1IPTSTATE(8)                                                        IPTSTATE(8)
2
3
4

NAME

6       iptstate - A top-like display of IP Tables state table entries
7
8

SYNOPSIS

10       iptstate [<options>]
11
12

DESCRIPTION

14       iptstate  displays  information  held  in  the IP Tables state table in
15       real-time in a top-like format.  Output can be sorted by any field,  or
16       any field reversed. Users can choose to have the output only print once
17       and exit, rather than the top-like  system.  Refresh  rate  is  config‐
18       urable, IPs can be resolved to names, output can be formatted, the dis‐
19       play can be filtered, and color coding are among some of the many  fea‐
20       tures.
21
22

COMMAND-LINE OPTIONS

24       -c, --no-color
25              Toggle color-code by protocol
26
27       -C, --counters
28              Toggle display of bytes/packets counters
29
30       -d, --dst-filter IP
31              Only  show  states with a destination of IP Note, that this must
32              be an IP, hostname matching is not yet supported.
33
34       -D --dstpt-filter port
35              Only show states with a destination port of port
36
37       -h, --help
38              Show help message
39
40       -l, --lookup
41              Show hostnames instead of IP addresses. Enabling this will  also
42              enable -L to prevent an ever-growing number of DNS requests.
43
44       -m, --mark-truncated
45              Mark truncated hostnames with a '+'
46
47       -o, --no-dynamic
48              Toggle dynamic formatting
49
50       -L, --no-dns
51              Skip outgoing DNS lookup states
52
53       -f, --no-loopback
54              Filter states on loopback
55
56       -p, --no-scroll
57              No  scrolling  (don't  use  a "pad"). See SCROLLING AND PADS for
58              more information.
59
60       -r, --reverse
61              Reverse sort order
62
63       -R, --rate seconds
64              Refresh rate, followed by rate in seconds. Note that this is for
65              statetop  mode,  and  not applicable for single-run mode (--sin‐
66              gle).
67
68       -1, --single
69              Single run (no curses)
70
71       -b, --sort column
72              This determines what column to sort by. Options:
73                   S Source Port
74                   d Destination IP (or Name)
75                   D Destination Port
76                   p Protocol
77                   s State
78                   t TTL
79                   b Bytes
80                   P Packets
81              To sort by Source  IP  (or  Name),  don't  use  -b.  Sorting  by
82              bytes/packets is only available for kernels that support it, and
83              only when compiled against libnetfilter_conntrack (the default).
84
85       -s, --src-filter IP
86              Only show states with a source of IP. Note, that this must be an
87              IP, hostname matching is not yet supported.
88
89       -S, --srcpt-filter port
90              Only show states with a source port of port
91
92       -t, --totals
93              Toggle display of totals
94
95

INTERACTIVE OPTIONS

97       As  of version 2.0, all command-line options are now available interac‐
98       tively using the same key as the short-option. For example,  --sort  is
99       also  -b, so while iptstate is running, hitting b will change the sort‐
100       ing to the next column. Similarly, t toggles the display of totals, and
101       so on.
102
103       There  are also extra interactive options: B - change sorting to previ‐
104       ous column (opposite of b); q - quit; and  x  -  delete  the  currently
105       highlighted state from the netfilter conntrack table.
106
107       Additionally, the following keys are used to navigate within iptstate:
108
109       Up or j - Move up one line
110
111       Down or k - Move down one line
112
113       Left or h - Move left one column
114
115       Right or l - Move right one column
116
117       PageUp or ^u - Move up one page
118
119       PageDown or ^d - Move down one page
120
121       Home - Go to the top
122
123       End - Go to the end
124
125       In  many  cases,  iptstate needs to prompt you in order to change some‐
126       thing. For example, if you want to set or change the source-ip  filter,
127       when  you hit s, iptstate will pop up a prompt at the top of the window
128       to ask you what you want to set it to.
129
130       Note that like many UNIX applications, ctrl-G will tell iptstate  "nev‐
131       ermind" - it'll remove the prompt and forget you ever hit s.
132
133       In  most  cases,  a  blank response means "clear" - clear the source IP
134       filter, for example.
135
136       At anytime while iptstate is running, you can  hit  h  to  get  to  the
137       interactive  help which will display all the current settings to you as
138       well give you a list of all interactive commands available.
139
140       While running, space will  immediately  update  the  display.  Iptstate
141       should gracefully handle all window resizes, but if it doesn't, you can
142       force it to re-calculate and re-draw the screen with a ctrl-L.
143
144       Note that hitting l to enable hostname resolution while in  interactive
145       mode  will  also  enable L to skip all DNS entries (to prevent an ever-
146       growing number of DNS requests).
147
148

