Locate attackers via WireShark

With the freeware tool WireShark you can analyze your network, identify attackers and even localize them. In this practical tip we will show you how.

The network at a glance: Localize attackers with WireShark

To locate attackers on your network, you need WireShark and GeoIP data.

1. Download Geolite and unzip the ZIP files.
2. Now start Wireshark and choose your user interface.
3. To read the GeoIP data, select "Preferences" in the "Edit" menu.
4. Click on "Name Resolution" in the side menu below. The last item is "GeoIP database directories". Clicking on the input field opens a new window.
5. Here click on "New" and enter the path under which you unpacked Geolite. Important: Before you confirm with the "Open" button, you must click on the "+" sign at the bottom right. Then confirm the path with "ok".
6. Next, call up the "Endpoints" via the "Statistics" menu. Different dates are displayed in different columns. The last two are interesting: Here you can see the country and the AS number that was accessed. The AS number identifies the autonomous system, ie a network or a collection of networks.

If you would like to know how to change your IP address, you will find out in another practical tip. We also share five tips for a more secure WiFi network.