phpMan

/* Void Main's man pages */

{ phpMan } else { main(); }

IPTSTATE(8) IPTSTATE(8)

NAME
iptstate - A top-like display of IP Tables state table entries

SYNOPSIS
iptstate [<options>]

DESCRIPTION
iptstate displays information held in the IP Tables state table in real-time in a top-like format. Output can be sorted
by any field, or any field reversed. Users can choose to have the output only print once and exit, rather than the top-
like system. Refresh rate is configurable, IPs can be resolved to names, output can be formatted, the display can be fil-
tered, and color coding are among some of the many features.

COMMAND-LINE OPTIONS
-c, --no-color
Toggle color-code by protocol

-C, --counters
Toggle display of bytes/packets counters

-d, --dst-filter IP
Only show states with a destination of IP Note, that this must be an IP, hostname matching is not yet supported.

-D --dstpt-filter port
Only show states with a destination port of port

-h, --help
Show help message

-l, --lookup
Show hostnames instead of IP addresses

-m, --mark-truncated
Mark truncated hostnames with a '+'

-o, --no-dynamic
Toggle dynamic formatting

-L, --no-dns
Skip outgoing DNS lookup states

-f, --no-loopback
Filter states on loopback

-p, --no-scroll
No scrolling (don't use a "pad"). See SCROLLING AND PADS for more information.

-r, --reverse
Reverse sort order

-R, --rate seconds
Refresh rate, followed by rate in seconds. Note that this is for statetop mode, and not applicable for single-run
mode (--single).

-1, --single
Single run (no curses)

-b, --sort column
This determines what column to sort by. Options:
S Source Port
d Destination IP (or Name)
D Destination Port
p Protocol
s State
t TTL
b Bytes
P Packets
To sort by Source IP (or Name), don't use -b. Sorting by bytes/packets is only available for kernels that support
it, and only when compiled against libnetfilter_conntrack (the default).

-s, --src-filter IP
Only show states with a source of IP. Note, that this must be an IP, hostname matching is not yet supported.

-S, --srcpt-filter port
Only show states with a source port of port

-t, --totals
Toggle display of totals

INTERACTIVE OPTIONS
As of version 2.0, all command-line options are now available interactively using the same key as the short-option. For
example, --sort is also -b, so while iptstate is running, hitting b will change the sorting to the next column. Simi-
larly, t toggles the display of totals, and so on.

There are also extra interactive options: B - change sorting to previous column (opposite of b); q - quit; and x - delete
the currently highlighted state from the netfilter conntrack table.

Additionally, the following keys are used to navigate within iptstate:

Up or j - Move up one line

Down or k - Move down one line

Left or h - Move left one column

Right or l - Move right one column

PageUp or ^u - Move up one page

PageDown or ^d - Move down one page

Home - Go to the top

End - Go to the end

In many cases, iptstate needs to prompt you in order to change something. For example, if you want to set or change the
source-ip filter, when you hit s, iptstate will pop up a prompt at the top of the window to ask you what you want to set
it to.

Note that like many UNIX applications, ctrl-G will tell iptstate "nevermind" - it'll remove the prompt and forget you
ever hit s.

In most cases, a blank response means "clear" - clear the source IP filter, for example.

At anytime while iptstate is running, you can hit h to get to the interactive help which will display all the current
settings to you as well give you a list of all interactive commands available.

While running, space will immediately update the display. Iptstate should gracefully handle all window resizes, but if it
doesn't, you can force it to re-calculate and re-draw the screen with a ctrl-L.

SCROLLING AND PADS
For almost any user, there is no reason to turn off scrolling. The ability to turn this off - and especially the ability
to toggle this interactively - is done more for theoretical completeness than anything else.

But, nonetheless, here are the details. Typically in a curses application you create a "window." Windows don't scroll,
however. They are, at most, the size of your terminal. Windows provide double-buffering to make refreshing as fast and
seemless as possible. However, to enable scrolling, one has to use "pads" instead of windows. Pads can be bigger than the
current terminal. Then all necessary data is written to the pad, and "scrolling" becomes a function of just showing the
right part of that pad on the screen.

However, pads do not have the double-buffering feature that windows have. Thus, there _might_ be some case where for some
user using some very strange machine, having scrolling enabled could cause poor refreshing. Given the nature of the way
iptstate uses the screen though, I find this highly unlikely. In addition, the scrolling method uses a little more mem-
ory. However, iptstate is not a memory intensive application, so this shouldn't be a problem even on low-memory systems.

Nonetheless, if this does negatively affect you, the option to turn it off is there.

EXIT STATUS
Anything other than 0 indicates and error. A list of current exit statuses are below:

0 Success

1 Bad command-line arguments

2 Error communicating with the netfilter subsystem.

3 Terminal too narrow

BUGS
There are no known bugs at this time.

BUG REPORTS
All bugs should be reported to Phil Dibowitz <phil AT ipom DOT com>. Please see the README and BUGS for more information
on bug reports. Please read the WISHLIST before sending in features you hope to see.

NOTES
iptstate does a lot of work to try to fit everything on the screen in an easy-to-read way. However, in some cases, host-
names may need to be truncated in lookup mode. The truncation of names in lookup mode happens from the right for source
because you most likely know your own domain name, and from the left for destination because knowing your users are con-
nection to "mail.a." doesn't help much.

iptstate does not automatically handle window-resizes while in the interactive help screen. If you do resize while in
this window, you should return to the main window, hit ctrl-L to re-calculate and re-draw the screen, and then, if you
choose, return to the interactive help.

iptstate currently uses libnetfilter_conntrack to access the netfilter connection state table. However, older versions
read out of /proc/net/ip_conntrack, and the current version can still be compiled to do this. This deprecated method can
be racy on SMP systems, and can hurt performance on very heavily loaded firewalls. This deprecated method should be
avoided - support will be removed in future versions.