KaliTut

Kali Linux tutorial and Linux system tips

how to make IP geolocation map using WireShark

Last Updated on by Leave a Comment

we will use wireshark and GeoIp to make an ip geolocation map, If Wireshark is compiled with GeoIP support and you have free Maxmind databases, then the program can determine the location of computers by their IP addresses. Check in About | Wireshark , that the program is compiled with the version that you have available. If GeoIP is on the list, then check the availability of GeoLite City, Country, and ASNum databases on the disk.

how to generate ip geolocation map

How to use the Maxmind GeoLite database to generate a ip geolocation map …
example made on Linux ( Kali Linux ) … it will work the same way on windows
we will generate the map by analyzing a pcap file using Wireshark and GeoLite database to locate every IP the map.

how to Generate a GeoIP Map report

https://www.youtube.com/watch?v=x1Oq2gO84qw

Step 1:
we need to download the GeoIP database:

ip geolocation map
ip geolocation map
  • GeoLite Country
  • GeoLite Country IPv6
  • GeoLite City
  • GeoLite City IPv6 (Beta)
  • GeoLite ASN
  • GeoLite ASN IPv6

Download GeoLite: http://dev.maxmind.com/geoip/legacy/geolite/

Step 2: Extract all file’s into one folder

  • Step 3: Open Wireshark
    • A) Edit
    • B) Preferences
geoip database
    • C) Name Resolution
    • D) GeoIP database Directories
wireshark network analysis

E) Now Choose the folder where you extract all the files in step 2

Step 4: Restart WireShark
in order to apply the changes you need to restart Wireshark, you can now open an old pcap file or create new traffic capture
A) Open the pcap file you want to analysis
B) Statistics ) Endpoints ) IPv4 ) Map

wireshark network analysis

Click on Map and your web browser will load with a map like this >>>
every point is an IP address is you click on the point you will get that IP

WireShark Map

What is WireShark ?
Wireshark is the world’s most popular network analytics tool. This powerful tool can capture data on the network, and provide Network Administrator with a variety of information about the network and upper-layer protocols. Like many other Network tools, Wireshark also uses pcap network library for packet capture.
Wireshark original name is Ethereal, 2006.
Ethereal was the main developer decided to leave the company he had worked in, and continue to develop the software.
But due to trademark issues, the project was renamed Wireshark.

Leave a Reply

Your email address will not be published. Required fields are marked *