Today I’ll show you two tools to be used int the terminal to monitor your network and the active connections: iptstate and pkstat
IPTState is a top-like interface to your netfilter connection-tracking table.
Using iptstate you interactively watch where traffic crossing your netfilter/iptables firewall is going, sort by various criteria, limit the view by various criteria. But it doesn’t stop there: as of version 2.2.0 you can even delete states from the table!
The only requirements are a curses library (usually ncurses), and libnetfilter_conntrack version 0.0.50 or later.
iptstate displays information held in the IP Tables state table in real-time in a top-like format. Output can be sorted by any
field, or any field reversed. Users can choose to have the output only print once and exit, rather than the top-like system.
Refresh rate is configurable, IPs can be resolved to names, output can be formatted, the display can be filtered, and color coding
are among some of the many features.
IPTState is available in the Debian, Redhat, Fedora, Mandrake, Gentoo, FloppyFW, and many other distributions.
So on Ubuntu to install it just type in your terminal:
sudo aptitude install iptstate
From the terminal write iptstate [options] (you must be root, or use sudo)
Where the options can be:
-c, --no-color - Toggle color-code by protocol -C, --counters - Toggle display of bytes/packets counters -d, --dst-filter IP- Only show states with a destination of IP Note, that this must be an IP, hostname matching is not yet supported. -D --dstpt-filter port - Only show states with a destination port of port -h, --help - Show help message -l, --lookup - Show hostnames instead of IP addresses -L, --no-dns - Skip outgoing DNS lookup states -f, --no-loopback - Filter states on loopback -r, --reverse - Reverse sort order -R, --rate seconds - Refresh rate, followed by rate in seconds. Note that this is for statetop mode, and not applicable for single-run mode (--single). -1, --single - Single run (no curses) -b, --sort column - This determines what column to sort by. Options: <ul> <li>S Source Port</li> <li>d Destination IP (or Name)</li> <li>D Destination Port</li> <li>p Protocol</li> <li>s State</li> <li>t TTL</li> <li>b Bytes</li> <li>P Packets</li> </ul> -s, --src-filter IP - Only show states with a source of IP. Note, that this must be an IP, hostname matching is not yet supported. -S, --srcpt-filter port - Only show states with a source port of port
pktstat displays a real-time list of active connections seen on a network interface, and how much bandwidth is being used. Partially decodes HTTP and FTP protocols to show what filename is being transferred. X11 application names are also shown.
pktstat is available in Debian and Ubuntu. So on Ubuntu to install it just type in your terminal:
sudo aptitude install pktstat
To run pktstat, use the following command (you must be root, or use sudo):
pktstat -i eth0
Substitute eth0 with the ethernet card you want to watch, for me for example my wireless connection is on eth1.
Some of the options of pktstat are:
-B Display data rates in bytes per second (Bps) instead of in bits per second (bps). -F Show full hostnames. Normally, hostnames are truncated to the first component of their domain name before display. -i interface Listen on the given interface. If not specified, a suitable interface is chosen. -n Do not try and resolve hostnames or service port numbers. -p Show packet counts instead of bit counts. -P Do not try to put the interface into promiscuous mode. -t "Top" mode. Sorts the display by bit count (or packet count if -p was given) instead of by the name. -T Show bit (byte) totals for flows. -w waittime Refresh the display every waittime seconds. The default is 5 seconds.