More fun with ipsumdump. Below, sorting March ingress by COUNT(SIP), COUNT(SPort), Sorted GeoIP location. All very fast.
ipsumdump -s --no-headers Marchrferrisx.snort.in |
sort -nr | uniq -c | sort -nr | less
626 75.125.252.73
384 74.125.19.191
358 125.45.109.196
286 66.165.46.165
242 74.125.127.191
234 74.125.53.191
138 67.214.120.156
138 204.236.155.168
127 67.228.177.148
120 74.125.19.19
107 173.14.243.230
105 221.195.73.86
103 221.192.199.35
....
ipsumdump -S --no-headers Marchrferrisx.snort.in |
sort -nr | uniq -c | sort -nr
6523 80
1669 443
1220 12200
553 63585
468 19150
459 19099
238 6000
198 19135
156 19134
93 21
46 110
34 5242
30 9875
21 52079
21 35356
20 1935
for i in `ipsumdump -s --no-headers Marchrferrisx.snort.in |
sort -nr | uniq |sort -nr`
do
echo $i `geoip.sh $i | awk -F: '{print $2$3}'`
done
222.86.62.237 CN, N/A, N/A, N/A, 35.000000, 105.000000, 0, 0
222.59.176.26 CN, 04, Wuxi, N/A, 31.577200, 120.293900, 0, 0
222.59.176.105 CN, 04, Wuxi, N/A, 31.577200, 120.293900, 0, 0
222.45.112.59 CN, 22, Beijing, N/A, 39.928902, 116.388298, 0, 0
222.45.112.221 CN, 22, Beijing, N/A, 39.928902, 116.388298, 0, 0
222.41.8.67 CN, 22, Beijing, N/A, 39.928902, 116.388298, 0, 0
222.37.37.33 CN, 22, Beijing, N/A, 39.928902, 116.388298, 0, 0
222.34.103.72 CN, 22, Beijing, N/A, 39.928902, 116.388298, 0, 0
222.243.14.144 CN, 11, Xupu, N/A, 27.909401, 110.585800, 0, 0
222.219.236.209 CN, 22, Beijing, N/A, 39.928902, 116.388298, 0, 0
222.215.230.49 CN, 32, Chengdu, N/A, 30.666700, 104.066597, 0, 0
222.215.230.170 CN, 32, Chengdu, N/A, 30.666700, 104.066597, 0, 0
222.214.218.188 CN, 32, Chengdu, N/A, 30.666700, 104.066597, 0, 0
222.211.69.13 CN, 32, Chengdu, N/A, 30.666700, 104.066597, 0, 0
222.208.183.218 CN, 32, Chengdu, N/A, 30.666700, 104.066597, 0, 0
222.186.25.143 CN, 22, Beijing, N/A, 39.928902, 116.388298, 0, 0
222.186.24.37 CN, 22, Beijing, N/A, 39.928902, 116.388298, 0, 0
...
No comments:
Post a Comment