A case about suspicious malware App. A forensic examiner capatured some pcap files and he'd to know where the desitnation is. Let me show you how to solve it with wireshark. First you have to download GeoIP database files. Extract those archive files and put them into some directory.

Now goto [EDIT]->[Preference]

Click [Name Resolution] and [Edit] to setup the directory of GeoIP databases.

Click [New] to create a new entry.

Browse the directory to find where the GeoIP database files located.

Don't forget to click [OK] and restart wireshark.

Open a pcap file and click [Statistics]->[Endpoints]->[IPv4]

Take a look at [Country] and [City] and you will find where this malware has been.

How to trace the Geolocation of network traffic的更多相关文章

  1. MatterTrack Route Of Network Traffic :: Matter

    Python 1.1 基础 while语句 字符串边缘填充 列出文件夹中的指定文件类型 All Combinations For A List Of Objects Apply Operations ...

  2. Linux下按程序查实时流量 network traffic

    实然看到下载速度多达几M/s,但实际上并没有什么占用带宽的进程. 相查看每个程序占用的网络流量, 但系统自带的 System Monitor 只能查看全局的流量, 不能具体看某个程序的...... k ...

  3. Prometheus Node_exporter 之 Network Traffic Detail

    Network Traffic Detail /proc/net/dev 1. Network Traffic by Packets type: GraphUnit: packets/secLabel ...

  4. Android 性能优化(6)网络优化( 2) Analyzing Network Traffic Data:分析网络数据

    Analyzing Network Traffic Data 1.This lesson teaches you to Analyze App Network Traffic Analyze Netw ...

  5. Android 性能优化(5)网络优化 (1) Collecting Network Traffic Data 用Network Traffic tool :收集传输数据

    Collecting Network Traffic Data 1.This lesson teaches you to Tag Network Requests 标记网络类型 Configure a ...

  6. Iris Network Traffic Analyzer嗅探器

    网卡配置 ftp测试

  7. [转]Getting a Packet Trace

    src:https://developer.apple.com/library/mac/qa/qa1176/_index.html Technical Q&A QA1176 Getting a ...

  8. Identifying a distributed denial of service (DDOS) attack within a network and defending against such an attack

    The invention provides methods, apparatus and systems for detecting distributed denial of service (D ...

  9. Top 10 Free Wireless Network hacking/monitoring tools for ethical hackers and businesses

    There are lots of free tools available online to get easy access to the WiFi networks intended to he ...

随机推荐

  1. call by value or reference ?

    Java中参数传递是传值还是传引用呢?很多人遇到这个问题都会马上给你抛出这个例子: class Entry{ Integer value; public Entry(Integer v){ this. ...

  2. 1441: Min

    1441: Min Time Limit: 5 Sec  Memory Limit: 64 MBSubmit: 320  Solved: 213[Submit][Status][Discuss] De ...

  3. 1782: [Usaco2010 Feb]slowdown 慢慢游

    1782: [Usaco2010 Feb]slowdown 慢慢游 Time Limit: 1 Sec  Memory Limit: 64 MBSubmit: 570  Solved: 346[Sub ...

  4. Codevs2018 反病毒软件

    2018 反病毒软件 时间限制: 1 s  空间限制: 128000 KB  题目等级 : 钻石 Diamond  查看运行结果   题目描述 Description 其实这个“反病毒软件”(Anti ...

  5. java开发之阿里云对象存储OSS和云数据库Memcache的使用

    web开发中标配:aliyun ECS(阿里云服务器),aliyun RDS(阿里云数据库),aliyun OSS(阿里云对象存储),aliyun Memcache(阿里云缓存数据库). 今天就介绍下 ...

  6. Cesium原理篇:3D Tiles(2)数据结构

    上一节介绍3D Tiles渲染调度的时候,我们提到目前Cesium支持的Cesium3DTileContent目前支持如下类型: Batched3DModel3DTileContent Instanc ...

  7. Jmeter BeanShell 时间格式化处理

    工作中碰到的,记录下 在XML格式的请求数据中,Soap接口请求中的日期参数格式是这样的"2016-07-20T18:03:00" 在日和时之间多了一个T 所以在Jmeter--& ...

  8. USB PE

    To put WinPE on a USB Stick, you must first make it bootable. Warning: This will destroy all the dat ...

  9. java学习(二)多态中成员变量详解

    今天我总结了一下java多态中成员变量的赋值与调用 举一个我当初做过的小案例: class Fu{ int num; void show(){} } class Zi extends Fu{ //in ...

  10. iOS 如何保持线程一直在运转(二)

    一.接着上一篇通过NSThread可以方便的创建一个线程,并且启动线程的Runloop,在线程体中执行一个while循环 然后我们就可以方便得利用这个线程了 - (void)threadRun:(NS ...