CloudShark Support

Geolocation in CloudShark

Geolocation features were added to CloudShark 2.5 and are visible through the Endpoints analysis tool. If the network address is able to be resolved geographically, additional information like City, Country, and AS Number may also appear in the table along with Latitude and Longitude if available.

Private network addresses, including multicast, will not be resolved.

MaxMind GeoLite Databases

CloudShark includes the MaxMind GeoLite databases that translate IP addresses into City, Country, and ASN. Since this information is updated fairly frequently, these databases are refreshed with every CloudShark release.

Upgrading to MaxMind GeoIP

MaxMind offers more granular databases that can be purchased and downloaded independently from CloudShark. These databases are updated on a much more frequent basis. They can be installed on top of CloudShark and be used as a replacement for the default GeoLite databases.

Note: CloudShark is only compatible with the GeoIP Legacy database format.

Installation

CloudShark requires the binary format of the GeoIP databases. Once you have these databases and have unzipped them you will need to copy them to a location on the CloudShark Appliance that the cloudshark user has permission to read. For example place the database files in /home/cloudshark/geoip_db/.

Next edit the file /home/cloudshark/.wireshark/geoip_db_paths and replace the contents with the following:

"/home/cloudshark/geoip_db/"

Finally, run the following command to restart CloudShark’s cache system and use the updated GeoIP Databases for geolocation:

# sudo service memcached restart

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: