Recently I changed cell phone providers to a company that focuses more on VOIP than Cell transmissions. I was doing some sniffing and inspecting of my VOIP traffic to see how secure my traffic was since it would be mostly traversing the internet now. (I <3 VOIP BTW) I quickly found myself elbow-deep in Wireshark again and was thinking about The Naughty List ( as I usually do ). I was wondering if there was some sort of GeoIP DB connector in Wireshark that would let me view the geo-location of some of the servers my cellphone was now connecting to. After a few minutes of searching, not only did I find that Wireshark comes with the configuration hook-ins needed for GeoIP DB info, but it can also output a world map with markers and info regarding traffic in the capture destined for the locations found. The html output doesn’t look as awesome as The Naughty List here at T3chkommie.com, but it is definitely useful enough! In fact, the same DB resources some of these blogs and Wireshark recommends are the same resources that The Naughty List has been using for a few years now.
If you are interested in setting this up for your own packet capturing frenzies, check out this link for a blog that I found which has some great screen shots and configuration examples. It should get you up and geo-locating your packet IP-DSTs in no time!
I have been known to script some GPS type stuff in the past. The Naughty List uses GEOIP data to keep tabs on who is doing what from where and my motorcycle dashcam project uses a GPS dongle and a RaspberryPi to take Lat and Lon samples to generate a Google Earth KML overlay of a recorded trip. So far they are two projects I am very proud of. I am thinking I might work on another Wireshark Lua script that not only helps out with the GeoIP DB info management, but also makes the Lua script generate a KML overlays for viewing PCAP GEOIP data in Google Earth! If you have ideas or requests, let’s here them.