Revision history [back]

Revision 3

updated 2018-12-31 18:12:14 +0000

Can't extract MaxmindDb's columns from tshark

Hi, I compiled tshark on linux without GUI(wireshark 2.6.4). I downloaded the GeoIP databases mmdb files.. When I typed tshark -G folders I got:

MaxMind database path:  /usr/share/GeoIP
MaxMind database path:  /var/lib/GeoIP
MaxMind database path:  /usr/share/GeoIP

I put my files in there but it didn't extract the data.. I tried to run the command like this:

tshark -r  test.pcap -o "ip.use_geoip: TRUE"  -T json

I didn't get the columns of GeoIp. Do you have any suggestions why it doesn't work? Thanks.

Revision 2

13.7k

Jaap

updated 2018-12-19 17:01:05 +0000

Can't extract MaxmindDb's columns from tshark

Hi, I compiled tshark on linux without GUI(wireshark 2.6.4). I downloaded the GeoIP databases mmdb files.. When I i typed ~~tshark~~ Tshark -G folders I folder i got:

MaxMind database path:  /usr/share/GeoIP
MaxMind database path:  /var/lib/GeoIP
MaxMind database path:  /usr/share/GeoIP

I put my files in there but it didn't extract the data.. I tried to run the command like ~~this:~~

this:
tshark -r  test.pcap -o "ip.use_geoip: TRUE"  -T json

I didn't ~~get~~ got the ~~columns~~ colmuns of ~~GeoIp.~~ GeoIp.. Do you have any suggestions why it doesn't work? Thanks.

Revision 1

JohnSynAck

asked 2018-12-19 14:38:43 +0000

Can't extract MaxmindDb's columns from tshark

Hi, I compiled tshark on linux without GUI(wireshark 2.6.4). I downloaded the GeoIP databases mmdb files.. When i typed Tshark -G folder i ~~got:~~

got:
MaxMind database path:  /usr/share/GeoIP
MaxMind database path:  /var/lib/GeoIP
MaxMind database path:  /usr/share/GeoIP

I put my files in there but it didn't extract the data.. I tried run the command like this: tshark -r test.pcap -o "ip.use_geoip: TRUE" -T json I didn't got the colmuns of GeoIp.. Do you have any suggestions why it doesn't work? Thanks.