Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Can't extract MaxmindDb's columns from tshark

Hi, I compiled tshark on linux without GUI(wireshark 2.6.4). I downloaded the GeoIP databases mmdb files.. When i typed Tshark -G folder i got: MaxMind database path: /usr/share/GeoIP MaxMind database path: /var/lib/GeoIP MaxMind database path: /usr/share/GeoIP I put my files in there but it didn't extract the data.. I tried run the command like this: tshark -r test.pcap -o "ip.use_geoip: TRUE" -T json I didn't got the colmuns of GeoIp.. Do you have any suggestions why it doesn't work? Thanks.

click to hide/show revision 2
None

Can't extract MaxmindDb's columns from tshark

Hi, I compiled tshark on linux without GUI(wireshark 2.6.4). I downloaded the GeoIP databases mmdb files.. When i typed Tshark -G folder i got: got:

MaxMind database path:  /usr/share/GeoIP
MaxMind database path:  /var/lib/GeoIP
MaxMind database path:  /usr/share/GeoIP

I put my files in there but it didn't extract the data.. I tried run the command like this: tshark -r test.pcap -o "ip.use_geoip: TRUE" -T json I didn't got the colmuns of GeoIp.. Do you have any suggestions why it doesn't work? Thanks.

Can't extract MaxmindDb's columns from tshark

Hi, I compiled tshark on linux without GUI(wireshark 2.6.4). I downloaded the GeoIP databases mmdb files.. When i I typed Tshark tshark -G folder i folders I got:

MaxMind database path:  /usr/share/GeoIP
MaxMind database path:  /var/lib/GeoIP
MaxMind database path:  /usr/share/GeoIP

I put my files in there but it didn't extract the data.. I tried to run the command like this: this:

tshark -r  test.pcap -o "ip.use_geoip: TRUE"  -T json

I didn't got get the colmuns columns of GeoIp.. GeoIp. Do you have any suggestions why it doesn't work? Thanks.