I've tried out the GeoIP API, but I don't see any results. My steps:
I've downloaded three .dat files from maxmind:
-rw-r--r--@ 1 rkm rkm 1138900 Jan 12 22:12 Downloads/GeoIP.dat
-rw-r--r-- 1 rkm rkm 2204468 Jan 12 22:12 Downloads/GeoIPASNum.dat
-rw-r--r--@ 1 rkm rkm 29945302 Jan 12 22:13 Downloads/GeoLiteCity.dat
I've updated the UAT to have one entry with the absolute path to these
files. I have
the filter preferences reference geoip information, but I don't know
what the format of any
of the values should be. I removed the PROTO_ITEM_SET_HIDDEN so that I
could see what the values for, say, ip.geoip.country look like ('usa'?
'us'? 'US'?, etc), but I still get now values shown next to the IP
addresses after recompiling.
Am I doing something wrong?
TShark 1.1.2 (SVN Rev 27212)
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and
contributors.
This is free software; see the source for copying conditions. There is
NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
Compiled with GLib 2.14.6, with libpcap 0.9.8, with libz 1.2.3,
without POSIX
capabilities, with libpcre 4.5, with SMI 0.4.3, without c-ares, with
ADNS, with
Lua 5.1, with GnuTLS 2.2.0, with Gcrypt 1.4.0, with MIT Kerberos, with
GeoIP.
Running on Darwin 9.6.0 (MacOS 10.5.6), with libpcap version 0.9.8,
GnuTLS
2.2.0, Gcrypt 1.4.0.
Built using gcc 4.0.1 (Apple Inc. build 5465).
