Getting IP Location Information in Wireshark

Laura Chappell just posted a great tutorial on getting GeoIP working with the new version of Wireshark (1.2). I set it up myself recently and it only took a couple of minutes.

Abridged Instructions

1. Download the GeoIP (Lite) database files for country, city, and ASN.

2. Decompress them to a permanent directory on your hard drive.

3. Go to Wireshark’s preferences and click on the Location menu.

4. Add the location you created in step 2.

5. Restart Wireshark if it’s already running.

6. Once you’re capturing, got to Statistics -> Endpoints -> IPv4

7. Become happy.

Yes, extremely cool stuff.