SCROLLING AND PADS

150       For almost any user, there is no reason  to  turn  off  scrolling.  The
151       ability  to  turn  this off - and especially the ability to toggle this
152       interactively - is done more for theoretical completeness than anything
153       else.
154
155       But,  nonetheless, here are the details. Typically in a curses applica‐
156       tion you create a "window." Windows don't scroll, however. They are, at
157       most,  the  size  of your terminal. Windows provide double-buffering to
158       make refreshing as fast and seemless as possible.  However,  to  enable
159       scrolling, one has to use "pads" instead of windows. Pads can be bigger
160       than the current terminal. Then all necessary data is  written  to  the
161       pad,  and "scrolling" becomes a function of just showing the right part
162       of that pad on the screen.
163
164       However, pads do not have the  double-buffering  feature  that  windows
165       have.  Thus,  there _might_ be some case where for some user using some
166       very  strange  machine,  having  scrolling  enabled  could  cause  poor
167       refreshing.  Given  the  nature  of  the  way  iptstate uses the screen
168       though, I find this highly unlikely. In addition, the scrolling  method
169       uses  a little more memory. However, iptstate is not a memory intensive
170       application, so this shouldn't be a problem even on low-memory systems.
171
172       Nonetheless, if this does negatively affect you, the option to turn  it
173       off is there.
174
175

EXIT STATUS

177       Anything  other than 0 indicates and error. A list of current exit sta‐
178       tuses are below:
179
180       0      Success
181
182       1      Bad command-line arguments
183
184       2      Error communicating with the netfilter subsystem.
185
186       3      Terminal too narrow
187
188

BUGS

190       We don't support filtering on resolved names, and we don't support fil‐
191       tering  on  networks.  IPv6  support  is new and the dynamic formatting
192       doesn't yet always handle IPv6 addresses as well as it should.
193
194

BUG REPORTS

196       All bugs should be reported to Phil Dibowitz <phil AT  ipom  DOT  com>.
197       Please  see  the  README  and BUGS for more information on bug reports.
198       Please read the WISHLIST before sending in features you hope to see.
199
200

NOTES

202       iptstate does a lot of work to try to fit everything on the  screen  in
203       an  easy-to-read  way. However, in some cases, hostnames may need to be
204       truncated (in lookup mode). Similarly, IPv6 addresses may  need  to  be
205       truncated.  The  truncation  of names happens from the right for source
206       because you most likely know your own domain name, and  from  the  left
207       for  destination because knowing your users are connection to "mail.a."
208       doesn't help much. However, for addresses, this is reversed.
209
210       iptstate does not automatically  handle  window-resizes  while  in  the
211       interactive  help  screen.  If  you do resize while in this window, you
212       should return to the main window, hit ctrl-L to  re-calculate  and  re-
213       draw  the  screen,  and  then, if you choose, return to the interactive
214       help.
215
216       iptstate currently uses libnetfilter_conntrack to access the  netfilter
217       connection   state   table.   However,   older  versions  read  out  of
218       /proc/net/ip_conntrack, and the current version can still  be  compiled
219       to  do this. This deprecated method can be racy on SMP systems, and can
220       hurt performance on very  heavily  loaded  firewalls.  This  deprecated
221       method should be avoided - support will be removed in future versions.
222
223

SEE ALSO

225       iptables(8)
226

AUTHOR

228       iptstate was written by Phil Dibowitz <phil AT ipom DOT com>
229       http://www.phildev.net/iptstate/
230
231
232
233                                   JUNE 2012                       IPTSTATE(8)
Impressum