Iptstate, Pktstat – Network stats

iptstate-2.0-lookup-ss

Today I’ll show you two tools to be used int the terminal to monitor your network and the active connections: iptstate and pkstat

IPTState

IPTState is a top-like interface to your netfilter connection-tracking table.

Using iptstate you interactively watch where traffic crossing your netfilter/iptables firewall is going, sort by various criteria, limit the view by various criteria. But it doesn’t stop there: as of version 2.2.0 you can even delete states from the table!

The only requirements are a curses library (usually ncurses), and libnetfilter_conntrack version 0.0.50 or later.

iptstate displays information held in the IP Tables state table in real-time in a top-like format. Output can be sorted by any

field, or any field reversed. Users can choose to have the output only print once and exit, rather than the top-like system.

Refresh rate is configurable, IPs can be resolved to names, output can be formatted, the display can be filtered, and color coding

are among some of the many features.

IPTState is available in the Debian, Redhat, Fedora, Mandrake, Gentoo, FloppyFW, and many other distributions.

So on Ubuntu to install it just type in your terminal:

sudo aptitude install iptstate

Basic usage

From the terminal write iptstate [options] (you must be root, or use sudo)

Where the options can be:

-c, --no-color -  Toggle color-code by protocol
-C, --counters  - Toggle display of bytes/packets counters
-d, --dst-filter IP-  Only  show  states with a destination of IP Note, that this must be an IP, hostname matching is not yet supported.
-D --dstpt-filter port -  Only show states with a destination port of port
-h, --help - Show help message
-l, --lookup - Show hostnames instead of IP addresses
-L, --no-dns - Skip outgoing DNS lookup states
-f, --no-loopback - Filter states on loopback
-r, --reverse - Reverse sort order
-R, --rate seconds - Refresh rate, followed by rate in seconds. Note that this is for statetop  mode,  and  not   applicable   for   single-run   mode (--single).
-1, --single - Single run (no curses)
-b, --sort column - This determines what column to sort by. Options:
<ul>
	<li>S Source Port</li>
	<li>d Destination IP (or Name)</li>
	<li>D Destination Port</li>
	<li>p Protocol</li>
	<li>s State</li>
	<li>t TTL</li>
	<li>b Bytes</li>
	<li>P Packets</li>
</ul>
-s, --src-filter IP - Only show states with a source of IP. Note, that this must be an IP, hostname matching is not yet supported.
-S, --srcpt-filter port - Only show states with a source port of port

pktstat

pktstat_1

pktstat displays a real-time list of active connections seen on a network interface, and how much bandwidth is being used. Partially decodes HTTP and FTP protocols to show what filename is being transferred. X11 application names are also shown.

pktstat is available in Debian and Ubuntu. So on Ubuntu to install it just type in your terminal:

sudo aptitude install pktstat

To run pktstat, use the following command (you must be root, or use sudo):

pktstat -i eth0

Substitute eth0 with the ethernet card you want to watch, for me for example my wireless connection is on eth1.

Some of the options of pktstat are:

-B Display data rates in bytes per second (Bps) instead of in bits per second (bps).
-F Show full hostnames. Normally, hostnames are truncated to the first component of their domain name before display.
-i interface Listen on the given interface. If not specified, a suitable interface is chosen.
-n Do not try and resolve hostnames or service port numbers.
-p Show packet counts instead of bit counts.
-P Do not try to put the interface into promiscuous mode.
-t "Top" mode. Sorts the display by bit count (or packet count if -p was given) instead of by the name.
-T Show bit (byte) totals for flows.
-w waittime Refresh the display every waittime seconds. The default is 5 seconds.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s