1IPTSTATE(8) IPTSTATE(8)
2
6 iptstate - A top-like display of IP Tables state table entries
7
10 iptstate [<options>]
11
14 iptstate displays information held in the IP Tables state table in
15 real-time in a top-like format. Output can be sorted by any field, or
16 any field reversed. Users can choose to have the output only print once
17 and exit, rather than the top-like system. Refresh rate is config‐
18 urable, IPs can be resolved to names, output can be formatted, the dis‐
19 play can be filtered, and color coding are among some of the many fea‐
20 tures.
21
24 -c, --no-color
25 Toggle color-code by protocol
26 -C, --counters
28 Toggle display of bytes/packets counters
29 -d, --dst-filter IP[/NETMASK]
31 Only show states with a destination of IP and with optional NET‐
32 MASK.
33 Note, that this must be an IP, hostname matching is not yet sup‐
34 ported.
35 -D --dstpt-filter port
37 Only show states with a destination port of port
38 -h, --help
40 Show help message
41 -i, --invert-filters
43 Invert filters to display non-matching results
44 -l, --lookup
46 Show hostnames instead of IP addresses. Enabling this will also
47 enable -L to prevent an ever-growing number of DNS requests.
48 -m, --mark-truncated
50 Mark truncated hostnames with a '+'
51 -o, --no-dynamic
53 Toggle dynamic formatting
54 -L, --no-dns
56 Skip outgoing DNS lookup states
57 -f, --no-loopback
59 Filter states on loopback
60 -p, --no-scroll
62 No scrolling (don't use a "pad"). See SCROLLING AND PADS for
63 more information.
64 -r, --reverse
66 Reverse sort order
67 -R, --rate seconds
69 Refresh rate, followed by rate in seconds. Note that this is for
70 statetop mode, and not applicable for single-run mode (--sin‐
71 gle).
72 -1, --single
74 Single run (no curses)
75 -b, --sort column
77 This determines what column to sort by. Options:
78 S Source Port
79 d Destination IP (or Name)
80 D Destination Port
81 p Protocol
82 s State
83 t TTL
84 b Bytes
85 P Packets
86 To sort by Source IP (or Name), don't use -b. Sorting by
87 bytes/packets is only available for kernels that support it, and
88 only when compiled against libnetfilter_conntrack (the default).
89 -s, --src-filter IP[/NETMASK]
91 Only show states with a source of IP and with optional NETMASK.
92 Note, that this must be an IP, hostname matching is not yet sup‐
93 ported.
94 -S, --srcpt-filter port
96 Only show states with a source port of port
97 -t, --totals
99 Toggle display of totals
100
103 As of version 2.0, all command-line options are now available interac‐
104 tively using the same key as the short-option. For example, --sort is
105 also -b, so while iptstate is running, hitting b will change the sort‐
106 ing to the next column. Similarly, t toggles the display of totals, and
107 so on.
108 There are also extra interactive options: B - change sorting to previ‐
110 ous column (opposite of b); q - quit; and x - delete the currently
111 highlighted state from the netfilter conntrack table.
112 Additionally, the following keys are used to navigate within iptstate:
114 Up or j - Move up one line
116 Down or k - Move down one line
118 Left or h - Move left one column
120 Right or l - Move right one column
122 PageUp or ^u - Move up one page
124 PageDown or ^d - Move down one page
126 Home - Go to the top
128 End - Go to the end
130 In many cases, iptstate needs to prompt you in order to change some‐
132 thing. For example, if you want to set or change the source-ip filter,
133 when you hit s, iptstate will pop up a prompt at the top of the window
134 to ask you what you want to set it to.
135 Note that like many UNIX applications, ctrl-G will tell iptstate "nev‐
137 ermind" - it'll remove the prompt and forget you ever hit s.
138 In most cases, a blank response means "clear" - clear the source IP
140 filter, for example.
141 At anytime while iptstate is running, you can hit h to get to the in‐
143 teractive help which will display all the current settings to you as
144 well give you a list of all interactive commands available.
145 While running, space will immediately update the display. Iptstate
147 should gracefully handle all window resizes, but if it doesn't, you can
148 force it to re-calculate and re-draw the screen with a ctrl-L.
149 Note that hitting l to enable hostname resolution while in interactive
151 mode will also enable L to skip all DNS entries (to prevent an ever-
152 growing number of DNS requests).
153
156 For almost any user, there is no reason to turn off scrolling. The
157 ability to turn this off - and especially the ability to toggle this
158 interactively - is done more for theoretical completeness than anything
159 else.
160 But, nonetheless, here are the details. Typically in a curses applica‐
162 tion you create a "window." Windows don't scroll, however. They are, at
163 most, the size of your terminal. Windows provide double-buffering to
164 make refreshing as fast and seemless as possible. However, to enable
165 scrolling, one has to use "pads" instead of windows. Pads can be bigger
166 than the current terminal. Then all necessary data is written to the
167 pad, and "scrolling" becomes a function of just showing the right part
168 of that pad on the screen.
169 However, pads do not have the double-buffering feature that windows
171 have. Thus, there _might_ be some case where for some user using some
172 very strange machine, having scrolling enabled could cause poor re‐
173 freshing. Given the nature of the way iptstate uses the screen though,
174 I find this highly unlikely. In addition, the scrolling method uses a
175 little more memory. However, iptstate is not a memory intensive appli‐
176 cation, so this shouldn't be a problem even on low-memory systems.
177 Nonetheless, if this does negatively affect you, the option to turn it
179 off is there.
180
183 Anything other than 0 indicates and error. A list of current exit sta‐
184 tuses are below:
185 0 Success
187 1 Bad command-line arguments
189 2 Error communicating with the netfilter subsystem.
191 3 Terminal too narrow
193
196 We don't support filtering on resolved names. IPv6 support is new and
197 the dynamic formatting doesn't yet always handle IPv6 addresses as well
198 as it should.
199
202 All bugs should be reported to Phil Dibowitz <phil AT ipom DOT com>.
203 Please see the README and BUGS for more information on bug reports.
204 Please read the WISHLIST before sending in features you hope to see.
205
208 iptstate does a lot of work to try to fit everything on the screen in
209 an easy-to-read way. However, in some cases, hostnames may need to be
210 truncated (in lookup mode). Similarly, IPv6 addresses may need to be
211 truncated. The truncation of names happens from the right for source
212 because you most likely know your own domain name, and from the left
213 for destination because knowing your users are connection to "mail.a."
214 doesn't help much. However, for addresses, this is reversed.
215 iptstate does not automatically handle window-resizes while in the in‐
217 teractive help screen. If you do resize while in this window, you
218 should return to the main window, hit ctrl-L to re-calculate and re-
219 draw the screen, and then, if you choose, return to the interactive
220 help.
221 iptstate currently uses libnetfilter_conntrack to access the netfilter
223 connection state table. However, older versions read out of
224 /proc/net/ip_conntrack, and the current version can still be compiled
225 to do this. This deprecated method can be racy on SMP systems, and can
226 hurt performance on very heavily loaded firewalls. This deprecated
227 method should be avoided - support will be removed in future versions.
228
231 iptables(8)
232
234 iptstate was written by Phil Dibowitz <phil AT ipom DOT com>
235 http://www.phildev.net/iptstate/
236 JUNE 2012 IPTSTATE(8)