If you have ever used Wireshark then you may have seen the option to view the endpoints on a map.
Select, Statistics > Endpoints , then that will bring up the endpoint box shown below.
Now here you select the IPV4 tab to get the the End point map button to enable.
It does not work on IPV6 or any other tab. (At least not in this test)
When you click on the map button you should see something like this if you are running IE9. (Mine, Version : 9.0.8112.16421 , Build : 98112)
Or if you are running Firefox then you should see this. (Mine,Version: 14.0.1)
These screen shots were taken after I fixed the code. The map is down some because it is centering the points on the screen.
But here is what you got in IE9 and then Firefox before I fixed it.
How many have seen this in IE9 ?
If you notice on this one the navigation control is messed up in Firefox.
So what is the problem ?
As it turns out the Open Layers API changed, the current version is like 2.2 .
When I first starting investigating this several months ago I had saved the openlayers.js file. I found the workaround then of just Using Firefox, so I stopped investigating.
Then in my recent investigations after it wouldn’t work in Firefox at all, I used Windiff to compare the 2 files and I discovered there were changes in the 2 “openlayers.js” files, the old one I had saved and the new one that got downloaded while testing. That meant that I had to figure out how to update the Output file from Wireshark to get it to work in the browsers. I viewed the new API info Here to help find out what needed changed.
Now I am not a web developer so this took allot longer to figure out than it should have.
So, using IE9’s F-12 developer tools I first discovered that there was a call to add a control name that it no longer used in the current version of the API. After commenting out the control name I started to get somewhere in Firefox but still not in IE9.
So what’s the deal in IE9 ? As it turn out IE hates extra “Commas” if it runs across them then a call will fail, but for some reason Firefox seems to ignore them.
Next thing I had to do was figure out how Wireshark created the files it uses. After downloading the complete source code for the latest stable version I ran a strings utility that I made on the folder that contained the source code, searching for the string “ipmap”.
One of the files that “ipmap” showed up in, after viewing the source code, told me that it uses a html file located in Wireshark’s program directory as a template for creating the temp file that it opens using your default browser. Basically what the programs does is takes the template file and adds the endpoints information it gets, if there is any, then writes that to a new temp file. So in order to fix future maps created and opened by Wireshark I have to replace this file with a updated version. First rename the original to something else, so you can refer back to it if you need to and don’t end up overwriting the original.
So here we will concentrate on what code gets changed in order to fix the problem and be able to view new maps when we click on the button in Wireshark.
The only changes are really for the API Controls and handling 2 extra commas to get it to work in IE9.
Here is a screenshot of the code affected in a file produced by the original version of the template.
So how do we Fix this ? The second extra comma is the easiest one to fix, we either just delete the comma, and then it messes with the the output for the zoom control or we add the value that was left off in the original version when they were testing it.(They had 18 I put 10)
That will handle “That” extra comma problem. Now what about the other one ?
Short of adding code to Wireshark to remove the extra comma at the end of where the program adds the End Points, we create a workaround by adding a Fake End Point to the template file.
We also have to replace some of the controls that get added as you can see in the two screen shots below.
Here is the old and new versions of the Template.
So now using the new version of the Template, it now works in both the Latest version of IE9 and Firefox. (On my system anyway)
It is still running in “Quirks mode” in IE9 and Firefox though and not “Html 5” Compliant. I have not tested this in any other browser because I just don’t have them installed.
Download the new file.
If you think this solution may work for you I have made available my new template file and it is available on my sky drive Here , the file name is newipmap.zip .
Using the File
Okay, so you got the file so now what do you do with it?
First as I mentioned above locate the original file.
Mine is in “C:\Program Files\Wireshark” and the file name is “ipmap.html”.
Rename that file to something like, “ipmapOriginal.html” so you still have it if you need it later.
Next unzip the file you got from my sky drive and copy it to the directory where the original file is then rename it to “ipmap.html”, you may have a warning pop up on the renames in this location asking for admin Approval if UAC is Enabled.
After that Wireshark “Should” be using the new version of the file for creating the maps in the temp folder. The path to one mine is, “C:\Users\David\AppData\Local\Temp\Wireshark IP Map a01688”. The number on the end and the username is the only thing that would change for the path for anyone else’s.
If these fixes are added to a new version of Wireshark then this fix will break.
Also if the API changes again this this fix can break from that also.
The only way to keep it from breaking in the future is to keep the files required for the API on a dedicated site for Wireshark and then point the output files to that location for a chosen API version rather than the “http://openlayers.org” site where the API gets updated.
Hope this has helped to explain and solve the problem for you.
If you have any questions or problems please let me know.
Filed under: RootAdmin