Geolocation features were added to CloudShark 2.5 and are visible through the Endpoints analysis tool. If the network address is able to be resolved geographically, additional information like City, Country, and AS Number may also appear in the table along with Latitude and Longitude if available.
Private network addresses, including multicast, will not be resolved.
CloudShark includes the MaxMind GeoLite databases that translate IP addresses into City, Country, and ASN. Since this information is updated fairly frequently, these databases are refreshed with every CloudShark release.
MaxMind offers more granular databases that can be purchased and downloaded independently from CloudShark. These databases are updated on a much more frequent basis. They can be installed on top of CloudShark and be used as a replacement for the default GeoLite databases.
Note: CloudShark is only compatible with the GeoIP Legacy database format.
CloudShark requires the binary format of the GeoIP databases. Once you have
these databases and have unzipped them you will need to copy them to a location
on the CloudShark Appliance that the
cloudshark user has permission to read.
For example place the database files in
Next edit the file
/home/cloudshark/.wireshark/geoip_db_paths and replace the
contents with the following:
Finally, run the following command to restart CloudShark’s cache system and use the updated GeoIP Databases for geolocation:
# sudo service memcached restart