TCP Connections Locations Analysis

Locate by ip adderess

Install GeoIP

https://ostechnix.com/find-geolocation-ip-address-commandline/

sudo apt-get install geoip-bin

sudo yum install geoip

try it:

geoiplookup 130.156.141.2

Install GeoLiteCity database

cd /usr/share/GeoIP
wget https://mirrors-cdn.liferay.com/geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.xz
unxz GeoLiteCity.dat.xz 

https://mirrors-cdn.liferay.com/geolite.maxmind.com/download/geoip/database/

try it:

geoiplookup -f /usr/share/GeoIP/GeoLiteCity.dat 130.156.141.2

Netstat

for i in $(netstat --inet -n|awk '{print $5}'|cut -d: -f1|grep -v '127.0.0.1');do printf "$i - "; geoiplookup $i | grep -v 'US\|CA';done 

or

for i in $(netstat --inet -n|awk '{print $5}'|cut -d: -f1|grep -v '127.0.0.1');do geoiplookup -f /usr/share/GeoIP/GeoLiteCity.dat $i | grep -v 'US\|CA';done 

for i in $(netstat --inet -n|awk '{print $5}'|cut -d: -f1|grep -v '127.0.0.1');do printf "$i - "; geoiplookup $i;done 

for i in $(netstat --inet -n|awk '{print $5}'|cut -d: -f1|grep -v '127.0.0.1');do geoiplookup $i;done |sort |uniq -c |sort -n | sed -r 's/ GeoIP Country Edition://g'

Exact address by coordinates:

wget -O- -q http://maps.googleapis.com/maps/api/geocode/json?latlng=40.714224,-73.961452&sensor=true


Usefull

# ss -tn src :80 or src :443

OR

# netstat -tn src :80 or src :443

https://www.tecmint.com/ss-command-examples-in-linux/