While I was diagnosing a pcapng file on my linux laptop (Debian Wheezy), I wanted to map out where the packets were coming from, so I followed the standard procedure for a building a GeoIP map…
Setup
- Downloaded all the IPv4 GeoIP files into a dedicated directory (
/home/mpenning/geoip) - Extracted the
.gzfiles withgzip -dc filename.dat.gz > filename.dat - Pointed wireshark to the GeoIP files… Edit > Preferences > Name Resolution > GeoIP database directories > New
- Restarted Wireshark, and opened my pcap
- Statistics > Endpoints > IPv4 > Map
Question
I can see the GeoIP data points in the ipmap.html file; however, when I open the file in my browser, it was blank. How can I get wireshark to correctly display the GeoIP map?
Details
- Debian Wheezy (x86)
-
Output from
wireshark --version…mpenning@Mudslide:~/geoip$ wireshark –version
wireshark 1.8.2 Copyright 1998-2012 Gerald Combs and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (32-bit) with GTK+ 2.24.10, with Cairo 1.12.2, with Pango 1.30.0, with GLib 2.32.4, with libpcap, with libz 1.2.7, with POSIX capabilities (Linux), with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.20, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Dec 7 2011 23:44:47), with AirPcap. Running on Linux 3.2.0-4-686-pae, with locale en_US.UTF-8, with libpcap version 1.3.0, with libz 1.2.7, GnuTLS 2.12.20, Gcrypt 1.5.0, without AirPcap. Built using gcc 4.7.2. mpenning@Mudslide:~/geoip$
File: ipmap.html
<?xml version="1.0" encoding="UTF-8"?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wireshark: IP Location Map</title>
<style type="text/css">
body {
font-family: Arial, Helvetica, sans-serif; font-size: 13px;
line-height: 17px;
}
</style>
<script type="text/javascript" src="http://openlayers.org/api/OpenLayers.js"></script>
<script type="text/javascript" src="http://openstreetmap.org/openlayers/OpenStreetMap.js"></script>
<script type="text/javascript">
<!--
var map, layer;
var selectControl, selectedFeature;
function onPopupClose(event) {
selectControl.unselect(this.feature);
}
function EndpointSelected(event) {
var feature = event.feature;
popup = new OpenLayers.Popup.FramedCloud("endpoint",
feature.geometry.getBounds().getCenterLonLat(),
new OpenLayers.Size(25,25),
"<h3>"+ feature.attributes.title + "</h3>" +
feature.attributes.description,
null, true, onPopupClose);
feature.popup = popup;
popup.feature = feature;
map.addPopup(popup);
}
function EndpointUnselected(event) {
var feature = event.feature;
if (feature.popup) {
popup.feature = null;
map.removePopup(feature.popup);
feature.popup.destroy();
feature.popup = null;
}
}
function init() {
var endpoints = {
"type": "FeatureCollection",
"features": [ // Start endpoint list - MUST match hostlist_table.c
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-121.870499, 37.440399] },
'properties': { 'title': '24.6.173.220', 'description': 'AS: AS7922 Comcast Cable Communications, Inc.<br/>Country: United States<br/>City: Milpitas, CA<br/>Packets: 2376<br/>Bytes: 1744436' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-121.894997, 37.339401] },
'properties': { 'title': '68.87.76.182', 'description': 'AS: AS7922 Comcast Cable Communications, Inc.<br/>Country: United States<br/>City: San Jose, CA<br/>Packets: 244<br/>Bytes: 26329' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-118.298698, 33.786598] },
'properties': { 'title': '199.181.132.250', 'description': 'AS: AS8137 Disney Online<br/>Country: United States<br/>City: Burbank, CA<br/>Packets: 10<br/>Bytes: 1374' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-118.298698, 33.786598] },
'properties': { 'title': '198.105.194.105', 'description': 'AS: AS8137 Disney Online<br/>Country: United States<br/>City: Burbank, CA<br/>Packets: 85<br/>Bytes: 69473' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-71.084297, 42.362598] },
