Ask Your Question
0

Problem with GeoIP

asked 2018-10-09 08:27:02 +0000

D1mon gravatar image

updated 2018-10-09 08:47:20 +0000

OS: Manjaro (x64)
Wireshark version: wireshark-qt 2.6.3-1

In the settings, I do not have the option to select the path for geoip. So it should be? In "Statistics -> Endpoints" "Country" and "City" are not displayed and there is no "Map" button

ls -lh /usr/share/GeoIP
total 118M
-rw-r--r-- 1 root root 4.5M Apr 10 10:21 GeoIPASNum.dat
-rw-r--r-- 1 root root 5.3M Apr 10 10:21 GeoIPASNumv6.dat
-rw-r--r-- 1 root root  20M Apr 10 10:21 GeoIPCity.dat
-rw-r--r-- 1 root root  21M Apr 10 10:21 GeoIPCityv6.dat
-rw-r--r-- 1 root root 1.2M Apr 10 10:21 GeoIP.dat
-rw-r--r-- 1 root root 2.2M Apr 10 10:21 GeoIPv6.dat
-rw-r--r-- 1 root root 6.0M Oct  9 10:42 GeoLite2-ASN.mmdb
-rw-r--r-- 1 root root  55M Oct  9 10:42 GeoLite2-City.mmdb
-rw-r--r-- 1 root root 3.4M Oct  9 10:42 GeoLite2-Country.mmdb

https://imgur.com/a/F3jO6Ky

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2018-10-09 09:20:40 +0000

grahamb gravatar image

Does this blog post from @Jasper help?

You should be able to set the directory under Preferences -> Name Resolution -> MaxMind Database Directory.

edit flag offensive delete link more

Comments

See the screenshots: SEE. I do not have such an option !!!! See ls command - above.

D1mon gravatar imageD1mon ( 2018-10-09 09:49:32 +0000 )edit

Can you confirm your version, copy and paste the text info from Help -> About Wireshark -> Wireshark tab?

grahamb gravatar imagegrahamb ( 2018-10-09 10:02:13 +0000 )edit
Version 2.6.3 
Copyright 1998-2018 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (64-bit) with Qt 5.11.1, with libpcap, with POSIX capabilities (Linux), with libnl 3, with GLib 2.56.2, with zlib 1.2.11, without SMI, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.5.19, with Gcrypt 1.8.3, with MIT Kerberos, without MaxMind DB resolver, with nghttp2 1.32.0, with LZ4, without Snappy, with libxml2 2.9.8, with QtMultimedia, without SBC, without SpanDSP, without bcg729. 
Running on Linux 4.14.67-1-MANJARO, with AMD Athlon(tm) II X4 645 Processor, with 5963 MB of physical ...
(more)
D1mon gravatar imageD1mon ( 2018-10-09 10:07:05 +0000 )edit

Your build was made without the MaxMind resolver. From your version info:

Compiled (64-bit) with Qt 5.11.1, with libpcap, with POSIX capabilities (Linux), with libnl 3, with GLib 2.56.2, with zlib 1.2.11, without SMI, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.5.19, with Gcrypt 1.8.3, with MIT Kerberos, without MaxMind DB resolver, with nghttp2 1.32.0, with LZ4, without Snappy, with libxml2 2.9.8, with QtMultimedia, without SBC, without SpanDSP, without bcg729
grahamb gravatar imagegrahamb ( 2018-10-09 10:25:23 +0000 )edit

Tell me what is the name of the flag for .configure? Should "--with-geoip" remove it?

D1mon gravatar imageD1mon ( 2018-10-09 10:44:23 +0000 )edit

Installed "libmaxminddb" from AUR and added in the "--with-mmdbresolve" configuration(.configure) it may not have been necessary. Rebuilt the program. Everything worked, but there is no “Map” button.

Wireshark 2.6.0 Release Notes

  • The IP map feature (the “Map” button in the “Endpoints” dialog) has been removed.

Why??? :(

D1mon gravatar imageD1mon ( 2018-10-09 13:54:00 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-10-09 08:27:02 +0000

Seen: 787 times

Last updated: Oct 09 '18