Wireshark-users: Re: [Wireshark-users] Problem with GeoIP

From: Gordon Widera <gwidera@xxxxxxxxx>
Date: Sun, 30 Aug 2009 23:24:33 -0700
Hi Joan,

I've gone through the links but was not able to verify if I have a virus. I've went on-line and ran several different virus scans, (ie Panda, StopZilla, Spybot, etc.), as well as, my own Avast anti-virus software but all I found was Adware. In addition, I tried the OTMoveIT2 software with no luck, I still get the Move Items window when I run Map. At this point I think I'm just going to double click "ipmap.html" when I want to see a map.

Thanks for all your help. I appreciate all the time and suggestions you put into this.

Best Regards

Gordon

On Sun, Aug 30, 2009 at 12:38 AM, <j.snelders@xxxxxxxxxx> wrote:
Hi Gordon,

I've been googling for MoveIt and peek.txt:
http://www.geekstogo.com/forum/win32-TrojanProxy-Horst-Ad-Aware-log-included-t201103.html
http://www.spywareinfoforum.com/lofiversion/index.php/t102258.html
http://www.atribune.org/forums/index.php?showtopic=4504&mode=threaded&pid=23184

Hope this helps somehow
Joan


On Sat, 29 Aug 2009 16:44:50 -0700 Gordon Widera wrote:
>
>Hi Joan,
>
>I checked and yes _javascript_ is enabled. Another observation, when I click
>the "Cancel" button on the "Move items" window another identical "Move
>items" window appears. When I click the "Cancel" button again a Notepad
file
>with the title "PEEK.TXT" appears. The file is void of text.
>
>Thanks
>
>Gordon
>
>On Sat, Aug 29, 2009 at 3:23 PM, <j.snelders@xxxxxxxxxx> wrote:
>
>> Hi Gordon,
>>
>> Could it have something to do with the java settings?
>> The browser must have _javascript_ enabled.
>> Although if I disable it, I still don't get the "Move items" window, just
>> an empty "Wireshark: IP Location Map" (no map, no markers).
>>
>> Cheers
>> Joan
>>
>> On Sat, 29 Aug 2009 14:35:42 -0700 Gordon Widera wrote:
>> >Hi Joan,
>> >
>> >When I double click on a "ipmap.html" file I see the map, the red markers
>> >and the text with the IP and location information. This is what I would
>> >expect to see. I've attache a screen shot of the "Move items" window.
>> >
>> >Thanks
>> >
>> >Gordon
>> >
>> >On Sat, Aug 29, 2009 at 2:11 PM, <j.snelders@xxxxxxxxxx> wrote:
>> >
>> >> Hi Gordon,
>> >>
>> >> Can you open the ipmap.html files in the "Wireshark IP Map XXXXa01772"
>> >> folders?
>> >> Just curious to know. I've never got the Pop-Up Window "Move items".
>> >>
>> >> Good luck
>> >> Joan
>> >>
>> >> On Sat, 29 Aug 2009 13:00:46 -0700 Gordon Widera wrote:
>> >> >Hi Joan,
>> >> >
>> >> >Yes, I do see the folder. In fact, I see 12 folders about the same
>> number
>> >> >of
>> >> >attempts to try the "Map" function. All 12 folders contain the two
>> files
>> >> >you
>> >> >listed. As for Endpoints, yes I do the GeoIP information. (ie. Country,
>> >> AS
>> >> >Number, City, Latitude and Longitude). Lastly, like you, I am using
>FF
>> >> >v3.5.2.
>> >> >
>> >> >Thanks
>> >> >
>> >> >Gordon
>> >> >On Sat, Aug 29, 2009 at 11:17 AM, <j.snelders@xxxxxxxxxx> wrote:
>> >> >
>> >> >> Hi Gordon,
>> >> >>
>> >> >> Normally everytime you hit the Map button there is a folder created
>> >in:
>> >> >> C:\Documents and Settings\<user>\Local Settings\Temp
>> >> >>
>> >> >> The folder name looks like : Wireshark IP Map XXXXa03860 and contains
>> >> 2
>> >> >> files:
>> >> >> ipmap.html
>> >> >> ipmap.txt
>> >> >>
>> >> >> Do you see these folder/files?
>> >> >> Do you see the GeoIP info in the Endpoints (IPv4) window?
>> >> >> Also in the Packet Details Pane (IP)?
>> >> >>
>> >> >> I use Mozilla Firefox 3.5.2 as default browser.
>> >> >> Can't get it working with Internet Explorer 8.
>> >> >> Wireshark Version 1.2.1 (SVN Rev 29141)
>> >> >>
>> >> >> Best Regards
>> >> >> Joan
>> >> >>
>> >> >>
>> >> >> On Sat, 29 Aug 2009 09:51:31 -0700 Gordon Widera wrote:
>> >> >> >
