Filtering

Mihai Varzaru

The list of connections can be filtered either by connection state or using a custom filter. There is the option to view only established connections using the menu View\Not Established Connection, the Established toolbar button or the Ctrl+Shift+E keyboard shortcut. Usually established connections are the ones with current activity.

With custom filters you can select exactly what connections to view in netactview interface. The string you write in the filter box is searched against all the connections and only the connections that contain it's elements are shown in the interface. In order to use custom filters you either click the Edit\Filter menu or use the Ctrl+F keyboard shortcut.

With the default options all the words you write in the custom filter are searched in the list of connections. Only the connections that contain all the words are returned. The order of the words is not important. For more control operators can be used (the !("") button). When you check operators you can specify exactly the logical conditions to apply to the words you search.

Filter operators:

  • Space is logical And. Ex: 'firefox yahoo.com' shows all firefox connections to yahoo.com.
  • OR is logical Or. Ex: 'firefox OR pidgin' shows both connections of firefox and connections of pidgin.
  •  ! is logical Not. Ex: '!transmission' does not show any transmission connections.
  • () are used for grouping. Ex: 'firefox (yahoo OR google)' shows all firefox connections to either yahoo or google.
  • "" are used for phrases. Ex: '" 80 www " "wget -c"' shows all http connections of wget that was started with the -c option.

Things to take into account:

  • If you want to include " in the search you will have to double it inside a phrase. Ex: '"wget -c ""file path""" shows only connections that include the phrase 'wget -c "file path"'.
  • If you use incorrectly operators they will be ignored. Ex: '"tcp ((firefox OR pidgin' is actually equivalent with: 'tcp firefox OR pidgin' as the quote and group start are ignored. 'tcp ! OR firefox' is actually 'tcp !firefox' as the out of place OR is ignored.
  • Default filter search is case sensitive. If you want not to write the words with the exact case depress the 'Aa' button. Ex: 'listen' is likely to show nothing if case sensitive is pushed. Without it it will show the connections with the state 'LISTEN'.
  • All columns have 3 spaces before and after the text. You can use this space as a marker for the beginning and end of the column text. Ex: "   80 www   " is very likely to strictly refer to http connections as only the command can contain that many spaces and is very unlikely to have a command with 3 space before and after '80 www'. With the default column order you can also use this to differentiate local and remote ports: "tcp   4567 " will find all tcp connections that use your local port 4567.
  • There is no way to specify the column name.

Related

Wiki: Main_Page