If your copy of Wireshark supports MaxMind’s MaxMindDB library, you can use their databases to match IP addresses to countries, cites, autonomous system numbers, and other bits of information. Some databases are available at no cost for registered users, while others require a licensing fee. See the MaxMind web site for more information.
The configuration for the MaxMind database is a user table, as described in Section 11.7, “User Accessible Tables”, with the following fields:
- Database pathname
- This specifies a directory containing MaxMind data files. Any files ending with .mmdb will be automatically loaded.
By default Wireshark will always search for data files in
/usr/share/GeoIP and /var/lib/GeoIP on non-Windows platforms
and in C:\ProgramData\GeoIP and C:\GeoIP on Windows. You can
put any additional search paths here, e.g. C:\Program Files\Wireshark\GeoIP
might be a good choice on Windows.
![[Note]](images/note.svg) | Note |
|---|---|
|
While the default search paths are not listed in the user table, they are in the list viewable by opening → and selecting the "Folders" tab. |
Previous versions of Wireshark supported MaxMind’s original GeoIP Legacy database format. They were configured similar to MaxMindDB files above, except GeoIP files must begin with Geo and end with .dat. They are no longer supported and MaxMind stopped distributing GeoLite Legacy databases in April 2018.