Wireshark-users: Re: [Wireshark-users] Wireshark V1.2.0 & GeoIP

From: "Keith French" <keithfrench@xxxxxxxxxxxxx>
Date: Sun, 28 Jun 2009 20:35:06 +0100
Hi Sake,

Yes double clicking ipmap.html opens the map in Firefox OK, but it does not load when you click the map button in the Endpoints display.

Keith.

----- Original Message ----- From: "Sake Blok" <sake@xxxxxxxxxx>
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Sent: Saturday, June 27, 2009 1:53 PM
Subject: Re: [Wireshark-users] Wireshark V1.2.0 & GeoIP


Can you open ipmap.html in your browser manually? Does it show a map that
looks like it corresponds to your tracefile?

Cheers,


Sake

----- Original Message ----- From: "Keith French" <keithfrench@xxxxxxxxxxxxx>
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Sent: Saturday, June 27, 2009 2:14 PM
Subject: Re: [Wireshark-users] Wireshark V1.2.0 & GeoIP


Both of those files are in that folder.

----- Original Message ----- From: <j.snelders@xxxxxxxxxx> To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Sent: Saturday, June 27, 2009 12:32 PM
Subject: Re: [Wireshark-users] Wireshark V1.2.0 & GeoIP


Hi Sake,

It will create 2 files, ipmap.html and ipmap.txt, in the folder:
C:\Documents and Settings\<user>\Local Settings\Temp

Groeten;-)
Joke

On Sat, 27 Jun 2009 12:04:07 +0200 Sake Blok wrote:

Keith,

I haven't used GeoIP myself, but I know from the changes that it will
create

a temporary file to load into your browser. I haven't checked where it
will

create the file on Winwods, but it does it in /tmp on linux. Maybe the
permissions of the directory that WS uses are restricted (or maybe WS
tries

to a directory that does not exist on your system).

Hope this helps,
Cheers,
     Sake

----- Original Message ----- From: <j.snelders@xxxxxxxxxx>
To: "Community support list for Wireshark"
<wireshark-users@xxxxxxxxxxxxx>
Sent: Saturday, June 27, 2009 11:49 AM
Subject: Re: [Wireshark-users] Wireshark V1.2.0 & GeoIP


Hi Keith,

I'm sorry, I don't have got any other ideas.
Anybody else?

BTW
Got it working on another pc with Windows 7/Firefox as well.

Regards
Joan

On Fri, 26 Jun 2009 22:21:09 +0100 Keith French wrote:
I have got it working on another PC, but I still can't get it to work
on
my
main PC. Like you I am running Firefox 3.0.11 as my default browser and

JavaScript is enabled. When I click the Map button, it doesn't even
make
any
attempt to load the browser.

I have also tried it with IE8 & JavaScript enabled, but that is no
better

either.


----- Original Message ----- From: <j.snelders@xxxxxxxxxx>
To: "Community support list for Wireshark"
<wireshark-users@xxxxxxxxxxxxx>
Sent: Friday, June 26, 2009 3:41 PM
Subject: Re: [Wireshark-users] Wireshark V1.2.0 & GeoIP


Hi Keith,

Perhaps this is the problem:
the browser must have javascript enabled.

I don't have any problems using GeoIp.
I use Mozilla Firefox 3.0.11 as default browser.

Wireshark Version 1.2.0 (SVN Rev 28753)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and
contributors.
This is free software; see the source for copying conditions. There
is
NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.

Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version
unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with
SMI

0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt
1.4.4,

with
MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 15 2009),
with
AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap
version
4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0,
GnuTLS

2.8.1,
Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Hope this helps,
Joan

On Fri, 26 Jun 2009 14:07:42 +0100 Keith French wrote:
I am trying to get this new GeoIP feature working in Wireshark V1.2.0

running
on Windows XP Pro. I have tried following the video by Laura Chappell
and
the article on the Wiki, but can't get the map to display.

I have downloaded the three GeoLite databases in compressed gz format
and
extracted them all to the same folder under My Documents. Then in
Wireshark
Preferences under Name Resolution I have set the GeoIP Database
Directories
dialog to contain one entry pointing to this folder where the
databases
are
extracted to:-

C:\Documents and Settings\User Name\My Documents\GeoIP

I then clicked OK and restarted Wireshark.

When I take a trace and then look in Endpoints, under the IP4 tab, I
can
see the Country, City, AS Number, Longitude & Latitude columns all
populated.

However, if I click the map button (with an internet connection)
nothing
happens.

Any idea what I am doing wrong?

Keith French.





___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


--------------------------------------------------------------------------------



No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.375 / Virus Database: 270.12.93/2205 - Release Date: 06/27/09
05:53:00

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


--------------------------------------------------------------------------------



No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.375 / Virus Database: 270.12.93/2206 - Release Date: 06/27/09 17:55:00