This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Search based on country code/suffix

0

Right now, we can search based on geoip country name like the following:

ip and not ip.geoip.country == "United States"

Wonder if it's possible to search based on country code, for "United States", it's US, for Russian, it's RU.

Thanks.

asked 23 Oct '15, 16:53

pktUser1001's gravatar image

pktUser1001
201495054
accept rate: 12%

One Answer:

1

It's not currently possible. The GeoIP API appears to have GeoIP_country_code_by_ and GeoIP_country_code3_by_ routines that could be used in Wireshark, but they're not currently used, so there are no ip.geoip.country_code or ip.geoip.country_code3 fields.

Please file an enhancement request on the Wireshark Bugzilla.

answered 23 Oct '15, 19:40

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Thanks for the info. I will create an enhancement request on it.

(24 Oct '15, 16:02) pktUser1001