IPloc

IPloc is a script to return location results from either live network traffic capture or a pcap file, the hostip.info API is queried once for each IP inbound and outbound address (the result is cached in the /tmp directory) and displayed in CSV format so it can be imported into a spreadsheet program of some kind.

Here's a screenshot:

Download

Download the iploc.rb script.

This script requires the ruby-pcap library in order to capture/parse network traffic.

Documentation

Usage: iploc [ -i interface | -r file ] [ filter ]

When using live capture mode, no addresses will be queried until after a CTRL+C has been issued (so that queries don't effect the addresses). When reading from a pcap file, addresses are automatically queried after a list of addresses has been generated.

Results from iploc are exported in this format:

<ip address>>,<country>,<city and state>,<latitude>,<longitude>,<packet count>