Provided by: iptstate_2.2.5-1build1_i386 bug


       iptstate - A top-like display of IP Tables state table entries


       iptstate [<options>]


       iptstate  displays  information  held  in  the IP Tables state table in
       real-time in a top-like format.  Output can be sorted by any field,  or
       any field reversed. Users can choose to have the output only print once
       and  exit,  rather  than  the  top-like   system.   Refresh   rate   is
       configurable,  IPs  can  be resolved to names, output can be formatted,
       the display can be filtered, and color coding are  among  some  of  the
       many features.


       -c, --no-color
              Toggle color-code by protocol

       -C, --counters
              Toggle display of bytes/packets counters

       -d, --dst-filter IP
              Only  show  states with a destination of IP Note, that this must
              be an IP, hostname matching is not yet supported.

       -D --dstpt-filter port
              Only show states with a destination port of port

       -h, --help
              Show help message

       -l, --lookup
              Show hostnames instead of IP addresses

       -m, --mark-truncated
              Mark truncated hostnames with a '+'

       -o, --no-dynamic
              Toggle dynamic formatting

       -L, --no-dns
              Skip outgoing DNS lookup states

       -f, --no-loopback
              Filter states on loopback

       -p, --no-scroll
              No scrolling (don't use a "pad"). See  SCROLLING  AND  PADS  for
              more information.

       -r, --reverse
              Reverse sort order

       -R, --rate seconds
              Refresh rate, followed by rate in seconds. Note that this is for
              statetop  mode,  and  not   applicable   for   single-run   mode

       -1, --single
              Single run (no curses)

       -b, --sort column
              This determines what column to sort by. Options:
                   S Source Port
                   d Destination IP (or Name)
                   D Destination Port
                   p Protocol
                   s State
                   t TTL
                   b Bytes
                   P Packets
              To  sort  by  Source  IP  (or  Name),  don't  use -b. Sorting by
              bytes/packets is only available for kernels that support it, and
              only when compiled against libnetfilter_conntrack (the default).

       -s, --src-filter IP
              Only show states with a source of IP. Note, that this must be an
              IP, hostname matching is not yet supported.

       -S, --srcpt-filter port
              Only show states with a source port of port

       -t, --totals
              Toggle display of totals


       As  of  version  2.0,  all  command-line  options  are  now   available
       interactively  using  the  same  key  as the short-option. For example,
       --sort is also -b, so while iptstate is running, hitting b will  change
       the  sorting  to  the  next column. Similarly, t toggles the display of
       totals, and so on.

       There are also  extra  interactive  options:  B  -  change  sorting  to
       previous column (opposite of b); q - quit; and x - delete the currently
       highlighted state from the netfilter conntrack table.

       Additionally, the following keys are used to navigate within iptstate:

       Up or j - Move up one line

       Down or k - Move down one line

       Left or h - Move left one column

       Right or l - Move right one column

       PageUp or ^u - Move up one page

       PageDown or ^d - Move down one page

       Home - Go to the top

       End - Go to the end

       In many cases,  iptstate  needs  to  prompt  you  in  order  to  change
       something.  For  example,  if  you  want to set or change the source-ip
       filter, when you hit s, iptstate will pop up a prompt at the top of the
       window to ask you what you want to set it to.

       Note  that  like  many  UNIX  applications,  ctrl-G  will tell iptstate
       "nevermind" - it'll remove the prompt and forget you ever hit s.

       In most cases, a blank response means "clear" -  clear  the  source  IP
       filter, for example.

       At  anytime  while  iptstate  is  running,  you can hit h to get to the
       interactive help which will display all the current settings to you  as
       well give you a list of all interactive commands available.

       While  running,  space  will  immediately  update the display. Iptstate
       should gracefully handle all window resizes, but if it doesn't, you can
       force it to re-calculate and re-draw the screen with a ctrl-L.


       For  almost  any  user,  there  is no reason to turn off scrolling. The
       ability to turn this off - and especially the ability  to  toggle  this
       interactively - is done more for theoretical completeness than anything

       But,  nonetheless,  here  are  the  details.  Typically  in  a   curses
       application  you create a "window." Windows don't scroll, however. They
       are, at most, the  size  of  your  terminal.  Windows  provide  double-
       buffering to make refreshing as fast and seemless as possible. However,
       to enable scrolling, one has to use "pads" instead of windows. Pads can
       be bigger than the current terminal. Then all necessary data is written
       to the pad, and "scrolling" becomes a  function  of  just  showing  the
       right part of that pad on the screen.

       However,  pads  do  not  have the double-buffering feature that windows
       have. Thus, there _might_ be some case where for some user  using  some
       very  strange  machine,  having  scrolling  enabled  could  cause  poor
       refreshing. Given the nature  of  the  way  iptstate  uses  the  screen
       though,  I find this highly unlikely. In addition, the scrolling method
       uses a little more memory. However, iptstate is not a memory  intensive
       application, so this shouldn't be a problem even on low-memory systems.

       Nonetheless,  if this does negatively affect you, the option to turn it
       off is there.


       Anything other than 0 indicates and  error.  A  list  of  current  exit
       statuses are below:

       0      Success

       1      Bad command-line arguments

       2      Error communicating with the netfilter subsystem.

       3      Terminal too narrow


       We  don't  support  filtering  on  resolved names, and we don't support
       filtering on networks. IPv6 support is new and the  dynamic  formatting
       doesn't yet always handle IPv6 addresses as well as it should.


       All  bugs  should  be reported to Phil Dibowitz <phil AT ipom DOT com>.
       Please see the README and BUGS for more  information  on  bug  reports.
       Please read the WISHLIST before sending in features you hope to see.


       iptstate  does  a lot of work to try to fit everything on the screen in
       an easy-to-read way. However, in some cases, hostnames may need  to  be
       truncated  (in  lookup  mode). Similarly, IPv6 addresses may need to be
       truncated. The truncation of names happens from the  right  for  source
       because  you  most  likely know your own domain name, and from the left
       for destination because knowing your users are connection to  "mail.a."
       doesn't help much. However, for addresses, this is reversed.

       iptstate  does  not  automatically  handle  window-resizes while in the
       interactive help screen. If you do resize while  in  this  window,  you
       should  return  to  the main window, hit ctrl-L to re-calculate and re-
       draw the screen, and then, if you choose,  return  to  the  interactive

       iptstate  currently uses libnetfilter_conntrack to access the netfilter
       connection  state  table.  However,  older   versions   read   out   of
       /proc/net/ip_conntrack,  and  the current version can still be compiled
       to do this. This deprecated method can be racy on SMP systems, and  can
       hurt  performance  on  very  heavily  loaded firewalls. This deprecated
       method should be avoided - support will be removed in future versions.




       iptstate was written by Phil Dibowitz <phil AT ipom DOT com>

                                   JUNE 2012                       IPTSTATE(8)