IPGeo is a python tool to extract IP addresses from captured network traffic file (PCAP/PCAPNG) and generate csv report containing details about the geolocation of each IP in the packets.
What is IP geolocation?
IP geolocation is the mapping of an IP address to the geographic location of the internet from the connected device. By geographically mapping the IP address, it provides you with location information such as the country, state, city, zip code, latitude/longitude, ISP, area code, and other information.
What is it for?
Various systems use geolocation databases for IP addresses. The reasons for this are numerous, but it is mainly used for deducting the user’s location so that the system could give more personalized offers (products, services, etc.).
Examples
In this case, we will deduct the geolocation for the following IP address: 185.141.165.74.
The easiest way to do it is to use free online tools like iplocation.net (google IP geolocation tools).
The report contains:
- Country:
- Country Code.
- Region
- Region Name
- City
- Zip
- Latitude
- Longitude
- Time-zone
- ISP
- Org
- Ip
Installation of IPGeo
Use the package manager pip3 to install required modules.
If you are not using Kali or Parrot OS or any other penetration distribution you need to install Tshark.
Usage
# then you will enter captured traffic file path
Screenshot from the script
