1IPTSTATE(8) IPTSTATE(8)
2
6 iptstate - A top-like display of IP Tables state table entries
7
10 iptstate [<options>]
11
14 iptstate displays information held in the IP Tables state table in
15 real-time in a top-like format. Output can be sorted by any field, or
16 any field reversed. Users can choose to have the output only print once
17 and exit, rather than the top-like system. Refresh rate is config‐
18 urable, IPs can be resolved to names, output can be formatted, the dis‐
19 play can be filtered, and color coding are among some of the many fea‐
20 tures.
21
24 -c, --no-color
25 Toggle color-code by protocol
26 -C, --counters
28 Toggle display of bytes/packets counters
29 -d, --dst-filter IP
31 Only show states with a destination of IP Note, that this must
32 be an IP, hostname matching is not yet supported.
33 -D --dstpt-filter port
35 Only show states with a destination port of port
36 -h, --help
38 Show help message
39 -l, --lookup
41 Show hostnames instead of IP addresses
42 -m, --mark-truncated
44 Mark truncated hostnames with a '+'
45 -o, --no-dynamic
47 Toggle dynamic formatting
48 -L, --no-dns
50 Skip outgoing DNS lookup states
51 -f, --no-loopback
53 Filter states on loopback
54 -p, --no-scroll
56 No scrolling (don't use a "pad"). See SCROLLING AND PADS for
57 more information.
58 -r, --reverse
60 Reverse sort order
61 -R, --rate seconds
63 Refresh rate, followed by rate in seconds. Note that this is for
64 statetop mode, and not applicable for single-run mode (--sin‐
65 gle).
66 -1, --single
68 Single run (no curses)
69 -b, --sort column
71 This determines what column to sort by. Options:
72 S Source Port
73 d Destination IP (or Name)
74 D Destination Port
75 p Protocol
76 s State
77 t TTL
78 b Bytes
79 P Packets
80 To sort by Source IP (or Name), don't use -b. Sorting by
81 bytes/packets is only available for kernels that support it, and
82 only when compiled against libnetfilter_conntrack (the default).
83 -s, --src-filter IP
85 Only show states with a source of IP. Note, that this must be an
86 IP, hostname matching is not yet supported.
87 -S, --srcpt-filter port
89 Only show states with a source port of port
90 -t, --totals
92 Toggle display of totals
93
96 As of version 2.0, all command-line options are now available interac‐
97 tively using the same key as the short-option. For example, --sort is
98 also -b, so while iptstate is running, hitting b will change the sort‐
99 ing to the next column. Similarly, t toggles the display of totals, and
100 so on.
101 There are also extra interactive options: B - change sorting to previ‐
103 ous column (opposite of b); q - quit; and x - delete the currently
104 highlighted state from the netfilter conntrack table.
105 Additionally, the following keys are used to navigate within iptstate:
107 Up or j - Move up one line
109 Down or k - Move down one line
111 Left or h - Move left one column
113 Right or l - Move right one column
115 PageUp or ^u - Move up one page
117 PageDown or ^d - Move down one page
119 Home - Go to the top
121 End - Go to the end
123 In many cases, iptstate needs to prompt you in order to change some‐
125 thing. For example, if you want to set or change the source-ip filter,
126 when you hit s, iptstate will pop up a prompt at the top of the window
127 to ask you what you want to set it to.
128 Note that like many UNIX applications, ctrl-G will tell iptstate "nev‐
130 ermind" - it'll remove the prompt and forget you ever hit s.
131 In most cases, a blank response means "clear" - clear the source IP
133 filter, for example.
134 At anytime while iptstate is running, you can hit h to get to the
136 interactive help which will display all the current settings to you as
137 well give you a list of all interactive commands available.
138 While running, space will immediately update the display. Iptstate
140 should gracefully handle all window resizes, but if it doesn't, you can
141 force it to re-calculate and re-draw the screen with a ctrl-L.
142
145 For almost any user, there is no reason to turn off scrolling. The
146 ability to turn this off - and especially the ability to toggle this
147 interactively - is done more for theoretical completeness than anything
148 else.
149 But, nonetheless, here are the details. Typically in a curses applica‐
151 tion you create a "window." Windows don't scroll, however. They are, at
152 most, the size of your terminal. Windows provide double-buffering to
153 make refreshing as fast and seemless as possible. However, to enable
154 scrolling, one has to use "pads" instead of windows. Pads can be bigger
155 than the current terminal. Then all necessary data is written to the
156 pad, and "scrolling" becomes a function of just showing the right part
157 of that pad on the screen.
158 However, pads do not have the double-buffering feature that windows
160 have. Thus, there _might_ be some case where for some user using some
161 very strange machine, having scrolling enabled could cause poor
162 refreshing. Given the nature of the way iptstate uses the screen
163 though, I find this highly unlikely. In addition, the scrolling method
164 uses a little more memory. However, iptstate is not a memory intensive
165 application, so this shouldn't be a problem even on low-memory systems.
166 Nonetheless, if this does negatively affect you, the option to turn it
168 off is there.
169
172 Anything other than 0 indicates and error. A list of current exit sta‐
173 tuses are below:
174 0 Success
176 1 Bad command-line arguments
178 2 Error communicating with the netfilter subsystem.
180 3 Terminal too narrow
182
185 There are no known bugs at this time.
186
189 All bugs should be reported to Phil Dibowitz <phil AT ipom DOT com>.
190 Please see the README and BUGS for more information on bug reports.
191 Please read the WISHLIST before sending in features you hope to see.
192
195 iptstate does a lot of work to try to fit everything on the screen in
196 an easy-to-read way. However, in some cases, hostnames may need to be
197 truncated in lookup mode. The truncation of names in lookup mode hap‐
198 pens from the right for source because you most likely know your own
199 domain name, and from the left for destination because knowing your
200 users are connection to "mail.a." doesn't help much.
201 iptstate does not automatically handle window-resizes while in the
203 interactive help screen. If you do resize while in this window, you
204 should return to the main window, hit ctrl-L to re-calculate and re-
205 draw the screen, and then, if you choose, return to the interactive
206 help.
207 iptstate currently uses libnetfilter_conntrack to access the netfilter
209 connection state table. However, older versions read out of
210 /proc/net/ip_conntrack, and the current version can still be compiled
211 to do this. This deprecated method can be be racy on SMP systems, and
212 can hurt performance on very heavily loaded firewalls. This deprecated
213 method should be avoided - support will be removed in future versions.
214
217 iptables(8)
218
220 iptstate was written by Phil Dibowitz <phil AT ipom DOT com>
221 http://www.phildev.net/iptstate/
222 MARCH 2007 IPTSTATE(8)