GeoIP with Tshark in linux without GUI
Hi, I compiled the source code of wireshark with out wireshark(it's a vm without GUI). Then i searched for place to put the Maxmind.dat files.. i found some various places to put it in there, but i couldn't extract the geoip.country with tshark. Example of my tshark command: tshark -r test.pcap -T json -e ip.geoip.src_country
The places i tried to put the geoip_db_paths file: /usr/share/wireshark, /usr/local/lib/wireshark, /usr/local/lib64/wireshark, /usr/local/include/wirehshark /usr/local/shark/wireshark
Thanks.
Hi
Can you let us know exactly how you compiled this please. I Have the same issue, GeoIP works when tshark is installed from package, but not compiled.
Many thanks