A case about suspicious malware App. A forensic examiner capatured some pcap files and he'd to know where the desitnation is. Let me show you how to solve it with wireshark. First you have to download GeoIP database files. Extract those archive files and put them into some directory.

Now goto [EDIT]->[Preference]

Click [Name Resolution] and [Edit] to setup the directory of GeoIP databases.

Click [New] to create a new entry.

Browse the directory to find where the GeoIP database files located.

Don't forget to click [OK] and restart wireshark.

Open a pcap file and click [Statistics]->[Endpoints]->[IPv4]

Take a look at [Country] and [City] and you will find where this malware has been.

How to trace the Geolocation of network traffic的更多相关文章

  1. MatterTrack Route Of Network Traffic :: Matter

    Python 1.1 基础 while语句 字符串边缘填充 列出文件夹中的指定文件类型 All Combinations For A List Of Objects Apply Operations ...

  2. Linux下按程序查实时流量 network traffic

    实然看到下载速度多达几M/s,但实际上并没有什么占用带宽的进程. 相查看每个程序占用的网络流量, 但系统自带的 System Monitor 只能查看全局的流量, 不能具体看某个程序的...... k ...

  3. Prometheus Node_exporter 之 Network Traffic Detail

    Network Traffic Detail /proc/net/dev 1. Network Traffic by Packets type: GraphUnit: packets/secLabel ...

  4. Android 性能优化(6)网络优化( 2) Analyzing Network Traffic Data:分析网络数据

    Analyzing Network Traffic Data 1.This lesson teaches you to Analyze App Network Traffic Analyze Netw ...

  5. Android 性能优化(5)网络优化 (1) Collecting Network Traffic Data 用Network Traffic tool :收集传输数据

    Collecting Network Traffic Data 1.This lesson teaches you to Tag Network Requests 标记网络类型 Configure a ...

  6. Iris Network Traffic Analyzer嗅探器

    网卡配置 ftp测试

  7. [转]Getting a Packet Trace

    src:https://developer.apple.com/library/mac/qa/qa1176/_index.html Technical Q&A QA1176 Getting a ...

  8. Identifying a distributed denial of service (DDOS) attack within a network and defending against such an attack

    The invention provides methods, apparatus and systems for detecting distributed denial of service (D ...

  9. Top 10 Free Wireless Network hacking/monitoring tools for ethical hackers and businesses

    There are lots of free tools available online to get easy access to the WiFi networks intended to he ...

随机推荐

  1. CSS中padding和margin以及用法

    CSS中padding与margin 1.padding:内边距,表示控件内容相对于边缘的距离. 2.margin:外边距,表示控件边缘相对于父空间的边缘. 参考:http://www.studyof ...

  2. 用Javascript大批量收集网站数据

    最近为了写论文,要大批量收集慕课网的相关用户数据(因为用户个人主页是公开的),故而写了一个插件进行收集.需要在慕课网控制台输入.最后收集了3000多份数据. /* 收集项 收集标准 用户编号 慕课网用 ...

  3. nodejs中的路由

    一.路由初步 url.parse(string).query | url.parse(string).pathname | | | | | ------ -------------------http ...

  4. 2429: [HAOI2006]聪明的猴子

    2429: [HAOI2006]聪明的猴子 Time Limit: 10 Sec  Memory Limit: 128 MBSubmit: 448  Solved: 309[Submit][Statu ...

  5. git remote log error

    使用git pull的时候收到以下信息: error: there are still refs under 'refs/remotes/origin/xxxx'From 10.1.25.57:yyy ...

  6. PHP数据访问批量删除(10261101)

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/ ...

  7. Azure Messaging-ServiceBus Messaging消息队列技术系列5-重复消息:at-least-once at-most-once

    上篇博客中,我们用实际的业务场景和代码示例了Azure Messaging-ServiceBus Messaging对复杂对象消息的支持和消息的持久化: Azure Messaging-Service ...

  8. Android 实现QQ第三方登录

    Android 实现QQ第三方登录 在项目中需要实现QQ第三方登录,经过一番努力算是写出来了,现在总结以下,以防以后遗忘,能帮到其他童鞋就更好了. 首先肯定是去下载SDK和DEMO http://wi ...

  9. Mybatis的@Options注解

    mybatis的@Options注解能够设置缓存时间,能够为对象生成自增的key 第一个使用场景: 有一个表 CREATE TABLE instance ( instance_id BIGINT UN ...

  10. 嵌入式ARM开发环境搭建

    1. 安装,配置,启动FTP服务 安装FTP: sudo apt-get install vsftpd 修改vsftpd的配置文件/etc/vsftpd.conf,将下面两行的'#'去掉#local_ ...