1IPTSTATE(8)                                                        IPTSTATE(8)
2
3
4

NAME

6       iptstate - A top-like display of IP Tables state table entries
7
8

SYNOPSIS

10       iptstate [<options>]
11
12

DESCRIPTION

14       iptstate  displays  information  held  in  the IP Tables state table in
15       real-time in a top-like format.  Output can be sorted by any field,  or
16       any field reversed. Users can choose to have the output only print once
17       and exit, rather than the top-like  system.  Refresh  rate  is  config‐
18       urable, IPs can be resolved to names, output can be formatted, the dis‐
19       play can be filtered, and color coding are among some of the many  fea‐
20       tures.
21
22

COMMAND-LINE OPTIONS

24       -c, --no-color
25              Toggle color-code by protocol
26
27       -C, --counters
28              Toggle display of bytes/packets counters
29
30       -d, --dst-filter IP
31              Only  show  states with a destination of IP Note, that this must
32              be an IP, hostname matching is not yet supported.
33
34       -D --dstpt-filter port
35              Only show states with a destination port of port
36
37       -h, --help
38              Show help message
39
40       -l, --lookup
41              Show hostnames instead of IP addresses
42
43       -m, --mark-truncated
44              Mark truncated hostnames with a '+'
45
46       -o, --no-dynamic
47              Toggle dynamic formatting
48
49       -L, --no-dns
50              Skip outgoing DNS lookup states
51
52       -f, --no-loopback
53              Filter states on loopback
54
55       -p, --no-scroll
56              No scrolling (don't use a "pad"). See  SCROLLING  AND  PADS  for
57              more information.
58
59       -r, --reverse
60              Reverse sort order
61
62       -R, --rate seconds
63              Refresh rate, followed by rate in seconds. Note that this is for
64              statetop mode, and not applicable for  single-run  mode  (--sin‐
65              gle).
66
67       -1, --single
68              Single run (no curses)
69
70       -b, --sort column
71              This determines what column to sort by. Options:
72                   S Source Port
73                   d Destination IP (or Name)
74                   D Destination Port
75                   p Protocol
76                   s State
77                   t TTL
78                   b Bytes
79                   P Packets
80              To  sort  by  Source  IP  (or  Name),  don't  use -b. Sorting by
81              bytes/packets is only available for kernels that support it, and
82              only when compiled against libnetfilter_conntrack (the default).
83
84       -s, --src-filter IP
85              Only show states with a source of IP. Note, that this must be an
86              IP, hostname matching is not yet supported.
87
88       -S, --srcpt-filter port
89              Only show states with a source port of port
90
91       -t, --totals
92              Toggle display of totals
93
94

INTERACTIVE OPTIONS

96       As of version 2.0, all command-line options are now available  interac‐
97       tively  using  the same key as the short-option. For example, --sort is
98       also -b, so while iptstate is running, hitting b will change the  sort‐
99       ing to the next column. Similarly, t toggles the display of totals, and
100       so on.
101
102       There are also extra interactive options: B - change sorting to  previ‐
103       ous  column  (opposite  of  b);  q - quit; and x - delete the currently
104       highlighted state from the netfilter conntrack table.
105
106       Additionally, the following keys are used to navigate within iptstate:
107
108       Up or j - Move up one line
109
110       Down or k - Move down one line
111
112       Left or h - Move left one column
113
114       Right or l - Move right one column
115
116       PageUp or ^u - Move up one page
117
118       PageDown or ^d - Move down one page
119
120       Home - Go to the top
121
122       End - Go to the end
123
124       In many cases, iptstate needs to prompt you in order  to  change  some‐
125       thing.  For example, if you want to set or change the source-ip filter,
126       when you hit s, iptstate will pop up a prompt at the top of the  window
127       to ask you what you want to set it to.
128
129       Note  that like many UNIX applications, ctrl-G will tell iptstate "nev‐
130       ermind" - it'll remove the prompt and forget you ever hit s.
131
132       In most cases, a blank response means "clear" -  clear  the  source  IP
133       filter, for example.
134
135       At  anytime  while  iptstate  is  running,  you can hit h to get to the
136       interactive help which will display all the current settings to you  as
137       well give you a list of all interactive commands available.
138
139       While  running,  space  will  immediately  update the display. Iptstate
140       should gracefully handle all window resizes, but if it doesn't, you can
141       force it to re-calculate and re-draw the screen with a ctrl-L.
142
143

