#!/usr/bin/envpythonimportpygeoipfromscapy.allimport*gi=pygeoip.GeoIP('/opt/GeoIP/GeoIP.data')defretGeoStr(ip_src):try:rec=gi.record_by_name(ip_src)city=rec['city']country=rec['country_name']ifcity!=None:print(ip_src+':'+country+':'+city)exceptExceptionase:return'Unregistered'defanspkt(pkt):ifpkt.haslayer(IP):ip_src=pkt.getlayer(IP).srcretGeoStr(ip_src)defmain():sniff(iface='eth0',prn=anspkt,store=0)#sinff这里可以增加过滤条件,如filter='tcpandport80',即是只抓取tcp80端口的数据if__name__=='__main__':main()

运行结果如下: