How do I only filter data/ip's from a specific country? To keep this short: I want to specifically only display ip's and packet data from India, not filter it out. I am unable to find anything on how to do this. asked 19 Nov '16, 15:13  Jacob G |
One Answer:
Enable GeoIP lookups on IP and (display) filter answered 19 Nov '16, 16:19  Jaap ♦ |
Please also take a look at two tutorials on how to attach GeoIP databases to Wireshark:
http://www.lovemytool.com/blog/2014/10/wireshark-and-geoip-by-betty-dubois.html
https://www.youtube.com/watch?v=fX3hllaCFl8
...and also bear in mind that as some intentional and unintentional source IP obfuscating schemes exist, GeoIP only tells you where the device with public IP which has sent the packet is located, not where the user is located. There may be a branch office in India with a VPN to the headquarters in U.S. and all the traffic from the branch office may get to the internet via the HQ, and you may also have a reverse scheme with the HQ in India and the branch office in the U.S.
To make things even more complex, some people use VPNs to reach "obfuscation gateways" for public use if they want to prevent their network administrator from seeing where they browse.