This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how do I use the maxmind Geo IP databases when using tshark?

0

Hi, How do I use the maxmind Geo IP databases when using tshark, using the terminal (or how do tell tshark to refer to the downloaded database files)? There is no gui on the system so I cannot add using wireshark.

Thanks, qwerfdsa

asked 04 Mar '13, 18:54

qwerfdsa's gravatar image

qwerfdsa
16225
accept rate: 0%

One Answer:

0

You will need to have a ~/.wireshark/geoip_db_paths file; it should contain a line giving the absolute path name of the GeoIP database directory, in double-quotes. For example, mine has the line

"/Users/gharris/GeoIP"

because they're stored in a directory named GeoIP under my home directory.

answered 04 Mar '13, 21:54

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%