If your copy of Wireshark supports MaxMind’s GeoIP library, you can use their databases to match IP addresses to countries, cites, autonomous system numbers, ISPs, and other bits of information. Some databases are available at no cost, while others require a licensing fee. See the MaxMind web site for more information.
This table is handled by an Section 10.7, “User Table” with the following fields.
- Database pathname
-
This specifies a directory containing GeoIP data files. Any files beginning with Geo and ending with .dat will be automatically loaded. A total of 8 files can be loaded.
The locations for your data files are up to you, but
/usr/share/GeoIP(Linux),C:\GeoIP(Windows),C:\Program Files\Wireshark\GeoIP(Windows) might be good choices.