SCROLLING AND PADS

145       For  almost  any  user,  there  is no reason to turn off scrolling. The
146       ability to turn this off - and especially the ability  to  toggle  this
147       interactively - is done more for theoretical completeness than anything
148       else.
149
150       But, nonetheless, here are the details. Typically in a curses  applica‐
151       tion you create a "window." Windows don't scroll, however. They are, at
152       most, the size of your terminal. Windows  provide  double-buffering  to
153       make  refreshing  as  fast and seemless as possible. However, to enable
154       scrolling, one has to use "pads" instead of windows. Pads can be bigger
155       than  the  current  terminal. Then all necessary data is written to the
156       pad, and "scrolling" becomes a function of just showing the right  part
157       of that pad on the screen.
158
159       However,  pads  do  not  have the double-buffering feature that windows
160       have. Thus, there _might_ be some case where for some user  using  some
161       very  strange  machine,  having  scrolling  enabled  could  cause  poor
162       refreshing. Given the nature  of  the  way  iptstate  uses  the  screen
163       though,  I find this highly unlikely. In addition, the scrolling method
164       uses a little more memory. However, iptstate is not a memory  intensive
165       application, so this shouldn't be a problem even on low-memory systems.
166
167       Nonetheless,  if this does negatively affect you, the option to turn it
168       off is there.
169
170

EXIT STATUS

172       Anything other than 0 indicates and error. A list of current exit  sta‐
173       tuses are below:
174
175       0      Success
176
177       1      Bad command-line arguments
178
179       2      Error communicating with the netfilter subsystem.
180
181       3      Terminal too narrow
182
183

BUGS

185       We don't support filtering on resolved names, and we don't support fil‐
186       tering on networks. IPv6 support is  new  and  the  dynamic  formatting
187       doesn't yet always handle IPv6 addresses as well as it should.
188
189

BUG REPORTS

191       All  bugs  should  be reported to Phil Dibowitz <phil AT ipom DOT com>.
192       Please see the README and BUGS for more  information  on  bug  reports.
193       Please read the WISHLIST before sending in features you hope to see.
194
195

NOTES

197       iptstate  does  a lot of work to try to fit everything on the screen in
198       an easy-to-read way. However, in some cases, hostnames may need  to  be
199       truncated  (in  lookup  mode). Similarly, IPv6 addresses may need to be
200       truncated. The truncation of names happens from the  right  for  source
201       because  you  most  likely know your own domain name, and from the left
202       for destination because knowing your users are connection to  "mail.a."
203       doesn't help much. However, for addresses, this is reversed.
204
205       iptstate  does  not  automatically  handle  window-resizes while in the
206       interactive help screen. If you do resize while  in  this  window,  you
207       should  return  to  the main window, hit ctrl-L to re-calculate and re-
208       draw the screen, and then, if you choose,  return  to  the  interactive
209       help.
210
211       iptstate  currently uses libnetfilter_conntrack to access the netfilter
212       connection  state  table.  However,  older   versions   read   out   of
213       /proc/net/ip_conntrack,  and  the current version can still be compiled
214       to do this. This deprecated method can be racy on SMP systems, and  can
215       hurt  performance  on  very  heavily  loaded firewalls. This deprecated
216       method should be avoided - support will be removed in future versions.
217
218

SEE ALSO

220       iptables(8)
221

AUTHOR

223       iptstate was written by Phil Dibowitz <phil AT ipom DOT com>
224       http://www.phildev.net/iptstate/
225
226
227
228                                   JUNE 2012                       IPTSTATE(8)
Impressum