example made on Linux ( Kali linux 2016.2 ) ... it will work the same way on windows
we will generate the map by analyzing a pcap file using Wireshark and GeoLite database to locate every IP the map.
how to Generate a GeoIP Map report
Step 1 ) we need to download the GeoIP database:
|GeoLite Country - GeoLite Country IPv6 - GeoLite City - GeoLite City IPv6 (Beta) - GeoLite ASN - GeoLite ASN IPv6|
Step 2) Extract all file's into one folder
Step 3) Open wireshark
C) Name Resolution
D) GeoIP database Directories
E) New ) Choose the folder where you extract all the files in step 2
Step 4) Restart WireShark
in order to apply the changes you need to restart Wireshark, you can now open an old pcap file or create new traffic capture
A) Open the pcap file you want to analysis
B) Statistics ) Endpoints ) IPv4 ) Map
Click on Map and your web browser will load with a map like this >>>
every point is an IP address is you click on the point you will get that IP
Wireshark is the world's most popular network analytics tool. This powerful tool can capture data on the network, and provide Network Administrator with a variety of information about the network and upper layer protocols. Like many other Network tools, Wireshark also uses pcap network library for packet capture.
Wireshark original name is Ethereal, 2006.
Ethereal was the main developer decided to leave the company he had worked in, and continue to develop the software.
But due to trademark issues the project was renamed Wireshark .