1IPTSTATE(8)                                                        IPTSTATE(8)
2
3
4

NAME

6       iptstate - A top-like display of IP Tables state table entries
7
8

SYNOPSIS

10       iptstate [<options>]
11
12

DESCRIPTION

14       iptstate  displays  information  held  in  the IP Tables state table in
15       real-time in a top-like format.  Output can be sorted by any field,  or
16       any field reversed. Users can choose to have the output only print once
17       and exit, rather than the top-like  system.  Refresh  rate  is  config‐
18       urable, IPs can be resolved to names, output can be formatted, the dis‐
19       play can be filtered, and color coding are among some of the many  fea‐
20       tures.
21
22

COMMAND-LINE OPTIONS

24       -c, --no-color
25              Toggle color-code by protocol
26
27       -C, --counters
28              Toggle display of bytes/packets counters
29
30       -d, --dst-filter IP[/NETMASK]
31              Only show states with a destination of IP and with optional NET‐
32              MASK.
33              Note, that this must be an IP, hostname matching is not yet sup‐
34              ported.
35
36       -D --dstpt-filter port
37              Only show states with a destination port of port
38
39       -h, --help
40              Show help message
41
42       -i, --invert-filters
43              Invert filters to display non-matching results
44
45       -l, --lookup
46              Show  hostnames instead of IP addresses. Enabling this will also
47              enable -L to prevent an ever-growing number of DNS requests.
48
49       -m, --mark-truncated
50              Mark truncated hostnames with a '+'
51
52       -o, --no-dynamic
53              Toggle dynamic formatting
54
55       -L, --no-dns
56              Skip outgoing DNS lookup states
57
58       -f, --no-loopback
59              Filter states on loopback
60
61       -p, --no-scroll
62              No scrolling (don't use a "pad"). See  SCROLLING  AND  PADS  for
63              more information.
64
65       -r, --reverse
66              Reverse sort order
67
68       -R, --rate seconds
69              Refresh rate, followed by rate in seconds. Note that this is for
70              statetop mode, and not applicable for  single-run  mode  (--sin‐
71              gle).
72
73       -1, --single
74              Single run (no curses)
75
76       -b, --sort column
77              This determines what column to sort by. Options:
78                   S Source Port
79                   d Destination IP (or Name)
80                   D Destination Port
81                   p Protocol
82                   s State
83                   t TTL
84                   b Bytes
85                   P Packets
86              To  sort  by  Source  IP  (or  Name),  don't  use -b. Sorting by
87              bytes/packets is only available for kernels that support it, and
88              only when compiled against libnetfilter_conntrack (the default).
89
90       -s, --src-filter IP[/NETMASK]
91              Only show states with a source of IP and with optional NETMASK.
92              Note, that this must be an IP, hostname matching is not yet sup‐
93              ported.
94
95       -S, --srcpt-filter port
96              Only show states with a source port of port
97
98       -t, --totals
99              Toggle display of totals
100
101

INTERACTIVE OPTIONS

103       As of version 2.0, all command-line options are now available  interac‐
104       tively  using  the same key as the short-option. For example, --sort is
105       also -b, so while iptstate is running, hitting b will change the  sort‐
106       ing to the next column. Similarly, t toggles the display of totals, and
107       so on.
108
109       There are also extra interactive options: B - change sorting to  previ‐
110       ous  column  (opposite  of  b);  q - quit; and x - delete the currently
111       highlighted state from the netfilter conntrack table.
112
113       Additionally, the following keys are used to navigate within iptstate:
114
115       Up or j - Move up one line
116
117       Down or k - Move down one line
118
119       Left or h - Move left one column
120
121       Right or l - Move right one column
122
123       PageUp or ^u - Move up one page
124
125       PageDown or ^d - Move down one page
126
127       Home - Go to the top
128
129       End - Go to the end
130
131       In many cases, iptstate needs to prompt you in order  to  change  some‐
132       thing.  For example, if you want to set or change the source-ip filter,
133       when you hit s, iptstate will pop up a prompt at the top of the  window
134       to ask you what you want to set it to.
135
136       Note  that like many UNIX applications, ctrl-G will tell iptstate "nev‐
137       ermind" - it'll remove the prompt and forget you ever hit s.
138
139       In most cases, a blank response means "clear" -  clear  the  source  IP
140       filter, for example.
141
142       At  anytime  while iptstate is running, you can hit h to get to the in‐
143       teractive help which will display all the current settings  to  you  as
144       well give you a list of all interactive commands available.
145
146       While  running,  space  will  immediately  update the display. Iptstate
147       should gracefully handle all window resizes, but if it doesn't, you can
148       force it to re-calculate and re-draw the screen with a ctrl-L.
149
150       Note  that hitting l to enable hostname resolution while in interactive
151       mode will also enable L to skip all DNS entries (to  prevent  an  ever-
152       growing number of DNS requests).
153
154

