HowTo Geolocate Network Packet Capture Data: Difference between revisions

From MediaWiki
Jump to navigationJump to search
Line 4: Line 4:
This '''HowTo''' explains the procedure for geolocating '''IPv4 Address Conversations''' using the NST WUI and rendering the results on either a '''Mercator World Map''' projection or on a '''[http://en.wikipedia.org/wiki/Keyhole_Markup_Language KML]''' '''Earth Browser''' such as '''[http://earth.google.com Google Earth]''', '''[http://maps.google.com Google Maps]''' or '''[http://edu.kde.org/marble Marble]'''.
This '''HowTo''' explains the procedure for geolocating '''IPv4 Address Conversations''' using the NST WUI and rendering the results on either a '''Mercator World Map''' projection or on a '''[http://en.wikipedia.org/wiki/Keyhole_Markup_Language KML]''' '''Earth Browser''' such as '''[http://earth.google.com Google Earth]''', '''[http://maps.google.com Google Maps]''' or '''[http://edu.kde.org/marble Marble]'''.


There are a couple of items to consider prior to starting '''IPv4 Address Conversations''' geolocation. First, does the network packet capture make sense to use for geolocation. The list below are packet capture characteristics that would [[not]] be considered desirable for geolocation:
There are a couple of items to consider prior to starting '''IPv4 Address Conversations''' geolocation. First, does the network packet capture make sense to use for geolocation. The list below are packet capture characteristics that would <u>not</u> be considered desirable for geolocation:


* All hosts in the capture file are located at the same physical location, geolocations would result at a single point.
* All hosts in the capture file are located at the same physical location, geolocations would result at a single point.

Revision as of 08:38, 11 October 2010

Overview

This HowTo explains the procedure for geolocating IPv4 Address Conversations using the NST WUI and rendering the results on either a Mercator World Map projection or on a KML Earth Browser such as Google Earth, Google Maps or Marble.

There are a couple of items to consider prior to starting IPv4 Address Conversations geolocation. First, does the network packet capture make sense to use for geolocation. The list below are packet capture characteristics that would not be considered desirable for geolocation:

  • All hosts in the capture file are located at the same physical location, geolocations would result at a single point.



Single-Tap Network Packet Capture Text-Based Decode Section

IP Geolocation Adjustments

Use the ' IP Geolocate Configure' button to manage the global geolocation policy for this NST system. This allows one to make latitude and longitude coordinate adjustments, configure private IPv4 Address/Network coordinate locations and select a Geolocation database source. In addition, one can also download and manage the MaxMind "GeoIP Country Edition", the enhanced "GeoIP Lite City Edition" and the "GeoIP AS Number Edition" data sets.