First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

geoip map displays as white screened tab in Chrome/Firefox

Running LInux 21.10 and Wireshark Version 3.4.8 (Git v3.4.8 packaged as 3.4.8-1~ubuntu21.04.0+wiresharkdevstable1)

Have configured Wireshark to use geoip databases and get good results in endpoint analysis and layer 3 in packet details.

But when I click on the map button under endpoint analysis I simply get a white screened tab in Chrome. Saving the map in html file and opening in firefox locks up the application.

Using developer mode in chrome there are a number of errors on the generated webpage. Failed to load files with leaflet and marketcluster in filenames. Looks like it fails to load everything that would be needed to present a map.

Anything I can do to fix?

garryh's avatar
1
garryh
asked 2022-01-04 23:21:32 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

Please make sure you have libjs-leaflet and libjs-leaflet.markercluster installed.

Jaap's avatar
13.7k
Jaap
answered 2022-01-05 09:22:01 +0000, updated 2022-01-05 11:28:23 +0000
edit flag offensive 0 remove flag delete link
more

Comments

So it's time to file a bug against Ubuntu to make that a dependency, so it gets installed automatically if you install Wireshark. We didn't decide to make it use local files, they did, so that's on them.

Guy Harris's avatar Guy Harris (2022-01-05 09:52:27 +0000) edit
more
  • delete

Although installing that isn't sufficient; the Firefox window now says:

Select an ipmap.html or GeoJSON .json file as created by Wireshark.
[Browse...] No file selected.

Failed to load map data from GeoJSON file: TypeError: L.markerClusterGroup is not a function: data was: {
"type": "Feature Collection", "features": [ { "type": "Feature", "geometry": { "type": "Po... (3263 bytes)
Guy Harris's avatar Guy Harris (2022-01-05 10:11:54 +0000) edit
more
  • delete

Well, it is a dependancy already, just as a suggest from libwireshark-data. Like the rest of the GeoIP support, you have to pull in all relevant suggestions.

Jaap's avatar Jaap (2022-01-05 11:17:04 +0000) edit
more
  • delete

As for the failure, it seems that features of libjs-leaflet.markercluster are used. This is also a suggest dependancy from libwireshark-data.

Jaap's avatar Jaap (2022-01-05 11:27:21 +0000) edit
more
  • delete

Well, it is a dependancy already, just as a suggest from libwireshark-data. Like the rest of the GeoIP support, you have to pull in all relevant suggestions.

I refuse to consider something that doesn't pop up in Synaptic to be sufficient. Where are these "suggestions" offered in the user interface?

Guy Harris's avatar Guy Harris (2022-01-05 18:27:30 +0000) edit
more
  • delete
add a comment see more comments
0

Anything I can do to fix?

Look at the code and the developer mode errors, figure out what's wrong with the HTML, and fix the code that generates it.

What you can do to try to have somebody else fix it would be to file a bug report on the Wireshark issues list; it occurs with multiple browsers (I don't get a white screen with Safari or Chrome on macOS, but I don't get a map, either, just a gray display with a line that repeatedly says "North Fork Ninnescah River" in several places without showing me a river, and a green circle in the middle with a "3" inside it), so it's probably a bug.

That means it's not something you're doing wrong or that you can fix without doing Wireshark debugging and development.

(The Ninnescah River is, according to Open Street Map, in Kansas; is this another one of those "I can't geolocate this, so I'm going to dump you close to the geographic middle of the continental US" things, but not at the home of that unlucky couple who kept getting police showing up as a result of geolocating?)

Update: it's in the middle of the Cheney Reservoir, which is why it's gray; if I zoom out sufficiently, I can see labels for Wichita, Dodge City, Salina, etc. against a white background. But this is with the master branch of Wireshark; perhaps there's a bug in 3.4.x or 3.6.x.

Further update: yes, it probably dumped me in the middle of the reservoir because it couldn't find any of the IP addresses. With another capture, pinging some sites I expected would be found, it worked; I copied the file to an Ubuntu 20.04 system and opened it with Firefox, and it worked.

However, if I copied the capture to the Ubuntu system, which provides Wireshark 3.2.3, and open it with 3.2.3, the map doesn't work - it's all white, and it's all white if I copy it back to my Mac and open it with Safari. So it looks like a bug in 3.2.3, and it's probably still in 3.4.8. So please file the bug report.

Still further update: see Jaap's answer. This is a bug, but it's a bug in Ubuntu's packaging of Wireshark (which they might have inherited from Debian; I'll check).

Guy Harris's avatar
19.9k
Guy Harris
answered 2022-01-05 05:25:28 +0000, updated 2022-01-05 10:01:56 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer