Ask Your Question
0

I would like to use geoip, but if i go to help>about wireshark, i don't see "compiled with geoip"

asked 2018-09-09 18:12:51 +0000

arandomguy gravatar image

I am using wireshark 2.6.3 and have installed the needed geoip databases but i can't see "compiled with geoip" in help>about wireshark

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-09-09 18:59:28 +0000

Jim Aragon gravatar image

The database format that Maxmind distributes has changed, and so Wireshark has been modified to use the new databases. On version 2.6.3, you should see "with MaxMind DB resolver" instead of "compiled with GeoIP." The old GeoIP databases won't work with the latest versions of Wireshark.

Make sure you've downloaded the files from this link. Download the three files in the column labeled "Maxmind DB binary, gzipped," not the files in the column labeled "CSV format, zipped." The files are in a tar archive that has been gzipped. Extract everything, and you should end up with three files named "GeoLite2-ASN.mmdb," "GeoLite2-City.mmdb," and "GeoLite2-Country.mmdb." If you don't have a utility that will handle both .gz and .tar archives, 7-Zip works well and is free.

If you haven't already done so, go to Edit > Preferences > Name Resolution and click on "Edit" next to "MaxMind daatabase directories" and configure the location where you saved the three database files. If you configured this on an earlier version of Wireshark that was still using the GeoIP .dat files, this setting was labeled "GeoIP database directories" and it's a different setting, so you'll have to do it again. If you have multiple versions of Wireshark installed, you can have both the older GeoIP .dat files and the newer .mmdb files installed and configured. Note that MaxMind is no longer updating the GeoIP .dat files.

edit flag offensive delete link more

Comments

Maybe add some of these details to the Wireshark Users Guide?

Jaap gravatar imageJaap ( 2018-09-09 21:31:44 +0000 )edit

Hi, I have added but not getting the map option in current version of Wireshark which is 4.0.8 and do the fresh download of database file as well. But still I am not getting any geo map option? one thing in this latest version only mention with Maxmind .

Khushboo gravatar imageKhushboo ( 2023-09-13 12:04:00 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2018-09-09 18:12:51 +0000

Seen: 1,208 times

Last updated: Sep 09 '18