ipsumdump..

It is easy to be fond of professor Eddie Kohler's ipsumdump.  Take your monthly egress pcap file and filter it through something like this:
 
 for i in `ipsumdump -s --no-headers $1 | sort -n | uniq`
        do  echo $i, `./geoip.sh $i | awk '{print $1""$7""$8" "$9""$10""$11}'`
done
( where geoip.sh is geoiplookup -f /usr/local/share/GeoIP/GeoLiteCity.dat $1 )

and what you are quickly returned something like this:

10.10.10.2, GeoIPAddressnot found
12.129.147.95, GeoIPVA,Ashburn, 20147,39.033501,-77.483803,
12.130.131.98, GeoIPCA,San Bruno,94066,37.622799,
12.130.81.249, GeoIPNY,Brooklyn, N/A,40.652500,-73.955399,
12.149.161.248, GeoIPCA,Mountain View,94043,37.419201,
12.25.91.250, GeoIPCT,Stamford, N/A,41.083099,-73.538803,
12.25.93.2, GeoIPNY,Newburgh, 12550,41.537498,-74.051201,
24.123.206.230, GeoIPIN,Lawrenceburg, 47025,39.162300,-84.891098,
24.226.158.219, GeoIPQC,Richmond, N/A,45.666698,-72.150002,
24.43.25.8, GeoIPCA,Los Angeles,N/A,34.041599,
24.43.43.169, GeoIPCA,Los Angeles,N/A,34.041599,
38.103.25.181, GeoIPVA,Alexandria, N/A,38.790901,-77.094704,
38.106.23.79, GeoIPN/A,N/A, N/A,38.000000,-97.000000,
41.208.20.155, GeoIP06,Alberton, N/A,-26.233299,28.133301,
58.19.117.118, GeoIP12,Wuhan, N/A,30.583300,114.266701,
58.215.75.62, GeoIP22,Beijing, N/A,39.928902,116.388298,
59.181.103.140, GeoIP16,Bombay, N/A,18.975000,72.825798,
59.36.98.195, GeoIP30,Dongguan, N/A,23.048901,113.744598,
59.51.114.39, GeoIP11,Changsha, N/A,28.179199,113.113602,
...