I am using wireshark 2.6.3 and have installed the needed geoip databases but i can't see "compiled with geoip" in help>about wireshark

The database format that Maxmind distributes has changed, and so Wireshark has been modified to use the new databases. On version 2.6.3, you should see "with MaxMind DB resolver" instead of "compiled with GeoIP." The old GeoIP databases won't work with the latest versions of Wireshark.

Make sure you've downloaded the files from this link. Download the three files in the column labeled "Maxmind DB binary, gzipped," not the files in the column labeled "CSV format, zipped." The files are in a tar archive that has been gzipped. Extract everything, and you should end up with three files named "GeoLite2-ASN.mmdb," "GeoLite2-City.mmdb," and "GeoLite2-Country.mmdb." If you don't have a utility that will handle both .gz and .tar archives, 7-Zip works well and is free.

If you haven't already done so, go to Edit > Preferences > Name Resolution and click on "Edit" next to "MaxMind daatabase directories" and configure the location where you saved the three database files. If you configured this on an earlier version of Wireshark that was still using the GeoIP .dat files, this setting was labeled "GeoIP database directories" and it's a different setting, so you'll have to do it again. If you have multiple versions of Wireshark installed, you can have both the older GeoIP .dat files and the newer .mmdb files installed and configured. Note that MaxMind is no longer updating the GeoIP .dat files.

Maybe add some of these details to the Wireshark Users Guide?

Jaap gravatar imageJaap ( 2018-09-09 21:31:44 +0000 )edit

