oracular (8) iptstate.8.gz

Provided by: iptstate_2.2.7-0.1_amd64 bug

NAME

       iptstate - A top-like display of IP Tables state table entries

SYNOPSIS

       iptstate [<options>]

DESCRIPTION

       iptstate displays information held in the IP Tables state table in real-time in a top-like
       format.  Output can be sorted by any field, or any field reversed.  Users  can  choose  to
       have the output only print once and exit, rather than the top-like system. Refresh rate is
       configurable, IPs can be resolved to names, output can be formatted, the  display  can  be
       filtered, and color coding are among some of the many features.

COMMAND-LINE OPTIONS

       -c, --no-color
              Toggle color-code by protocol

       -C, --counters
              Toggle display of bytes/packets counters

       -d, --dst-filter IP[/NETMASK]
              Only show states with a destination of IP and with optional NETMASK.
              Note, that this must be an IP, hostname matching is not yet supported.

       -D --dstpt-filter port
              Only show states with a destination port of port

       -h, --help
              Show help message

       -i, --invert-filters
              Invert filters to display non-matching results

       -l, --lookup
              Show  hostnames  instead  of  IP  addresses.  Enabling  this will also enable -L to
              prevent an ever-growing number of DNS requests.

       -m, --mark-truncated
              Mark truncated hostnames with a '+'

       -o, --no-dynamic
              Toggle dynamic formatting

       -L, --no-dns
              Skip outgoing DNS lookup states

       -f, --no-loopback
              Filter states on loopback

       -p, --no-scroll
              No scrolling (don't use a "pad"). See SCROLLING AND PADS for more information.

       -r, --reverse
              Reverse sort order

       -R, --rate seconds
              Refresh rate, followed by rate in seconds. Note that this is for statetop mode, and
              not applicable for single-run mode (--single).

       -1, --single
              Single run (no curses)

       -b, --sort column
              This determines what column to sort by. Options:
                   S Source Port
                   d Destination IP (or Name)
                   D Destination Port
                   p Protocol
                   s State
                   t TTL
                   b Bytes
                   P Packets
              To  sort  by  Source  IP  (or Name), don't use -b. Sorting by bytes/packets is only
              available  for  kernels  that  support  it,  and   only   when   compiled   against
              libnetfilter_conntrack (the default).

       -s, --src-filter IP[/NETMASK]
              Only show states with a source of IP and with optional NETMASK.
              Note, that this must be an IP, hostname matching is not yet supported.

       -S, --srcpt-filter port
              Only show states with a source port of port

       -t, --totals
              Toggle display of totals

INTERACTIVE OPTIONS

       As of version 2.0, all command-line options are now available interactively using the same
       key as the short-option. For example, --sort is also -b, so  while  iptstate  is  running,
       hitting  b will change the sorting to the next column. Similarly, t toggles the display of
       totals, and so on.

       There are also extra interactive options: B - change sorting to previous column  (opposite
       of  b);  q  -  quit;  and  x  -  delete the currently highlighted state from the netfilter
       conntrack table.

       Additionally, the following keys are used to navigate within iptstate:

       Up or j - Move up one line

       Down or k - Move down one line

       Left or h - Move left one column

       Right or l - Move right one column

       PageUp or ^u - Move up one page

       PageDown or ^d - Move down one page

       Home - Go to the top

       End - Go to the end

       In many cases, iptstate needs to prompt you in order to change something. For example,  if
       you  want  to  set  or change the source-ip filter, when you hit s, iptstate will pop up a
       prompt at the top of the window to ask you what you want to set it to.

       Note that like many UNIX applications, ctrl-G  will  tell  iptstate  "nevermind"  -  it'll
       remove the prompt and forget you ever hit s.

       In most cases, a blank response means "clear" - clear the source IP filter, for example.

       At  anytime  while iptstate is running, you can hit h to get to the interactive help which
       will display all the current settings to you as well give you a list  of  all  interactive
       commands available.

       While  running,  space  will  immediately  update  the display. Iptstate should gracefully
       handle all window resizes, but if it doesn't, you can force it to re-calculate and re-draw
       the screen with a ctrl-L.

       Note  that  hitting  l  to  enable hostname resolution while in interactive mode will also
       enable L to skip all DNS entries (to prevent an ever-growing number of DNS requests).

SCROLLING AND PADS

       For almost any user, there is no reason to turn off scrolling. The ability  to  turn  this
       off  -  and  especially  the  ability  to  toggle  this  interactively  - is done more for
       theoretical completeness than anything else.

       But, nonetheless, here are the details. Typically in a curses  application  you  create  a
       "window."  Windows  don't  scroll,  however. They are, at most, the size of your terminal.
       Windows provide double-buffering to make refreshing as  fast  and  seemless  as  possible.
       However, to enable scrolling, one has to use "pads" instead of windows. Pads can be bigger
       than the current terminal. Then all necessary data is written to the pad, and  "scrolling"
       becomes a function of just showing the right part of that pad on the screen.

       However,  pads  do  not  have  the double-buffering feature that windows have. Thus, there
       _might_ be some case where for some user using some very strange machine, having scrolling
       enabled  could cause poor refreshing. Given the nature of the way iptstate uses the screen
       though, I find this highly unlikely. In addition, the scrolling method uses a little  more
       memory.  However,  iptstate  is not a memory intensive application, so this shouldn't be a
       problem even on low-memory systems.

       Nonetheless, if this does negatively affect you, the option to turn it off is there.

EXIT STATUS

       Anything other than 0 indicates and error. A list of current exit statuses are below:

       0      Success

       1      Bad command-line arguments

       2      Error communicating with the netfilter subsystem.

       3      Terminal too narrow

BUGS

       We don't support filtering on  resolved  names.  IPv6  support  is  new  and  the  dynamic
       formatting doesn't yet always handle IPv6 addresses as well as it should.

BUG REPORTS

       All bugs should be reported to Phil Dibowitz <phil AT ipom DOT com>. Please see the README
       and BUGS for more information on bug reports. Please read the WISHLIST before  sending  in
       features you hope to see.

NOTES

       iptstate does a lot of work to try to fit everything on the screen in an easy-to-read way.
       However, in some cases, hostnames may need to be truncated (in  lookup  mode).  Similarly,
       IPv6  addresses  may  need to be truncated. The truncation of names happens from the right
       for source because you most likely know your own  domain  name,  and  from  the  left  for
       destination  because  knowing  your  users  are connection to "mail.a." doesn't help much.
       However, for addresses, this is reversed.

       iptstate does not automatically  handle  window-resizes  while  in  the  interactive  help
       screen.  If  you do resize while in this window, you should return to the main window, hit
       ctrl-L to re-calculate and re-draw the screen, and then, if  you  choose,  return  to  the
       interactive help.

       iptstate  currently  uses  libnetfilter_conntrack to access the netfilter connection state
       table. However, older versions read out of /proc/net/ip_conntrack, and the current version
       can  still  be compiled to do this. This deprecated method can be racy on SMP systems, and
       can hurt performance on very heavily loaded firewalls. This deprecated  method  should  be
       avoided - support will be removed in future versions.

SEE ALSO

       iptables(8)

AUTHOR

       iptstate was written by Phil Dibowitz <phil AT ipom DOT com>
       http://www.phildev.net/iptstate/

                                            JUNE 2012                                 IPTSTATE(8)