how can I combine the following command:
netstat -atun | awk '{print $ 5}' | cut-d: f1 | -e sed '/ ^ $ / d' | sort | uniq-c | sort-n
and "geoiplookup" listing something like "Con. Number, IP, Country"
I am using this lib: http://kbeezie.com/geoiplookup-command-line/
Thank you for your help! best regards
You should be able to get it with something like this:
netstat -an -f inet | awk '{print $ 5}' | sed -e '/^\*\.\*$/d' | awk 'sub(/\.[0-9]+$/,"")' | uniq | sort -n | xargs -n 1 geoiplookup { } | sort | uniq -c | sort -n | sed -r 's/ GeoIP Country Edition://g'
netstat -an -f inet - shows all network related data structures with network addresses as numbers and pulls the inet address family
awk '{print $ 5}' - takes that input and presents only the ip address with port from the prior.
sed -e '/^\*\.\*$/d' - strips out all of the . lines
awk 'sub(/\.[0-9]+$/,"")' - strips the port number leaving the ip address alone
uniq - gets rid of the duplicate ips
sort -n - performs a numeric sort (not necessary)
xargs -n 1 geoiplookup { } - takes the first input an performs the lookup for the country
sort - sorts based on country name
uniq -c - groups the country names with a count
sort -n - organizes the countries based on the count
sed -r 's/ GeoIP Country Edition://g' - Strips the phrasing "GeoIP Country Edition:"
This has little to do with brute force, other than telling you which country the connections are coming from.