>> >> >> >Everyone,
>> >> >> >
>> >> >> >I'm having problem getting GeoIP to work and could use some help.
>> I'm
>> >> >> >running WinXP SP3 and Wireshark v1.2.1.
>> >> >> >
>> >> >> >When I start a capture and try and execute GeoIP:
>> >> >> >
>> >> >> >Statistics | Endpoints | IPv4 | Map
>> >> >> >
>> >> >> >I get a Pop-Up Window with the following title and text:
>> >> >> >
>> >> >> >Move Items
>> >> >> >
>> >> >> >Select the place where you want to move 'ipmap.html'.
>> >> >> >Then click the Move button.
>> >> >> >
>> >> >> >I then select a folder but nothing happens.
>> >> >> >
>> >> >> >Here is my configuration. I've installed the following files on
>my
>> >> >> >workstation:
>> >> >> >
>> >> >> >C:\Program Files\Wireshark\GeoIPGeoIP.dat               1,135KB
>> >> >> >8/1/2009
>> >> >> >C:\Program Files\Wireshark\GeoIPGeoIPASNum.dat    2,214KB
>> >>  7/17/2009
>> >> >> >C:\Program Files\Wireshark\GeoIPGeoLiteCity.dat       32,046KB
>> >> >>  8/1/2009
>> >> >> >
>> >> >> >Next I made the following changes to Wireshark
>> >> >> >
>> >> >> >Edit | Preferences | Name Resolution | GeoIP database directories
>> >> >> >
>> >> >> >C:\Program Files\Wireshark\GeoIP
>> >> >> >
>> >> >> >Edit | Preferences | Protocols | IP
>> >> >> >
>> >> >> >Enable GeoIP lookups
>> >> >> >
>> >> >> >
>> >> >> >Any ideas?
>> >> >> >
>> >> >> >Thanks
>> >> >> >
>> >> >> >Gordon
>> >> >>
>> >> >>
>> >>
>> >___________________________________________________________________________
>> >> >> >Sent via:    Wireshark-users mailing list <
>> >> wireshark-users@xxxxxxxxxxxxx>
>> >> >> >Archives:    http://www.wireshark.org/lists/wireshark-users
>> >> >> >Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> >> >> >             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> >> >> ?subject=unsubscribe
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> ___________________________________________________________________________
>> >> >> Sent via:    Wireshark-users mailing list <
>> >> wireshark-users@xxxxxxxxxxxxx>
>> >> >> Archives:    http://www.wireshark.org/lists/wireshark-users
>> >> >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> >> >>             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> >> >> ?subject=unsubscribe
>> >> >>
>> >>
>> >>
>> >___________________________________________________________________________
>> >> >Sent via:    Wireshark-users mailing list <
>> wireshark-users@xxxxxxxxxxxxx>
>> >> >Archives:    http://www.wireshark.org/lists/wireshark-users
>> >> >Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> >> >             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> >> ?subject=unsubscribe
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> ___________________________________________________________________________
>> >> Sent via:    Wireshark-users mailing list <
>> wireshark-users@xxxxxxxxxxxxx>
>> >> Archives:    http://www.wireshark.org/lists/wireshark-users
>> >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> >>             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> >> ?subject=unsubscribe
>> >>
>> >
>> >Bijlage: Move Items.jpg
>> >
>>
>> >___________________________________________________________________________
>> >Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> >Archives:    http://www.wireshark.org/lists/wireshark-users
>> >Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> >             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> ?subject=unsubscribe
>>
>>
>>
>>
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> ?subject=unsubscribe
>>
>___________________________________________________________________________
>Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>Archives:    http://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe





___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe