AppPacCap

Application Packet Capture: A better way to PCAP.

IP Geolocation

AppPacCap can support geolocating observed IP addresses and storing this data for future reference. AppPacCap supports Maxmind's GeoLite2 geolocation database. These CSV files, which can be downloaded at https://dev.maxmind.com/geoip/geoip2/geolite2, provide city level accuracy for IP lookups. AppPacCap can parse the relevant CSV files into its own database format for quick and efficient IP lookup.

In order for AppPacCap to parse the data, first download the 'GeoLite2 City' CSV zipped file. Once downloaded, extract the files to any folder. There are two files that AppPacCap needs in order to ingest the data. 'GeoLite2-City-Blocks-IPv4.csv' contains information about IPv4 data. The second file is based on your preferred language. 'GeoLite2-City-Locations-XX.csv' contains country and city name information that is associated with the IPv4 data. There are multiple city location files that end with different language codes. '-en' is the English version, '-ru' is Russian, etc.

Once the files are extracted and identified, you'll need to open the AppPacCap UI component. There is a tab named 'GeoLite2' that contains the input boxes for the files. The first text box is for the GeoLite2-City-Blocks-IPv4.csv file so click the associated browse button and select that file. The second box is for the location name file so again, click the associated button and select the file you would like to use based on your language. Once both files have been selected, click the 'Save' button. This should be done while the AppPacCap service is not running. The next time the service is started, the files will be parsed and added to the database. Once ingested, you can delete the extracted and downloaded files. Maxmind does release updated data so in order to update the geolocation database, simply follow the same steps. AppPacCap will automatically update whenever new files are specified.

If you would rather use an external service to lookup IP data, this can easily be done through your customized front-end interface. The resulting data can then be optionally stored back into AppPacCap's database so future lookups of the same IP address will not require another external request. The ip_set_geo API is the method to save any externally queried IP data if desired.