdm/Xauthority which is owned by kevin.)
"my" variable $file masks earlier declaration in same scope at /usr/bin/run-mailcap line 339.
Can't use string ("action") as a SCALAR ref while "strict refs" in use at /usr/bin/run-mailcap line 329.
Opening "/tmp/ipmap_20200325053510_CLhQoy.html" with Firefox Web Browser  (text/html)
Running Firefox as root in a regular user's session is not supported.  ($XAUTHORITY is /run/user/1000/gdm/Xauthority which is owned by kevin.)
[9085:9085:0325/053510.280308:ERROR:zygote_host_impl_linux.cc(89)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.
Running Firefox as root in a regular user's session is not supported.  ($XAUTHORITY is /run/user/1000/gdm/Xauthority which is owned by kevin.)
/usr/bin/xdg-open: 870: iceweasel: not found
/usr/bin/xdg-open: 870: seamonkey: not found
/usr/bin/xdg-open: 870: mozilla: not found
/usr/bin/xdg-open: 870: epiphany: not found
/usr/bin/xdg-open: 870: konqueror: not found
/usr/bin/xdg-open: 870: chromium: not found
/usr/bin/xdg-open: 870: chromium-browser: not found
[9116:9116:0325/053510.322255:ERROR:zygote_host_impl_linux.cc(89)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.
/usr/bin/xdg-open: 870: www-browser: not found
/usr/bin/xdg-open: 870: links2: not found
/usr/bin/xdg-open: 870: elinks: not found
/usr/bin/xdg-open: 870: links: not found
/usr/bin/xdg-open: 870: lynx: not found
/usr/bin/xdg-open: 870: w3m: not found
xdg-open: no method available for opening 'file:///tmp/ipmap_20200325053510_CLhQoy.html'
[/code]
edit retag flag offensive close merge delete

Comments

From your output:

Running Firefox as root in a regular user's session is not supported

Are you running Wireshark as root? If so, DON'T DO THAT.

See the README.Debian file for instructions on how to configure your system to not require root privs to capture.

Doing this may or may not fix your issue.

grahamb gravatar imagegrahamb ( 2020-03-25 12:54:20 +0000 )edit

Thanks for your help Grahamb :)

Yeah I was doing that, I reconfigured everything to run in user's mode, defined one more time the preferences and the location of the GeoIP folder, however when I click on "Open in a browser..." the page is still blank. I read that there is some troubles regarding the last version of Firefox, so I installed Chrome, and same things

I think something is wrong with the file, isn't it ?

https://imgur.com/YZwrajs

Yseurk gravatar imageYseurk ( 2020-03-25 13:01:38 +0000 )edit

There seem to be some shenanigans with the temporary file handling, AFAICT from my Debian based dev. build. BTW: you never stated which Wireshark version you're running.

Jaap gravatar imageJaap ( 2020-03-25 13:40:07 +0000 )edit

Qt 5.12.5 on Debian/testing, I'm seeing two problems with the development build:

  • In EndpointDialog::createMap if I don't call tf.fileName()before the fclose(fp) the returned QUrl is empty.
  • In EndpointDialog::createMap it seems that tf.setAutoRemove(false) has no effect, since the temporary file is removed regardless.
Jaap gravatar imageJaap ( 2020-03-25 14:01:13 +0000 )edit

Was there any resolution for this? I have the same issue in Kali with Wireshark 3.2.8. I run as root and save the map in ipmap.html. Then, try to open in Firefox or Chromium and the page is blank. BTW, when I run Wireshark as non-root user in Kali the coloring is all messed up inside the menus and I cannot even see the options, i.e. in Preferences and in Endpoints. What could be the issue here?

ipomidor gravatar imageipomidor ( 2020-12-01 16:35:03 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-12-20 15:37:29 +0000

Chuckc gravatar image

A patch has been released in the release-3.4 and master branches.

It now works in 3.4.2 and the 3.5 development builds.

edit flag offensive delete link more

Comments

The indicated problem (on Linux) was solved with commit 8b775781 included in Wireshark 3.4. Wireshark 3.2 and before use a different method of temporary file handling what was not reworked.

Jaap gravatar imageJaap ( 2020-12-20 20:35:14 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-03-25 10:19:36 +0000

Seen: 693 times

Last updated: Dec 20 '20