setting up geoip in wireshark

10 months ago
17

I get many requests asking me how to configure Wireshark to use GEOIP.
For those of you who are not familiar with GEOIP, it’s a pretty simple database that Wireshark can use to look up IP addresses and tell you what country, etc the IP address originate or is destined for.
This is especially helpful for security people, and those who perform application baselines and want to know where the device is communicating. This could simply be an exercise in validating where your data is going, or in some cases to investigate malicious or suspicious application communication.
In the video below, I show you how to get GEOIP working with Wireshark. I encourage you to give it a try and you might be surprised what you will see.
As an added bonus, go to Statistics - Endpoints and click on the IP tab to see a cool summary of the same information. While you’re there click on the MAP button to see those IP addresses on a geographical map.
Too cool.

Loading comments...