iptstate Command in Linux
The iptstate is a top-like command in Linux that displays the state table entries. The state table is a part of the iptables firewall, which contains the current status of network connections, including the protocol, source and destination IP addresses, connection state, and port numbers. Note that the state table is the connection tracking subsystem of the Linux kernel, which is utilized by iptables to manage network connections.
The iptstate provides a real-time, top-like display of information from the iptables state table. Output can be sorted or reversed by any field, set to print once and exit, and refreshed at a configurable rate. Additional features include IP resolution, output formatting, display filtering, and color coding.
Table of Contents
Here is a comprehensive guide to the options available with the iptstate command in Linux −
- Prerequisites for iptstate Command
- Syntax of iptstate Command
- iptstate Command Options
- Interactive Options of iptstate Command
- Examples of iptstate Command in Linux
Prerequisites for iptstate Command
By default, the iptstate command may not be installed on Linux. To check whether it is installed or not, use the following command −
iptstate --version
If the above command shows the command version, that means the iptstate is installed. If it does not display the version number then use the following instructions to install it.
To install the iptstate command on Ubuntu, Kali Linux, Raspberry Pi OS, Debian, and other Debian-based distributions, use the following command −
sudo apt install iptstate
To install it on Arch Linux, use −
sudo pacman -S iptstate
To install it on CentOS, use the command given below −
sudo yum install iptstate
To install iptstate on Fedora, use the following command −
sudo dnf install iptstate
Syntax of iptstate Command
The syntax of the Linux iptstate command is as follows −
iptstate [options]
The [options] argument is used to specify options to change the command’s behavior.
iptstate Command Options
The options of the iptstate command are listed below −
| Flags | Options | Description |
|---|---|---|
| -1 | --single | Run once, without curses mode |
| -b column | --sort column | Sort by column (S: Source Port, d: Destination IP, D: Destination Port, p: Protocol, s: State, t: TTL, b: Bytes, P: Packets) |
| -C | --counters | Toggle the display of bytes per packet counters |
| -c | --no-color | Toggle color-code by protocol |
| -d IP | --dst-filter IP | Show states with destination IP (hostname not supported) |
| -D port | --dstpt-filter port | Show states with destination port |
| -f | --no-loopback | Filter loopback states |
| -h | --help | Display help for the command |
| -l | --lookup | Display hostnames instead of IPs |
| -L | --no-dns | Skip ongoing DNS lookup state |
| -m | --mark-truncated | Mark truncated hostnames with + |
| -o | --no-dynamic | Toggle dynamic formatting |
| -p | --no-scroll | Disable scrolling |
| -r | --reverse | Reverse sort order |
| -R seconds | --rate=seconds | Set refresh rate in seconds (not for single-run mode) |
| -s IP | --src-filter IP | Show states with source IP (hostname not supported) |
| -S port | --srcpt-filter port | Show states with source port |
| -t | --totals | Toggle display of totals |
Interactive Options of iptstate Command
The iptstate command can also be used interactively from version 2.0. For example, pressing b while running iptstate cycles sorting through columns, just like using -b on the command line. Similarly, t toggles the totals display, and so on.
The interactive options are listed below −
- B − Sort by the previous column
- q − Quit
- x − Delete the highlighted state from the conntrack table
To navigate use the following keys −
- Up/j − Move up one line
- Down/k − Move down one line
- Left/h − Move left one column
- Right/l − Move right one column
- PageUp/^u − Move up a page
- PageDown/^d − Move down a page
- Home − Go to the top
- End − Go to the end
When prompted, enter the desired value. A blank entry clears the filter, and Ctrl-G cancels the prompt. Press h for interactive help, showing all settings and commands. Pressing space refreshes the display immediately, and Ctrl-L forces a screen redraw in case of window resize issues.
Examples of iptstate Command in Linux
This section demonstrates the usage of the iptstate command in Linux with examples −
Displaying the Active Connections
To display the active connections, use the iptstate command with sudo privileges −
sudo iptstate
Displaying the Active Connections Once and Exit
To display the active connections once, use the -1 or --single option −
sudo iptstate -1
Displaying Connections for a Specific Source IP
To display connections from a specific source IP, use the -s or --src-filter option −
sudo iptstate -s 192.168.64.1
Filtering Connections by Destination IP
To show only connections with a specific destination IP, use the -d or --dst-filter option −
sudo iptstate -d 192.178.24.164
Sorting by Protocol
To sort the output by a protocol such as TCP or UDP, use the -b or --sort option with p as column argument.
sudo iptstate -b p
Other column arguments are listed below −
- S − Source Port
- d − Destination IP
- D − Destination Port
- s − State
- t − TTL
- b − Bytes
- P − Packets
While running interactively, pressing b cycles through sorting options, including protocol.
Toggling Display of Totals
To toggle the display of totals, use the -t or --totals options −
sudo iptstate -t
In interactive mode, pressing t also toggles the display of totals.
Disabling Color Output
To disable color-coding by the protocol in the output, use the -c or --no-color option −
sudo iptstate -c
Changing Refresh Rate
To set the refresh rate, use the -R, or --rate option with time in seconds −
sudo iptstate -R 5
This option adjusts how often the display is refreshed in real time.
Skipping DNS Lookup
To skip resolving IP addresses to hostnames, use the -L or --no-dns option −
sudo iptstate -L
This prevents the iptstate command from performing DNS lookups, displaying raw IP addresses instead.
Displaying Help
To display help related to the command, use the -h or --help option −
sudo iptstate -h
When in an interactive session, pressing h displays the help.
Conclusion
The iptstate command in Linux provides a real-time, top-like display of active network connections managed by the iptables firewall. It shows details such as protocol, source and destination IPs, connection state, and port numbers. The command supports various features like sorting, filtering, color-coding, and customizing the refresh rate. It can be used both interactively and non-interactively, allowing quick viewing and management of connection states.
In this tutorial, we explained the usage of the iptstate command, its installation, syntax, options, and usage in Linux with examples.