'properties': { 'title': '69.22.148.82', 'description': 'AS: AS4436 nLayer Communications, Inc.<br/>Country: United States<br/>City: Cambridge, MA<br/>Packets: 494<br/>Bytes: 434075' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-97.000000, 38.000000] },
'properties': { 'title': '24.143.203.16', 'description': 'AS: AS7843 Time Warner Cable Internet LLC<br/>Country: United States<br/>City: -<br/>Packets: 89<br/>Bytes: 62863' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-104.873802, 39.623699] },
'properties': { 'title': '204.2.164.118', 'description': 'AS: AS2914 NTT America, Inc.<br/>Country: United States<br/>City: Englewood, CO<br/>Packets: 98<br/>Bytes: 71411' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-118.298698, 33.786598] },
'properties': { 'title': '68.71.208.113', 'description': 'AS: AS8137 Disney Online<br/>Country: United States<br/>City: Burbank, CA<br/>Packets: 10<br/>Bytes: 1894' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-97.000000, 38.000000] },
'properties': { 'title': '24.143.203.18', 'description': 'AS: AS7843 Time Warner Cable Internet LLC<br/>Country: United States<br/>City: -<br/>Packets: 92<br/>Bytes: 82142' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-71.084297, 42.362598] },
'properties': { 'title': '205.234.225.88', 'description': 'AS: AS4436 nLayer Communications, Inc.<br/>Country: United States<br/>City: Cambridge, MA<br/>Packets: 13<br/>Bytes: 2572' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-118.298698, 33.786598] },
'properties': { 'title': '68.71.220.175', 'description': 'AS: AS8137 Disney Online<br/>Country: United States<br/>City: Burbank, CA<br/>Packets: 10<br/>Bytes: 2402' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-104.873802, 39.623699] },
'properties': { 'title': '204.2.164.104', 'description': 'AS: AS2914 NTT America, Inc.<br/>Country: United States<br/>City: Englewood, CO<br/>Packets: 124<br/>Bytes: 101358' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-98.398697, 29.488899] },
'properties': { 'title': '72.32.153.176', 'description': 'AS: AS33070 Rackspace Hosting<br/>Country: United States<br/>City: San Antonio, TX<br/>Packets: 39<br/>Bytes: 26300' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-71.084297, 42.362598] },
'properties': { 'title': '69.22.148.33', 'description': 'AS: AS4436 nLayer Communications, Inc.<br/>Country: United States<br/>City: Cambridge, MA<br/>Packets: 114<br/>Bytes: 100615' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-71.084297, 42.362598] },
'properties': { 'title': '69.22.148.42', 'description': 'AS: AS4436 nLayer Communications, Inc.<br/>Country: United States<br/>City: Cambridge, MA<br/>Packets: 23<br/>Bytes: 15818' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-122.094597, 37.304199] },
'properties': { 'title': '143.127.102.125', 'description': 'AS: AS16733 Symantec Corporation<br/>Country: United States<br/>City: Cupertino, CA<br/>Packets: 10<br/>Bytes: 1229' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-88.054001, 42.053398] },
'properties': { 'title': '138.108.29.10', 'description': 'AS: AS16477 ACNIELSEN<br/>Country: United States<br/>City: Schaumburg, IL<br/>Packets: 10<br/>Bytes: 1520' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-111.961800, 40.324501] },
'properties': { 'title': '66.235.133.11', 'description': 'AS: AS15224 Adobe Systems Inc.<br/>Country: United States<br/>City: Lehi, UT<br/>Packets: 9<br/>Bytes: 3410' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-77.487503, 39.043701] },
'properties': { 'title': '184.73.230.118', 'description': 'AS: AS14618 Amazon.com, Inc.<br/>Country: United States<br/>City: Ashburn, VA<br/>Packets: 10<br/>Bytes: 1384' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-97.000000, 38.000000] },
