A case about suspicious malware App. A forensic examiner capatured some pcap files and he'd to know where the desitnation is. Let me show you how to solve it with wireshark. First you have to download GeoIP database files. Extract those archive files and put them into some directory.

Now goto [EDIT]->[Preference]

Click [Name Resolution] and [Edit] to setup the directory of GeoIP databases.

Click [New] to create a new entry.

Browse the directory to find where the GeoIP database files located.

Don't forget to click [OK] and restart wireshark.

Open a pcap file and click [Statistics]->[Endpoints]->[IPv4]

Take a look at [Country] and [City] and you will find where this malware has been.

How to trace the Geolocation of network traffic的更多相关文章

  1. MatterTrack Route Of Network Traffic :: Matter

    Python 1.1 基础 while语句 字符串边缘填充 列出文件夹中的指定文件类型 All Combinations For A List Of Objects Apply Operations ...

  2. Linux下按程序查实时流量 network traffic

    实然看到下载速度多达几M/s,但实际上并没有什么占用带宽的进程. 相查看每个程序占用的网络流量, 但系统自带的 System Monitor 只能查看全局的流量, 不能具体看某个程序的...... k ...

  3. Prometheus Node_exporter 之 Network Traffic Detail

    Network Traffic Detail /proc/net/dev 1. Network Traffic by Packets type: GraphUnit: packets/secLabel ...

  4. Android 性能优化(6)网络优化( 2) Analyzing Network Traffic Data:分析网络数据

    Analyzing Network Traffic Data 1.This lesson teaches you to Analyze App Network Traffic Analyze Netw ...

  5. Android 性能优化(5)网络优化 (1) Collecting Network Traffic Data 用Network Traffic tool :收集传输数据

    Collecting Network Traffic Data 1.This lesson teaches you to Tag Network Requests 标记网络类型 Configure a ...

  6. Iris Network Traffic Analyzer嗅探器

    网卡配置 ftp测试

  7. [转]Getting a Packet Trace

    src:https://developer.apple.com/library/mac/qa/qa1176/_index.html Technical Q&A QA1176 Getting a ...

  8. Identifying a distributed denial of service (DDOS) attack within a network and defending against such an attack

    The invention provides methods, apparatus and systems for detecting distributed denial of service (D ...

  9. Top 10 Free Wireless Network hacking/monitoring tools for ethical hackers and businesses

    There are lots of free tools available online to get easy access to the WiFi networks intended to he ...

随机推荐

  1. MyBatis从入门到放弃四:一对多关联查询

    前言 上篇学习了一对一关联查询,这篇我们学习一对多关联查询.一对多关联查询关键点则依然是配置resultMap,在resultMap中配置collection属性,别忽略了ofType属性. 搭建开发 ...

  2. Struts2环境的搭建

    1. Struts2 获取http://struts.apache.org/download.cgiStruts-2.3.16.3-all.zip 了解主要目录 apps :该文件夹下包含了基于Str ...

  3. C#集合的应用以及和数组比较,它的好处有哪些

    我们用的比较多的非泛型集合类主要有 ArrayList类 和 HashTable类.我们经常用HashTable 来存储将要写入到数据库或者返回的信息,在这之间要不断的进行类型的转化,增加了系统装箱和 ...

  4. spring exception

    Spring MVC异常处理SimpleMappingExceptionResolver[转] (2012-12-07 13:45:33) 转载▼ 标签: 杂谈 分类: 技术分享 Spring3.0中 ...

  5. 控制语句 for while if switch

    一.for…in 结构 for i in 0...4{ print(i)    //使用到了变量 i } for _ in 0...1{  // 后期没有使用到变量,可以直接用个下划线 _  占位就行 ...

  6. git remote log error

    使用git pull的时候收到以下信息: error: there are still refs under 'refs/remotes/origin/xxxx'From 10.1.25.57:yyy ...

  7. 谈谈数据库中MyISAM与InnoDB区别 针对业务类型选择合适的表

    MyISAM:这个是默认类型,它是基于传统的ISAM类型, ISAM是Indexed Sequential Access Method (有索引的顺序访问方法) 的缩写,它是存储记录和文件的标准方法. ...

  8. JAVA基础知识(2)--关键字static的使用

    在Java类中声明属性.方法和内部类时,可使用关键字static作为修饰符,static标记的属性和方法可以由整个类进行共享,因此static修饰的属性称为类成员或者称为类方法:static修饰的方法 ...

  9. (1) 类构造块,this(),static,单例模式串讲

    类构造块 在类只用一对大括号包含的内容,构造所有的对象时都会执行的内容,如果某个类有好几个够赞函数,公共部分抽取出来,放到构造块中. clas Boy { ... { syso("哭...& ...

  10. 开源的.NET定时任务组件Hangfire解析

    项目慢慢就要开工了,很多园友都在问这个事情,看来大伙对这事很上心啊,事情需要一步步的来,尽量写出一个我们都满意的项目.以前每次在博客前面都会扯淡一下,不过很多人都抱怨这样做不好,加上我这人扯淡起来就停 ...