Ask Your Question
0

geoip map displays as white screened tab in Chrome/Firefox

asked 2022-01-04 23:21:32 +0000

garryh gravatar image

Running LInux 21.10 and Wireshark Version 3.4.8 (Git v3.4.8 packaged as 3.4.8-1~ubuntu21.04.0+wiresharkdevstable1)

Have configured Wireshark to use geoip databases and get good results in endpoint analysis and layer 3 in packet details.

But when I click on the map button under endpoint analysis I simply get a white screened tab in Chrome. Saving the map in html file and opening in firefox locks up the application.

Using developer mode in chrome there are a number of errors on the generated webpage. Failed to load files with leaflet and marketcluster in filenames. Looks like it fails to load everything that would be needed to present a map.

Anything I can do to fix?

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2022-01-05 09:22:01 +0000

Jaap gravatar image

updated 2022-01-05 11:28:23 +0000

Please make sure you have libjs-leaflet and libjs-leaflet.markercluster installed.

edit flag offensive delete link more

Comments

So it's time to file a bug against Ubuntu to make that a dependency, so it gets installed automatically if you install Wireshark. We didn't decide to make it use local files, they did, so that's on them.

Guy Harris gravatar imageGuy Harris ( 2022-01-05 09:52:27 +0000 )edit

Although installing that isn't sufficient; the Firefox window now says:

Select an ipmap.html or GeoJSON .json file as created by Wireshark.
[Browse...] No file selected.

Failed to load map data from GeoJSON file: TypeError: L.markerClusterGroup is not a function: data was: {
"type": "Feature Collection", "features": [ { "type": "Feature", "geometry": { "type": "Po... (3263 bytes)
Guy Harris gravatar imageGuy Harris ( 2022-01-05 10:11:54 +0000 )edit

Well, it is a dependancy already, just as a suggest from libwireshark-data. Like the rest of the GeoIP support, you have to pull in all relevant suggestions.

Jaap gravatar imageJaap ( 2022-01-05 11:17:04 +0000 )edit

As for the failure, it seems that features of libjs-leaflet.markercluster are used. This is also a suggest dependancy from libwireshark-data.

Jaap gravatar imageJaap ( 2022-01-05 11:27:21 +0000 )edit

Well, it is a dependancy already, just as a suggest from libwireshark-data. Like the rest of the GeoIP support, you have to pull in all relevant suggestions.

I refuse to consider something that doesn't pop up in Synaptic to be sufficient. Where are these "suggestions" offered in the user interface?

Guy Harris gravatar imageGuy Harris ( 2022-01-05 18:27:30 +0000 )edit
add a comment
0

answered 2022-01-05 05:25:28 +0000

Guy Harris gravatar image

updated 2022-01-05 10:01:56 +0000

Anything I can do to fix?

Look at the code and the developer mode errors, figure out what's wrong with the HTML, and fix the code that generates it.

What you can do to try to have somebody else fix it would be to file a bug report on the Wireshark issues list; it occurs with multiple browsers (I don't get a white screen with Safari or Chrome on macOS, but I don't get a map, either, just a gray display with a line that repeatedly says "North Fork Ninnescah River" in several places without showing me a river, and a green circle in the middle with a "3" inside it), so it's probably a bug.

That means it's not something you're doing wrong or that you can fix without doing Wireshark debugging and development.

(The Ninnescah River is, according to Open Street Map, in Kansas; is this another one of those "I can't geolocate this, so I'm going to dump you close to the geographic middle of the continental US" things, but not at the home of that unlucky couple who kept getting police showing up as a result of geolocating?)

Update: it's in the middle of the Cheney Reservoir, which is why it's gray; if I zoom out sufficiently, I can see labels for Wichita, Dodge City, Salina, etc. against a white background. But this is with the master branch of Wireshark; perhaps there's a bug in 3.4.x or 3.6.x.

Further update: yes, it probably dumped me in the middle of the reservoir because it couldn't find any of the IP addresses. With another capture, pinging some sites I expected would be found, it worked; I copied the file to an Ubuntu 20.04 system and opened it with Firefox, and it worked.

However, if I copied the capture to the Ubuntu system, which provides Wireshark 3.2.3, and open it with 3.2.3, the map doesn't work - it's all white, and it's all white if I copy it back to my Mac and open it with Safari. So it looks like a bug in 3.2.3, and it's probably still in 3.4.8. So please file the bug report.

Still further update: see Jaap's answer. This is a bug, but it's a bug in Ubuntu's packaging of Wireshark (which they might have inherited from Debian; I'll check).

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-01-04 23:21:32 +0000

Seen: 553 times

Last updated: Jan 05 '22

Related questions

Wireshark doesn't capture logs after a point of time for Wireless network

how to i put the mmdb files into wireshark 2.5.1?

Will the "map" button of the IP-Endpoint dialog return?

Malformed packet in the GSM MAP

I would like to use geoip, but if i go to help>about wireshark, i don't see "compiled with geoip"

Problem with GeoIP

How to display GeoIP in Conversations?

geoip - MAP is missing

Not decoding MAP

Is it possible to disable Wireshark's Splash screen?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2