'properties': { 'title': '24.143.203.42', 'description': 'AS: AS7843 Time Warner Cable Internet LLC<br/>Country: United States<br/>City: -<br/>Packets: 10<br/>Bytes: 1650' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-104.873802, 39.623699] },
'properties': { 'title': '204.2.164.8', 'description': 'AS: AS2914 NTT America, Inc.<br/>Country: United States<br/>City: Englewood, CO<br/>Packets: 47<br/>Bytes: 35518' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-118.298698, 33.786598] },
'properties': { 'title': '68.71.208.178', 'description': 'AS: AS8137 Disney Online<br/>Country: United States<br/>City: Burbank, CA<br/>Packets: 16<br/>Bytes: 9332' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-98.398697, 29.488899] },
'properties': { 'title': '72.32.153.177', 'description': 'AS: AS33070 Rackspace Hosting<br/>Country: United States<br/>City: San Antonio, TX<br/>Packets: 16<br/>Bytes: 2476' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-122.419403, 37.774899] },
'properties': { 'title': '63.233.61.22', 'description': 'AS: AS20940 Akamai International B.V.<br/>Country: United States<br/>City: San Francisco, CA<br/>Packets: 766<br/>Bytes: 678473' }
},
{
'type': 'Feature', 'geometry': { 'type': 'Point', 'coordinates': [-118.298698, 33.786598] },
'properties': { 'title': '68.71.209.230', 'description': 'AS: AS8137 Disney Online<br/>Country: United States<br/>City: Burbank, CA<br/>Packets: 37<br/>Bytes: 10818' }
},
]
};
map = new OpenLayers.Map('map', {
controls: [
new OpenLayers.Control.PanZoomBar(),
new OpenLayers.Control.ZoomBox(),
new OpenLayers.Control.ScaleLine(),
new OpenLayers.Control.MousePosition(),
new OpenLayers.Control.MouseDefaults(),
new OpenLayers.Control.Attribution()
],
//projection: new OpenLayers.Projection("EPSG:900913"),
//displayProjection: new OpenLayers.Projection("EPSG:4326"),
//maxExtent: new OpenLayers.Bounds(-20037508.34,-20037508.34, 20037508.34, 20037508.34),
//numZoomLevels: 18,
//maxResolution: 156543,
//units: "m"
});
layer = new OpenLayers.Layer.WMS("OpenLayers WMS",
"http://vmap0.tiles.osgeo.org/wms/vmap0",
{layers: 'basic'} );
map.addLayer(layer);
//map.addLayer(new OpenLayers.Layer.OSM.Mapnik("Mapnik"));
//map.addLayer(new OpenLayers.Layer.Text("IP Locations", {
// location: map_file, projection: new OpenLayers.Projection("EPSG:4326")} ) );
//
//map.setCenter(new OpenLayers.LonLat(lon, lat), zoom);
var geojson_format = new OpenLayers.Format.GeoJSON();
var vector_layer = new OpenLayers.Layer.Vector("IP Endpoints");
map.addLayer(vector_layer);
vector_layer.addFeatures(geojson_format.read(endpoints));
if (endpoints.features.length < 1) {
document.getElementById("statusmsg").innerHTML = "No endpoints to map";
} else {
map.zoomToExtent(vector_layer.getDataExtent());
}
selectControl = new OpenLayers.Control.SelectFeature(vector_layer);
map.addControl(selectControl);
selectControl.activate();
vector_layer.events.on({
'featureselected': EndpointSelected,
'featureunselected': EndpointUnselected
});
}
// -->
</script>
</head>
<body onload="init()">
<div id="statusmsg" style="float: right; z-index: 9999;"></div>
<div id="map" style="z-index: 0;"></div>
</body>
</html>
Best Answer
It turns out that I hit Wireshark bug 5016... based on the code diffs in the bug's attachment, I got the map to display by making some minor changes to the contents of
ipmap.html...A unix diff of the before and after looks like this...
/tmp/ipmap.htmlis the working copy...Just change
OpenLayers.Control.MouseDefaults()toOpenLayers.Control.Navigation(), and then remove the trailing comma after the bracket containing the value we changed. Now I have a working map...Excerpt from the working html file...