Ask Your Question
0

How to display GeoIP in Conversations?

asked 2018-12-11 00:03:51 +0000

coffeedonut gravatar image

updated 2018-12-11 20:46:53 +0000

cmaynard gravatar image

I have been trying to see GeoIP information on the IPv4 conversations. Following this Wireshark guide I have confirmed:
1. GeoIP is enabled in the Kali build.
2. GeoIP files are present in /usr/share/GeoIP/.

However when I go to Statistics & IPv4 conversations. Clicking on the Name resolution option I am only seeing the DNS resolution not the locations?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-12-11 00:52:22 +0000

Gerald Combs gravatar image

Does the Endpoints dialog show any GeoIP information? As far as I know we've never supported GeoIP in the Conversations dialog, primarily because adding multiple columns for both the source and destination addresses would make it unreasonably wide.

Also note that MaxMind has two database formats: GeoLite2 (.mmdb) and GeoLite Legacy. As the name implies, GeoLite Legacy is no longer supported. Wireshark 2.6 and later supports GeoLite2 but not GeoLite Legacy.

edit flag offensive delete link more

Comments

Doh! attention to detail failure. I looked at the guide so many times - it explicitly says Endpoints not Conversations. Yes, its working in Endpoints. Thanks.

coffeedonut gravatar imagecoffeedonut ( 2018-12-11 00:58:31 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-12-11 00:03:51 +0000

Seen: 733 times

Last updated: Dec 11 '18