If you’re tracing problems across a world-wide network, or just want to know where traffic and visitors are coming from, CloudShark’s new GeoIP maps will show you where in the world your packets are from.
The analysis tool gives you a map of the world shaded for the number of endpoints, packets, or bytes.
Changing what data is displayed on the map will update the table, and hovering over the graph or the table will highlight the corresponding entry. Clicking on a country will bring you right to the display filter for those packets. And, like everything else in CloudShark, can be accessed simply by URL.
Geolocation features are visible through the Endpoints analysis tool. If the network address is able to be resolved geographically, additional information like City, Country, and AS Number may also appear in the table along with Latitude and Longitude if available.
Private network addresses, including multicast, will not be resolved.
MaxMind GeoIP2 Databases
CloudShark includes the MaxMind GeoIP2 databases that translate IP addresses into City, Country, and ASN. Since this information is updated fairly frequently, these databases are refreshed with every CloudShark release.
Upgrading to MaxMind GeoIP
MaxMind offers more granular databases that can be purchased and downloaded independently from CloudShark. These databases are updated on a much more frequent basis. They can be installed on top of CloudShark and be used as a replacement for the default GeoIP2 databases.
CloudShark requires the binary format of the GeoIP databases. Once you have
these databases and have unzipped them you will need to copy them to a location
on the CloudShark Appliance that the
cloudshark user has permission to read.
For example place the database files in
Next edit the file
/usr/cloudshark/share/wireshark/maxmind_db_path and replace the
contents with the following:
Finally, run the following command to restart CloudShark’s cache system and use the updated GeoIP Databases for geolocation:
# sudo service memcached restart