Looking for a way to pass the second column of output to geoiplookup, ideally on the same line, but not necessarily. This is the best I can muster. It's usable, but the geoiplookup results are unfortunately below the list of connections. I wanted more integrated results. If anyone can suggest improvements, they would be welcome.
ns () {
echo ""
while sleep 1; do
lsof -Pi |
grep ESTABLISHED |
sed "s/[^:]*$//g" |
sed "s/^[^:]*//g" |
sed "s/://g" |
sed "s/->/\t/g" |
grep -v localdomain$ |
tee >(for x in `grep -o "\S*$"`; do geoiplookup $x | sed "s/GeoIP.*: /\t/g"; done)
done
}
The results currently look something like this:
<Port> <URL or IP if no reverse available #1>
<Port> <URL or IP if no reverse available #2>
<geoiplookup trimmed result #1>
<geoiplookup trimmed result #2>
I received an excellent answer here.