How to display GeoIP in Conversations?

asked 2018-12-11

coffeedonut

updated 2018-12-11

cmaynard

I have been trying to see GeoIP information on the IPv4 conversations. Following this Wireshark guide I have confirmed:
1. GeoIP is enabled in the Kali build.
2. GeoIP files are present in /usr/share/GeoIP/.

However when I go to Statistics & IPv4 conversations. Clicking on the Name resolution option I am only seeing the DNS resolution not the locations?

answered 2018-12-11

Gerald Combs

Does the Endpoints dialog show any GeoIP information? As far as I know we've never supported GeoIP in the Conversations dialog, primarily because adding multiple columns for both the source and destination addresses would make it unreasonably wide.

Also note that MaxMind has two database formats: GeoLite2 (.mmdb) and GeoLite Legacy. As the name implies, GeoLite Legacy is no longer supported. Wireshark 2.6 and later supports GeoLite2 but not GeoLite Legacy.

Doh! attention to detail failure. I looked at the guide so many times - it explicitly says Endpoints not Conversations. Yes, its working in Endpoints. Thanks.

coffeedonut ( 2018-12-11 )

Asked: 2018-12-11

