geo-ip on the command line

This is a little utility I wrote for displaying Geo IP information for any IP address that appears in the output of any shell command. Watch:

Raw output

vnetman@mint:~/work/geoip> netstat -nta
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 192.168.1.9:52068       34.208.208.167:443      ESTABLISHED
tcp        0      0 192.168.1.9:42172       18.209.222.134:443      ESTABLISHED
tcp        0      0 192.168.1.9:40322       151.101.2.114:443       ESTABLISHED
tcp        0      0 192.168.1.9:52114       172.217.163.130:443     ESTABLISHED
tcp        0      0 192.168.1.9:42176       18.209.222.134:443      ESTABLISHED
tcp        0      0 192.168.1.9:33968       216.58.197.46:443       ESTABLISHED
tcp        0      0 192.168.1.9:32892       157.240.7.35:443        ESTABLISHED
tcp        0      0 192.168.1.9:56244       172.217.163.68:443      ESTABLISHED
tcp        0      0 192.168.1.9:57958       192.0.78.23:443         ESTABLISHED
tcp        0      0 192.168.1.9:45056       172.217.31.195:443      ESTABLISHED
tcp        0      0 192.168.1.9:58552       192.0.78.23:443         ESTABLISHED
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN
vnetman@mint:~/work/geoip>

Filtered output

vnetman@mint:~/work/geoip> netstat -nta | ./ilgeoip.py 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 192.168.1.9:52068       34.208.208.167 (US, TX):443      ESTABLISHED
tcp        0      0 192.168.1.9:42172       18.209.222.134 (US, MA):443      ESTABLISHED
tcp        0      0 192.168.1.9:40322       151.101.2.114 (US, NH):443       ESTABLISHED
tcp        0      0 192.168.1.9:52114       172.217.163.130 (US, CA):443     ESTABLISHED
tcp        0      0 192.168.1.9:42176       18.209.222.134 (US, MA):443      ESTABLISHED
tcp        0      0 192.168.1.9:33968       216.58.197.46 (US, CA):443       ESTABLISHED
tcp        0      0 192.168.1.9:32892       157.240.7.35 (US, NY):443        ESTABLISHED
tcp        0      0 192.168.1.9:56244       172.217.163.68 (US, CA):443      ESTABLISHED
tcp        0      0 192.168.1.9:57958       192.0.78.23 (US, CA):443         ESTABLISHED
tcp        0      0 192.168.1.9:45056       172.217.31.195 (US, CA):443      ESTABLISHED
tcp        0      0 192.168.1.9:58552       192.0.78.23 (US, CA):443         ESTABLISHED
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
vnetman@mint:~/work/geoip>

As you can observe, lines without an IPv4 address and lines containing IPv4 addresses without Geo IP information are displayed without modification.

Code (Python using the geoip module) is here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.