#!/bin/bashkisa_key="111111111111111111111";IPLIST=`netstat -ant |grep "tcp" | awk '{print $5}' | cut -d: -f1 | sort | uniq`for ip in $IPLISTdo case "$ip" in "0.0.0.0"|"127.0.0.1"|"8.8.8.8") continue;; *) return_tmp_xml=`curl -s "http://whois.kisa.or.kr/openapi/ipascc.jsp?key=$kisa_key&query=$ip&answer=xml"` countryCode=$(grep -oP "(?<=<countryCode>)[^<]+" <<< "$return_tmp_xml") echo $ip : $countryCode esacdone
예전에 위와 같이 KISA WHOIS 를 가지고 현재 접속된 나라를 찾았었는데,
geoiplookup 란 명령어가 있었다.
geoiplookup 명령어를 사용하려면 YUM 설치 하면 됨.
yum install GeoIP GeoIP-data
아래 처럼 하면 KISA KEY 받을 필요도 없고 좋다.
다만 몇몇개 IP는 'IP Address not found' 가 나온다.
#!/bin/bashIPLIST=`netstat -ant |grep "tcp" | awk '{print $5}' | cut -d: -f1 | sort | uniq`for ip in $IPLISTdo case "$ip" in "0.0.0.0"|"127.0.0.1"|"8.8.8.8") continue;; *) geoiplookup $ip esacdone
count 기능을 추가. 해당 아이피가 몇개가 접속해 있는 지 파악. (최종)
#!/bin/bash#v2#netstat -ant |grep "tcp" | awk '{print $5}' | cut -d: -f1 | grep -v "^$" | grep -v "0.0.0.0" | sort | uniq -cnetstat -ant |grep "tcp" | awk '{print $5}' | cut -d: -f1 | grep -v "^$" | grep -v "0.0.0.0" | grep -v "127.0.0.1" | sort | uniq -c > output.txtwhile read -r line; do count=$(echo $line | cut -f1 -d " "); ip=$(echo $line | cut -f2 -d " "); echo "count: $count, $ip : $(geoiplookup $ip)"; done < output.txt;rm -rf output.txt
[root@mail foreignIp]# sh netstatIpCountryV2.sh count: 1, 108.168.211.204 : GeoIP Country Edition: IP Address not foundcount: 1, 109.66.88.75 : GeoIP Country Edition: IP Address not foundcount: 1, 112.173.207.169 : GeoIP Country Edition: IP Address not foundcount: 3, 112.175.145.4 : GeoIP Country Edition: IP Address not foundcount: 3, 112.221.136.253 : GeoIP Country Edition: IP Address not foundcount: 1, 113.172.120.40 : GeoIP Country Edition: VN, Vietnam...
참고