Today I’ll show you two tools to be used int the terminal to monitor your network and the active connections: iptstate and pkstat
IPTState
IPTState is a top-like interface to your netfilter connection-tracking table.
Using iptstate you interactively watch where traffic crossing your netfilter/iptables firewall is going, sort by various criteria, limit the view by various criteria. But it doesn’t stop there: as of version 2.2.0 you can even delete states from the table!
The only requirements are a curses library (usually ncurses), and libnetfilter_conntrack version 0.0.50 or later.
iptstate displays information held in the IP Tables state table in real-time in a top-like format. Output can be sorted by any
field, or any field reversed. Users can choose to have the output only print once and exit, rather than the top-like system.
Refresh rate is configurable, IPs can be resolved to names, output can be formatted, the display can be filtered, and color coding
are among some of the many features.
IPTState is available in the Debian, Redhat, Fedora, Mandrake, Gentoo, FloppyFW, and many other distributions.
So on Ubuntu to install it just type in your terminal:
sudo aptitude install iptstate |
Basic usage
From the terminal write iptstate [options] (you must be root, or use sudo)
Where the options can be:
-c, --no-color - Toggle color-code by protocol -C, --counters - Toggle display of bytes/packets counters -d, --dst-filter IP- Only show states with a destination of IP Note, that this must be an IP, hostname matching is not yet supported. -D --dstpt-filter port - Only show states with a destination port of port -h, --help - Show help message -l, --lookup - Show hostnames instead of IP addresses -L, --no-dns - Skip outgoing DNS lookup states -f, --no-loopback - Filter states on loopback -r, --reverse - Reverse sort order -R, --rate seconds - Refresh rate, followed by rate in seconds. Note that this is for statetop mode, and not applicable for single-run mode (--single). -1, --single - Single run (no curses) -b, --sort column - This determines what column to sort by. Options: <ul> <li>S Source Port</li> <li>d Destination IP (or Name)</li> <li>D Destination Port</li> <li>p Protocol</li> <li>s State</li> <li>t TTL</li> <li>b Bytes</li> <li>P Packets</li> </ul> -s, --src-filter IP - Only show states with a source of IP. Note, that this must be an IP, hostname matching is not yet supported. -S, --srcpt-filter port - Only show states with a source port of port |
pktstat
pktstat displays a real-time list of active connections seen on a network interface, and how much bandwidth is being used. Partially decodes HTTP and FTP protocols to show what filename is being transferred. X11 application names are also shown.
pktstat is available in Debian and Ubuntu. So on Ubuntu to install it just type in your terminal:
sudo aptitude install pktstat |
To run pktstat, use the following command (you must be root, or use sudo):
pktstat -i eth0 |
Substitute eth0 with the ethernet card you want to watch, for me for example my wireless connection is on eth1.
Some of the options of pktstat are:
-B Display data rates in bytes per second (Bps) instead of in bits per second (bps). -F Show full hostnames. Normally, hostnames are truncated to the first component of their domain name before display. -i interface Listen on the given interface. If not specified, a suitable interface is chosen. -n Do not try and resolve hostnames or service port numbers. -p Show packet counts instead of bit counts. -P Do not try to put the interface into promiscuous mode. -t "Top" mode. Sorts the display by bit count (or packet count if -p was given) instead of by the name. -T Show bit (byte) totals for flows. -w waittime Refresh the display every waittime seconds. The default is 5 seconds. |
Popular Posts:
- How to convert YouTube Video to MP3 easily on GNU/Linux
- Nightingale a Beautiful music player for Linux
- Livarp – A lightweight Linux Distribution
- Linux shell: Dfc – Check your disk space with style
- 5 Comic Book Viewers for Linux
Find me on Google+
hmmm… qui da me ci vogliono:
_sudo_ iptstate
e
_sudo_ pktstat -i eth1
(nel senso che, se non sono superuser, mi rimbalza…)
Ciao, r.
Hai ragione, ho fatto le prove con un terminale di root e non ci ho fatto caso.
Modifico l’articolo.
Grazie
Hi,
I looked for (googled) “pkstat” and I can not find any web site to host it. May you give me the url of this project? Looks very useful.
Thanks,
You missed a t, the name is pktstat.
I’ve not found the main page of the project too, this is his man page: http://linux.die.net/man/1/pktstat
OK, thank you for your correction. I googled again and now I got this link where the source code could be obtained.
http://ftp.debian.org/pool/main/p/pktstat/
It compiled perfectly in my Fedora 13 box.
Thanks again.
see also: iptraf
I suggest using nethogs instead
Nice program, tested and reviewed in a new article http://www.linuxaria.com/pills/nethogs-iptraf-network?lang=en
Thanks for the info.