

The way this is done differs from operating system to operating system. Start the Wireshark – You need to run Wireshark on an account with sufficient privileges to capture, or need to give the account on which you’re running Wireshark sufficient privileges to capture. Let’s take a look at the basics of using Wireshark to capture and analyze traffic. It can decode different protocols that it sees, so you could, for instance, reconstruct the audio of Voice over IP (VoIP) phone calls.

Wireshark can be used to capture Ethernet, wireless, Bluetooth, and many other kinds of traffic. A RIR is a nonprofit organization that allocates IPv4, IPv6 and ASN (Autonomous System Numbers).Wireshark is a graphical network protocol analyzer that lets us take a deep dive into the individual packets moving around the network. The answer is simple, from one or more RIRs (Regional Internet Registry). I hear you are asking “Where does one of the API get geolocation of an IP address from?”. When you are googling for " What is my IP address?", It probably takes you to a site which is using that kind of API.

There are many free services available on the internet as well as commercial ones which provide some sort of an API (Application Programing Interface) to their clients. With help of IP geolocation, we can find geographic location of an IP address. Especially when we do network forensic analysis which aims to detect attack patterns and identify attackers. There are times when we need to trace an IP address back to its origin (Country, City, AS Number etc.). Introduction to tracing IP Address with Wireshark Step-2: Load MaxMind Database into Wiresark.Adding MaxMind Databases Path to Wireshark.Step-2: Download MaxMind ZIP Files in mmdb format.Downloading MaxMind Geolocation Databases.Introduction to tracing IP Address with Wireshark.
