what is wireshark ?
Wireshark is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2.

 Capture Filters (cfilters)
 Display Filters (dfilters)

 Wireshark Docu (PDF)
 Wireshark Developers Docu (PDF)


Wireshark GeoIP
Newer Version (>1.2.3) of wireshark supports the Import of GeoIP Database, that means, you can create a map, with the Internet IP's
Download the GeoIP Files from maxmind.com
Unpack it in to a directroy: (Exsample: /usr/local/share/geoip)
Config in wireshark Edit-> Preferences -> Name Resolutions the Dire ctory of the GeoIP Databases
After this, you see in Statistics -> Endpoint in the IPv4 the Endpoints ; ASNummer and you can create a Map
You can also create filters with GeoIP
 ip and not ip.geoip.country == "United States" 
  ip.geoip.lat > "66.5" 

Usefull Infos
 Advanced Scripting and CLI Usage with tshark
(c) 2009 by packetlevel.ch / last update: 13.10.2009