SCROLLING AND PADS

156       For  almost  any  user,  there  is no reason to turn off scrolling. The
157       ability to turn this off - and especially the ability  to  toggle  this
158       interactively - is done more for theoretical completeness than anything
159       else.
160
161       But, nonetheless, here are the details. Typically in a curses  applica‐
162       tion you create a "window." Windows don't scroll, however. They are, at
163       most, the size of your terminal. Windows  provide  double-buffering  to
164       make  refreshing  as  fast and seemless as possible. However, to enable
165       scrolling, one has to use "pads" instead of windows. Pads can be bigger
166       than  the  current  terminal. Then all necessary data is written to the
167       pad, and "scrolling" becomes a function of just showing the right  part
168       of that pad on the screen.
169
170       However,  pads  do  not  have the double-buffering feature that windows
171       have. Thus, there _might_ be some case where for some user  using  some
172       very  strange  machine,  having  scrolling enabled could cause poor re‐
173       freshing. Given the nature of the way iptstate uses the screen  though,
174       I  find  this highly unlikely. In addition, the scrolling method uses a
175       little more memory. However, iptstate is not a memory intensive  appli‐
176       cation, so this shouldn't be a problem even on low-memory systems.
177
178       Nonetheless,  if this does negatively affect you, the option to turn it
179       off is there.
180
181

EXIT STATUS

183       Anything other than 0 indicates and error. A list of current exit  sta‐
184       tuses are below:
185
186       0      Success
187
188       1      Bad command-line arguments
189
190       2      Error communicating with the netfilter subsystem.
191
192       3      Terminal too narrow
193
194

BUGS

196       We  don't  support filtering on resolved names. IPv6 support is new and
197       the dynamic formatting doesn't yet always handle IPv6 addresses as well
198       as it should.
199
200

BUG REPORTS

202       All  bugs  should  be reported to Phil Dibowitz <phil AT ipom DOT com>.
203       Please see the README and BUGS for more  information  on  bug  reports.
204       Please read the WISHLIST before sending in features you hope to see.
205
206

NOTES

208       iptstate  does  a lot of work to try to fit everything on the screen in
209       an easy-to-read way. However, in some cases, hostnames may need  to  be
210       truncated  (in  lookup  mode). Similarly, IPv6 addresses may need to be
211       truncated. The truncation of names happens from the  right  for  source
212       because  you  most  likely know your own domain name, and from the left
213       for destination because knowing your users are connection to  "mail.a."
214       doesn't help much. However, for addresses, this is reversed.
215
216       iptstate  does not automatically handle window-resizes while in the in‐
217       teractive help screen. If you do  resize  while  in  this  window,  you
218       should  return  to  the main window, hit ctrl-L to re-calculate and re-
219       draw the screen, and then, if you choose,  return  to  the  interactive
220       help.
221
222       iptstate  currently uses libnetfilter_conntrack to access the netfilter
223       connection  state  table.  However,  older   versions   read   out   of
224       /proc/net/ip_conntrack,  and  the current version can still be compiled
225       to do this. This deprecated method can be racy on SMP systems, and  can
226       hurt  performance  on  very  heavily  loaded firewalls. This deprecated
227       method should be avoided - support will be removed in future versions.
228
229

SEE ALSO

231       iptables(8)
232

AUTHOR

234       iptstate was written by Phil Dibowitz <phil AT ipom DOT com>
235       http://www.phildev.net/iptstate/
236
237
238
239                                   JUNE 2012                       IPTSTATE(8)
Impressum