A case about suspicious malware App. A forensic examiner capatured some pcap files and he'd to know where the desitnation is. Let me show you how to solve it with wireshark. First you have to download GeoIP database files. Extract those archive files and put them into some directory.

Now goto [EDIT]->[Preference]

Click [Name Resolution] and [Edit] to setup the directory of GeoIP databases.

Click [New] to create a new entry.

Browse the directory to find where the GeoIP database files located.

Don't forget to click [OK] and restart wireshark.

Open a pcap file and click [Statistics]->[Endpoints]->[IPv4]

Take a look at [Country] and [City] and you will find where this malware has been.

How to trace the Geolocation of network traffic的更多相关文章

  1. MatterTrack Route Of Network Traffic :: Matter

    Python 1.1 基础 while语句 字符串边缘填充 列出文件夹中的指定文件类型 All Combinations For A List Of Objects Apply Operations ...

  2. Linux下按程序查实时流量 network traffic

    实然看到下载速度多达几M/s,但实际上并没有什么占用带宽的进程. 相查看每个程序占用的网络流量, 但系统自带的 System Monitor 只能查看全局的流量, 不能具体看某个程序的...... k ...

  3. Prometheus Node_exporter 之 Network Traffic Detail

    Network Traffic Detail /proc/net/dev 1. Network Traffic by Packets type: GraphUnit: packets/secLabel ...

  4. Android 性能优化(6)网络优化( 2) Analyzing Network Traffic Data:分析网络数据

    Analyzing Network Traffic Data 1.This lesson teaches you to Analyze App Network Traffic Analyze Netw ...

  5. Android 性能优化(5)网络优化 (1) Collecting Network Traffic Data 用Network Traffic tool :收集传输数据

    Collecting Network Traffic Data 1.This lesson teaches you to Tag Network Requests 标记网络类型 Configure a ...

  6. Iris Network Traffic Analyzer嗅探器

    网卡配置 ftp测试

  7. [转]Getting a Packet Trace

    src:https://developer.apple.com/library/mac/qa/qa1176/_index.html Technical Q&A QA1176 Getting a ...

  8. Identifying a distributed denial of service (DDOS) attack within a network and defending against such an attack

    The invention provides methods, apparatus and systems for detecting distributed denial of service (D ...

  9. Top 10 Free Wireless Network hacking/monitoring tools for ethical hackers and businesses

    There are lots of free tools available online to get easy access to the WiFi networks intended to he ...

随机推荐

  1. Java设计模式之《单例模式》及应用场景

    摘要: 原创作品,可以转载,但是请标注出处地址:http://www.cnblogs.com/V1haoge/p/6510196.html 所谓单例,指的就是单实例,有且仅有一个类实例,这个单例不应该 ...

  2. Maven进阶宝典

    前言: 团队在开发过程中用的是maven项目,由于对maven的一些打包流程以及相关参数配置不是太了解,因此应大家的需求做一下maven的讲解,为了不误导大家,看了很多相关资料,自己也实验了一下,就把 ...

  3. java+++IO流操作

    序:IO流的操作主要分为两种读和写.一方面:我们可以通过不加缓冲类字符流BufferedReader/Writer和字节流BufferedInputStream/OutputStream来进行简单的读 ...

  4. Spring Data JPA 简单查询--接口方法

    一.接口方法整理速查 下表针对于简单查询,即JpaRepository接口(继承了CrudRepository接口.PagingAndSortingRepository接口)中的可访问方法进行整理.( ...

  5. aiohttp之添加静态资源路径

    所谓静态资源,是指图片.js.css等文件.官方的说明在这里. 以一个小项目来说明,下面是项目的目录结构: . ├── static │ ├── css │ │ ├── base.css │ │ ├─ ...

  6. Android开发之AsyncTask示例Demo

    今天做了一个AsyncTask的小Demo,内含注释,通过此Demo,可以对AsyncTask有一个详细的了解 已经将项目上传到了GitHub上(程序有一个小bug,在第一次提交有说明,有解决方法请留 ...

  7. 000 Python之禅

    The Zen of Python, by Tim Peters Beautiful is better than ugly.Explicit is better than implicit.Simp ...

  8. 平时自己项目中用到的CSS

    outline  当选中input元素的时候会出现状态线, outline设置成none就没了 input{ outline:none; } contentditable  设置元素内的文本是否可编辑 ...

  9. 反射实现 Data To Model

    调用 : public ActionResult Index() { DataTable dt = new DataTable(); dt.Columns.Add("Name"); ...

  10. Linux环境下的IDE,极大提升编程效率

    "一个真正的程序员是不用IDE(译者注:集成开发环境)的,他们都是用带着某某插件的文本编辑器来写代码."我们总能在某些地方听到此类观点.然 而,尽管越来越多的人同意这样的观点,但是 ...