August | 2019 | VenkatC, Network Man

This is a little utility I wrote for displaying Geo IP information for any IP address that appears in the output of any shell command. Watch:

Raw output

vnetman@mint:~/work/geoip> netstat -nta
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 192.168.1.9:52068       34.208.208.167:443      ESTABLISHED
tcp        0      0 192.168.1.9:42172       18.209.222.134:443      ESTABLISHED
tcp        0      0 192.168.1.9:40322       151.101.2.114:443       ESTABLISHED
tcp        0      0 192.168.1.9:52114       172.217.163.130:443     ESTABLISHED
tcp        0      0 192.168.1.9:42176       18.209.222.134:443      ESTABLISHED
tcp        0      0 192.168.1.9:33968       216.58.197.46:443       ESTABLISHED
tcp        0      0 192.168.1.9:32892       157.240.7.35:443        ESTABLISHED
tcp        0      0 192.168.1.9:56244       172.217.163.68:443      ESTABLISHED
tcp        0      0 192.168.1.9:57958       192.0.78.23:443         ESTABLISHED
tcp        0      0 192.168.1.9:45056       172.217.31.195:443      ESTABLISHED
tcp        0      0 192.168.1.9:58552       192.0.78.23:443         ESTABLISHED
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN
vnetman@mint:~/work/geoip>

Filtered output

vnetman@mint:~/work/geoip> netstat -nta | ./ilgeoip.py 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 192.168.1.9:52068       34.208.208.167 (US, TX):443      ESTABLISHED
tcp        0      0 192.168.1.9:42172       18.209.222.134 (US, MA):443      ESTABLISHED
tcp        0      0 192.168.1.9:40322       151.101.2.114 (US, NH):443       ESTABLISHED
tcp        0      0 192.168.1.9:52114       172.217.163.130 (US, CA):443     ESTABLISHED
tcp        0      0 192.168.1.9:42176       18.209.222.134 (US, MA):443      ESTABLISHED
tcp        0      0 192.168.1.9:33968       216.58.197.46 (US, CA):443       ESTABLISHED
tcp        0      0 192.168.1.9:32892       157.240.7.35 (US, NY):443        ESTABLISHED
tcp        0      0 192.168.1.9:56244       172.217.163.68 (US, CA):443      ESTABLISHED
tcp        0      0 192.168.1.9:57958       192.0.78.23 (US, CA):443         ESTABLISHED
tcp        0      0 192.168.1.9:45056       172.217.31.195 (US, CA):443      ESTABLISHED
tcp        0      0 192.168.1.9:58552       192.0.78.23 (US, CA):443         ESTABLISHED
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
vnetman@mint:~/work/geoip>

As you can observe, lines without an IPv4 address and lines containing IPv4 addresses without Geo IP information are displayed without modification.

Code (Python using the geoip module) is here.

VenkatC, Network Man

Freelancing in Code Heaven: Network Automation, Ansible, Python, C++

Monthly Archives: August 2019

geo-ip on the command line