1IPTSTATE(8) IPTSTATE(8)
2
6 iptstate - A top-like display of IP Tables state table entries
7
10 iptstate [<options>]
11
14 iptstate displays information held in the IP Tables state table in
15 real-time in a top-like format. Output can be sorted by any field, or
16 any field reversed. Users can choose to have the output only print once
17 and exit, rather than the top-like system. Refresh rate is config‐
18 urable, IPs can be resolved to names, output can be formatted, the dis‐
19 play can be filtered, and color coding are among some of the many fea‐
20 tures.
21
24 -c, --no-color
25 Toggle color-code by protocol
26 -C, --counters
28 Toggle display of bytes/packets counters
29 -d, --dst-filter IP
31 Only show states with a destination of IP Note, that this must
32 be an IP, hostname matching is not yet supported.
33 -D --dstpt-filter port
35 Only show states with a destination port of port
36 -h, --help
38 Show help message
39 -l, --lookup
41 Show hostnames instead of IP addresses. Enabling this will also
42 enable -L to prevent an ever-growing number of DNS requests.
43 -m, --mark-truncated
45 Mark truncated hostnames with a '+'
46 -o, --no-dynamic
48 Toggle dynamic formatting
49 -L, --no-dns
51 Skip outgoing DNS lookup states
52 -f, --no-loopback
54 Filter states on loopback
55 -p, --no-scroll
57 No scrolling (don't use a "pad"). See SCROLLING AND PADS for
58 more information.
59 -r, --reverse
61 Reverse sort order
62 -R, --rate seconds
64 Refresh rate, followed by rate in seconds. Note that this is for
65 statetop mode, and not applicable for single-run mode (--sin‐
66 gle).
67 -1, --single
69 Single run (no curses)
70 -b, --sort column
72 This determines what column to sort by. Options:
73 S Source Port
74 d Destination IP (or Name)
75 D Destination Port
76 p Protocol
77 s State
78 t TTL
79 b Bytes
80 P Packets
81 To sort by Source IP (or Name), don't use -b. Sorting by
82 bytes/packets is only available for kernels that support it, and
83 only when compiled against libnetfilter_conntrack (the default).
84 -s, --src-filter IP
86 Only show states with a source of IP. Note, that this must be an
87 IP, hostname matching is not yet supported.
88 -S, --srcpt-filter port
90 Only show states with a source port of port
91 -t, --totals
93 Toggle display of totals
94
97 As of version 2.0, all command-line options are now available interac‐
98 tively using the same key as the short-option. For example, --sort is
99 also -b, so while iptstate is running, hitting b will change the sort‐
100 ing to the next column. Similarly, t toggles the display of totals, and
101 so on.
102 There are also extra interactive options: B - change sorting to previ‐
104 ous column (opposite of b); q - quit; and x - delete the currently
105 highlighted state from the netfilter conntrack table.
106 Additionally, the following keys are used to navigate within iptstate:
108 Up or j - Move up one line
110 Down or k - Move down one line
112 Left or h - Move left one column
114 Right or l - Move right one column
116 PageUp or ^u - Move up one page
118 PageDown or ^d - Move down one page
120 Home - Go to the top
122 End - Go to the end
124 In many cases, iptstate needs to prompt you in order to change some‐
126 thing. For example, if you want to set or change the source-ip filter,
127 when you hit s, iptstate will pop up a prompt at the top of the window
128 to ask you what you want to set it to.
129 Note that like many UNIX applications, ctrl-G will tell iptstate "nev‐
131 ermind" - it'll remove the prompt and forget you ever hit s.
132 In most cases, a blank response means "clear" - clear the source IP
134 filter, for example.
135 At anytime while iptstate is running, you can hit h to get to the
137 interactive help which will display all the current settings to you as
138 well give you a list of all interactive commands available.
139 While running, space will immediately update the display. Iptstate
141 should gracefully handle all window resizes, but if it doesn't, you can
142 force it to re-calculate and re-draw the screen with a ctrl-L.
143 Note that hitting l to enable hostname resolution while in interactive
145 mode will also enable L to skip all DNS entries (to prevent an ever-
146 growing number of DNS requests).
147
150 For almost any user, there is no reason to turn off scrolling. The
151 ability to turn this off - and especially the ability to toggle this
152 interactively - is done more for theoretical completeness than anything
153 else.
154 But, nonetheless, here are the details. Typically in a curses applica‐
156 tion you create a "window." Windows don't scroll, however. They are, at
157 most, the size of your terminal. Windows provide double-buffering to
158 make refreshing as fast and seemless as possible. However, to enable
159 scrolling, one has to use "pads" instead of windows. Pads can be bigger
160 than the current terminal. Then all necessary data is written to the
161 pad, and "scrolling" becomes a function of just showing the right part
162 of that pad on the screen.
163 However, pads do not have the double-buffering feature that windows
165 have. Thus, there _might_ be some case where for some user using some
166 very strange machine, having scrolling enabled could cause poor
167 refreshing. Given the nature of the way iptstate uses the screen
168 though, I find this highly unlikely. In addition, the scrolling method
169 uses a little more memory. However, iptstate is not a memory intensive
170 application, so this shouldn't be a problem even on low-memory systems.
171 Nonetheless, if this does negatively affect you, the option to turn it
173 off is there.
174
177 Anything other than 0 indicates and error. A list of current exit sta‐
178 tuses are below:
179 0 Success
181 1 Bad command-line arguments
183 2 Error communicating with the netfilter subsystem.
185 3 Terminal too narrow
187
190 We don't support filtering on resolved names, and we don't support fil‐
191 tering on networks. IPv6 support is new and the dynamic formatting
192 doesn't yet always handle IPv6 addresses as well as it should.
193
196 All bugs should be reported to Phil Dibowitz <phil AT ipom DOT com>.
197 Please see the README and BUGS for more information on bug reports.
198 Please read the WISHLIST before sending in features you hope to see.
199
202 iptstate does a lot of work to try to fit everything on the screen in
203 an easy-to-read way. However, in some cases, hostnames may need to be
204 truncated (in lookup mode). Similarly, IPv6 addresses may need to be
205 truncated. The truncation of names happens from the right for source
206 because you most likely know your own domain name, and from the left
207 for destination because knowing your users are connection to "mail.a."
208 doesn't help much. However, for addresses, this is reversed.
209 iptstate does not automatically handle window-resizes while in the
211 interactive help screen. If you do resize while in this window, you
212 should return to the main window, hit ctrl-L to re-calculate and re-
213 draw the screen, and then, if you choose, return to the interactive
214 help.
215 iptstate currently uses libnetfilter_conntrack to access the netfilter
217 connection state table. However, older versions read out of
218 /proc/net/ip_conntrack, and the current version can still be compiled
219 to do this. This deprecated method can be racy on SMP systems, and can
220 hurt performance on very heavily loaded firewalls. This deprecated
221 method should be avoided - support will be removed in future versions.
222
225 iptables(8)
226
228 iptstate was written by Phil Dibowitz <phil AT ipom DOT com>
229 http://www.phildev.net/iptstate/
230 JUNE 2012 IPTSTATE(8)