Ask Your Question
0

Why is geolocation not working

asked 2022-09-05 13:56:14 +0000

mmcap64 gravatar image

I have all three MaxMind databases (Country, City, ASN) downloaded and unzipped into a folder I named MaxMind. I went to wireshark preferences and clicked name resolution. Then I clicked on the edit button for MaxMind database directories and added the file path of the folder that contains the databases. I have checked the file path and it is correct but wireshark still does resolve any location. If I go the wireshark Statistics tab, then select endpoints, and then select the IPv4 tab there is no location data displayed. Anyone have an Idea why this is? Thanks

edit retag flag offensive close merge delete

Comments

What's the status of the IPv4 protocol dissector preference for geolocation? Is it on?

Jaap gravatar imageJaap ( 2022-09-05 15:02:19 +0000 )edit

You can test outside of wireshark using mmdbresolve (man page).
If that is working properly, can you update the question with output of wireshark -v.

Chuckc gravatar imageChuckc ( 2022-09-05 15:26:00 +0000 )edit

Where is the "IPv4 protocol dissector preference for geolocation" option located? I don't see it in preferences menu or the statistics menu.

mmcap64 gravatar imagemmcap64 ( 2022-09-05 18:37:29 +0000 )edit

Chuckc When I use mmdbresolve at the cmd prompt as shown by the example I get the following. 'mmdbresolve' is not recognized as an internal or external command, operable program or batch file.

mmcap64 gravatar imagemmcap64 ( 2022-09-05 19:09:54 +0000 )edit

You'll likely need to either cd into the Wireshark directory or use the full path to mmdbresolve, i.e. C:\Program Files\Wireshark\mmdbresolve.exe.

grahamb gravatar imagegrahamb ( 2022-09-05 19:32:55 +0000 )edit
see more comments

2 Answers

Sort by ยป oldest newest most voted
0

answered 2022-10-19 06:12:16 +0000

arthurvp gravatar image

The Map option under the Endpoint is no longer available on version 4 of Wireshark. Use version 3.6.8 instead for that to work, until Wireshark releases the next update.

edit flag offensive delete link more

Comments

Which "version 4" are you running?
On the released version (4.0.0 (v4.0.0-0-g0cbe09cd796b)) the Map button is on the left side and works fine if a tab is selected with IP addresses.

Chuckc gravatar imageChuckc ( 2022-10-19 13:18:42 +0000 )edit

Current open issue for 4.0.0 - 18320: Qt: maxmind/geoip columns not added to Endpoints table

Chuckc gravatar imageChuckc ( 2022-10-19 13:20:59 +0000 )edit

Thanks for responding Chuckc! I did the following with no luck: -update from v3.6.8 to v.4.0.0 and restart WS. -uninstall everything completely and did a fresh 4.0.0 install and restart WS. -reboot after the installation. All to no avail. No Map button but a Map dropdown box on the left side is there and becomes available if the iPv4 column is selected. Geomap will be displayed as soon as the Browser is selected from the dropdown, which is good, but I really wish the Geo Column(s) are still displayed on the Endpoint window. Let me know if you have the trick. Tnx!

arthurvp gravatar imagearthurvp ( 2022-10-20 03:45:36 +0000 )edit

I really wish the Geo Column(s) are still displayed on the Endpoint window.

That's what the issue #18320 to which Chuckc referred was about.

Let me know if you have the trick.

The only trick to get those columns is to wait for 4.0.1 to be released and then update to 4.0.1, or, if you're willing to take a risk with a "cutting edge" build rather than an official release, try one of the 4.0-branch automated builds - get the latest "Wireshark-win64-3.6.9rc0" build from the current set of automated Win64 builds (don't do a 4.1.0 build, that's from the main branch and has a higher risk of buggy behavior or behavior that may change in the 4.2.0 release next year).

There's no trick to force 4.0.0 to show them - it's not ...(more)

Guy Harris gravatar imageGuy Harris ( 2022-10-20 06:04:56 +0000 )edit
add a comment
0

answered 2022-09-06 08:50:12 +0000

SYN-bit gravatar image

IIRC you need to restart Wireshark to make GeoLocation active, not sure why and/or if there is already an issue raised for this. But could you try if that fixes it for you?

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-09-05 13:56:14 +0000

Seen: 1,521 times

Last updated: Oct 20 '22

Related questions

How to in-able ip filtering in WS? And Geo-locate as well via WS?

In Wireshark GUI endpoints/ip4/map save as HTML it is possible , same way how to export in tshark command ? As a html file ?? Please anyone know the cmd .

How can I automate the productions of maps from IPv4 endpoints?

GeoInfo isn't in list of endpoints