Technical Documentation

Using the sctop Utility (CLI Procedure)

Purpose

You use the sctop command to monitor session information.

Action

To connect to the command-line interface and use the sctop utility:

  1. Use SSH to connect to the IP address or hostname for the management interface.
  2. Log into the CLI as admin and enter su - to switch to root.
  3. At the secure shell, define the IDPDIR: 
    IDPDIR=/usr/idp 
    export IDPDIR

    Note: Bash is the default shell and bash commands are shown in the example. If you use a different shell, use the equivalent commands.

  4. At the command-line, type sctop to enter the sctop environment.

    Note: For IDP8200, you also specify the IDP engine (0 through 5). For example, use sctop 0 to enter the sctop environment for IDP engine 0 and sctop 1 to enter the sctop environment for IDP engine 1.

  5. Press alphabetic keyboard keys to display the desired report. You can press numeric keys to sort report data.

    Table 1 describes the function of keyboard keys within the sctop environment.

    Table 1: Command Key Reference: sctop Utility

    Key

    Function

    a

    Displays the ARP/MAC table.

    b

    Displays the table.

    c

    Displays the ICMP flow table.

    d

    Displays a strip chart, a text-based chart for packets per second, Kbps, and sessions.

    e

    Displays rulebase statistics.

    f

    Displays fragment chains.

    g

    Displays aggregate statistics.

    h

    Displays help for the sctop utility.

    i

    Displays the IP flow table. The IP flow table includes flows not accounted for in the ICMP, TCP, or UDP flow tables.

    k

    Displays attack statistics.

    l

    Displays qmodule statistics.

    m

    Displays system memory statistics.

    o

    Displays the flow table for flows that triggered the APE rulebase rate-limiting action.

    p

    Displays Spanning Tree Protocol (STP) information.

    r

    Displays the RPC program table.

    s

    Displays IDP device status.

    t

    Displays the TCP flow table.

    u

    Displays the UDP flow table.

    v

    Sorts in reverse order.

    w

    Displays HA status.

    x

    Displays the RPC XID table.

    y

    Displays IDS cache statistics.

    z

    Displays packet distribution.

    0

    Disables sorting.

    1

    Sorts by bytes per session.

    2

    Sorts by packets per session.

    3

    Sorts by expiration.

    4

    Sort by service.

    5

    Sorts by destination port.

    6

    Sorts by source address.

    7

    Sorts by destination address.

Tip: You can also display flow tables with the scio var command. With the scio var command, you can use the -f option to save the output of the table to a file.

Published: 2010-01-12