First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to display GeoIP in Conversations?

I have been trying to see GeoIP information on the IPv4 conversations. Following this Wireshark guide I have confirmed:
1. GeoIP is enabled in the Kali build.
2. GeoIP files are present in /usr/share/GeoIP/.

However when I go to Statistics & IPv4 conversations. Clicking on the Name resolution option I am only seeing the DNS resolution not the locations?

coffeedonut's avatar
3
coffeedonut
asked 2018-12-11 00:03:51 +0000
cmaynard's avatar
11.1k
cmaynard
updated 2018-12-11 20:46:53 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Does the Endpoints dialog show any GeoIP information? As far as I know we've never supported GeoIP in the Conversations dialog, primarily because adding multiple columns for both the source and destination addresses would make it unreasonably wide.

Also note that MaxMind has two database formats: GeoLite2 (.mmdb) and GeoLite Legacy. As the name implies, GeoLite Legacy is no longer supported. Wireshark 2.6 and later supports GeoLite2 but not GeoLite Legacy.

Gerald Combs's avatar
3.5k
Gerald Combs
answered 2018-12-11 00:52:22 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Doh! attention to detail failure. I looked at the guide so many times - it explicitly says Endpoints not Conversations. Yes, its working in Endpoints. Thanks.

coffeedonut's avatar coffeedonut (2018-12-11 00:58:31 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer