Difference between revisions of "HowTo Geolocate Network Packet Capture Data"
(→Overview) |
(→IP Geolocation Database & Adjustments) |
||
| Line 17: | Line 17: | ||
=== '''IP Geolocation Database & Adjustments''' === | === '''IP Geolocation Database & Adjustments''' === | ||
| − | Make sure that a geolocation database has been configured for your NST probe prior to attempt to use '''IPv4 Address Conversations''' geolocation. Use the ''''[[HowTo_Setup_The_NST_System_To_Geolocate_Data | IP Geolocate Configure]]'''' button to manage the global geolocation policy for this NST system. This allows one to make latitude and longitude coordinate adjustments, configure private IPv4 Address/Network coordinate locations and select a Geolocation database source. In addition, one can also download and manage the '''[http://www.maxmind.com/ MaxMind]''' "'''GeoIP Country Edition'''", the enhanced "'''GeoIP Lite City Edition'''" and the "'''GeoIP AS Number Edition'''" data sets. | + | Make sure that a geolocation database has been configured for your NST probe prior to attempt to use '''IPv4 Address Conversations''' geolocation. Use the ''''[[HowTo_Setup_The_NST_System_To_Geolocate_Data | IP Geolocate Configure]]'''' button shown below to manage the global geolocation policy for this NST system. This allows one to make latitude and longitude coordinate adjustments, configure private IPv4 Address/Network coordinate locations and select a Geolocation database source. In addition, one can also download and manage the '''[http://www.maxmind.com/ MaxMind]''' "'''GeoIP Country Edition'''", the enhanced "'''GeoIP Lite City Edition'''" and the "'''GeoIP AS Number Edition'''" data sets. |
[[Image:Single_packet_capture_decode.png|center|frame|Single-Tap Network Packet Capture Text-Based Decode Section]] | [[Image:Single_packet_capture_decode.png|center|frame|Single-Tap Network Packet Capture Text-Based Decode Section]] | ||
Revision as of 10:31, 11 October 2010
Overview
This HowTo explains the procedure for geolocating IPv4 Address Conversations using the NST WUI and rendering the results on either a Mercator World Map projection or on a KML Earth Browser such as Google Earth, Google Maps or Marble.
There are a couple of items to consider prior to starting IPv4 Address Conversations geolocation. First, does the network packet capture make sense to use for geolocation. The list below are packet capture characteristics that would not be considered desirable for geolocation:
- No IPv4 Addresses exist in the capture file. Results: No geolocations would be rendered.
- All hosts in the capture file are located at the same physical location. Results: Geolocations would appear at a single point.
- All hosts are private IP Addresses with no associated geolocation database information. Results: No geolocations would be rendered. Note: This can be corrected, see section: IP Geolocation Database & Adjustments.
Secondly, has a geolocation database been configured for your NST probe. This includes the addition of configuring any private IPv4 Addresses or Network geolocations, see section: IP Geolocation Database & Adjustments.
IP Geolocation Database & Adjustments
Make sure that a geolocation database has been configured for your NST probe prior to attempt to use IPv4 Address Conversations geolocation. Use the ' IP Geolocate Configure' button shown below to manage the global geolocation policy for this NST system. This allows one to make latitude and longitude coordinate adjustments, configure private IPv4 Address/Network coordinate locations and select a Geolocation database source. In addition, one can also download and manage the MaxMind "GeoIP Country Edition", the enhanced "GeoIP Lite City Edition" and the "GeoIP AS Number Edition" data sets.
