Using GeoIP to look up physical locations of the IP address

Wireshark 1.1.2 and the higher versions can use GeoIP (commercial version) and GeoLite (free version) databases to look up the city, country, AS number, and other information for an IP address discovered by Wireshark.

Getting ready

Go to the following website: http://dev.maxmind.com/geoip/geolite.
For IPv4, download the following files (the binaries):
- GeoLite Country
- GeoLite City
- GeoLite ASN
For IPv6, download the following files:
- GeoLite Country (IPv6)
- GeoLite City (IPv6)
- GeoLite ASN (IPv6)
  Tip
  Autonomous System (AS) is a term used in Exterior Gateway Protocols (EGPs), for identifying all routers under the control of the same network operator. When you connect to the Internet through two different ...

Get Network Analysis Using Wireshark Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Analysis Using Wireshark Cookbook by Yoram Orzach

Using GeoIP to look up physical locations of the IP address

Getting ready

Tip

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly