Click here to Skip to main content
Click here to Skip to main content
Technical Blog

Tagged as

Troubleshooting Wireshark’s IP Endpoint Map

, 13 Aug 2012 CPOL
Rate this:
Please Sign up or sign in to vote.
If you have ever used Wireshark then you may have seen the option to view the endpoints on a map. Select, Statistics > Endpoints , then that will bring up the endpoint box shown below. Now here you select the … Continue reading →

If you have ever used Wireshark then you may have seen the option to view the endpoints on a map.

Select, Statistics > Endpoints , then that will bring up the endpoint box shown below.

Wireshark1

Wireshark2

Now here you select the IPV4 tab to get the the End point map button to enable.

It does not work on IPV6 or any other tab. (At least not in this test)

When you click on the map button you should see something like this if you are running IE9. (Mine, Version : 9.0.8112.16421 , Build : 98112)

Wireshark3

Or if you are running Firefox then you should see this. (Mine,Version: 14.0.1)

Wireshark5

 

These screen shots were taken after I fixed the code. The map is down some because it is centering the points on the screen.

But here is what you got in IE9  and then Firefox before I fixed it.

wireshark6

How many have seen this in IE9 ?

Wireshark7

If you notice on this one the navigation control is messed up in Firefox.

So what is the problem ?

As it turns out the Open Layers API changed, the current version is like 2.2 .

When I first starting investigating this several months ago I had saved the openlayers.js file. I found the workaround then of just Using Firefox, so I stopped investigating.

Then in my recent investigations after it wouldn’t work in Firefox at all, I used Windiff to compare the 2 files and I  discovered there were changes in the 2 “openlayers.js” files, the old one I had saved and the new one that got downloaded while testing. That meant that I had to figure out how to update the Output file from Wireshark to get it to work in the browsers. I viewed the new API info Here to help find out what needed changed.

Now I am not a web developer so this took allot longer to figure out than it should have.

So, using IE9’s F-12 developer tools I first discovered that there was a call to add a control name  that it no longer used in the current version of the API. After commenting out the control name I started to get somewhere in Firefox but still not in IE9.

So what’s  the deal in IE9 ? As it turn out IE hates extra “Commas” if it runs across them then a call will fail, but for some reason Firefox seems to ignore them.

Next thing I had to do was figure out how Wireshark created the files it uses. After downloading the complete source code for the latest stable version I ran a strings utility that I made on the folder that contained the source code, searching for the string “ipmap”.

One of the files that “ipmap” showed up in, after viewing the source code, told me that it uses a html file located in Wireshark’s program directory as a template for creating the temp file that it opens using your default browser. Basically what the programs does is takes the template file and adds the endpoints information it gets, if there is any, then writes that to a new temp file.  So in order to fix future maps created and opened by Wireshark I have to replace this file with a updated version. First rename the original to something else, so you can refer back to it if you need to and don’t end up overwriting the original.

The Fix

So here we will concentrate on what code gets changed in order to fix the problem and be able to view new maps when we click on the button in Wireshark.

The only changes are really for the API Controls and handling 2 extra commas to get it to work in IE9.

Here is a screenshot of the code affected in a file produced by the original version of the template.

wireshark9Commented

So how do we Fix this ? The second extra comma is the easiest one to fix, we either just delete the comma, and then it messes with the the output for the zoom control  or we add the value that was left off in the original version when they were testing it.(They had 18 I put 10)

wireshark10

That will handle “That” extra comma problem. Now what about the other one ?

Short of adding code to Wireshark to remove the extra comma at the end of where the program adds the End Points, we create a workaround by adding a Fake End Point to the template file.

We also have to replace some of the controls that get added as you can see in the two screen shots below.

Here is the old and new versions of the Template.

Wireshark14

Wireshark15

So now using the new version of the Template, it now works in both the Latest version of IE9 and Firefox. (On my system anyway)

It is still running in “Quirks mode” in IE9 and Firefox though and not “Html 5” Compliant. I have not tested this in any other browser because I just don’t have them installed.

Download the new file.

If you think this solution may work for you I have made available my new template file and it is available on my sky drive Here , the file name is newipmap.zip .

Using the File

Okay, so you got the file so now what do you do with it?

First as I mentioned above locate the original file.

Mine is in “C:\Program Files\Wireshark” and the file name is “ipmap.html”.

Rename that file to something like, “ipmapOriginal.html” so you still have it if you need it later.

Next unzip the file you got from my sky drive and copy it to the directory where the original file is then rename it to “ipmap.html”,  you may have a warning pop up on the renames in this location asking for admin Approval if UAC is Enabled.

After that  Wireshark “Should” be using the new version of the file for creating the maps in the temp folder. The path to one mine is, “C:\Users\David\AppData\Local\Temp\Wireshark IP Map a01688”. The number on the end and the username is the only thing that would change for the path for anyone else’s.

Final Note:

If these fixes are added to a new version of  Wireshark then this fix will break.

Also if the API changes again this this fix can break from that also.

The only way to keep it from breaking in the future is to keep the files required for the API on a dedicated site for Wireshark and then point the output files to that location for a chosen API version rather than the “http://openlayers.org” site where the API gets updated.

Hope this has helped to explain and solve the problem for you.

If you have any questions or problems please let me know.


Filed under: RootAdmin Tagged: Networking

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

ledtech3
PC's Xcetra
United States United States
My first experience with computers was when my mom gave a Timex Sinclair 1000 to me for Christmas some time in the late 70's (I still have it)There I learned to copy code from magazines to save to cassette tapes for playing games.
 
Since then I have dabbled in:
Basic,Qbasic,ruby,python,Java Script, HTML, CSS, C#, C++, Perl, and a few other I can't think of off hand.
Now I Mainly work with VB Script and VB.Net
I Prefer to build programs that make use of the GUI so I don't have to remember all of the syntax for console apps. I realy don't care much for HTML because of the way you build and then run to see if it looks right. Also the new WPF is to much like HTML so I steer clear of it for now.
Most of what I build is for getting information from a system to use in system repair.I make heavy use of the WMI classes. Why reinvent something.

Comments and Discussions

 
-- There are no messages in this forum --
| Advertise | Privacy | Mobile
RA-Web1 | 2.8.141022.2 | Last Updated 13 Aug 2012
Article Copyright 2012 by ledtech3
Everything else Copyright © RootAdmin, 1999-2014
Terms of Service
Layout: fixed | fluid