cd /usr/iwss/

./stpeek -[Fxh] [-m count] [-n period] [-w filename]
Prints, in tab separated format, the status of each proxied
transaction that is actively handled by IWSS ftp or http proxy
New sessions that are queued will not be displayed
Options:

        'F' - print session table for the FTP proxy process
        'x' - Don't copy the session table shared memory to process local memory before printing - NOT RECOMMENDED
        'h' - Print this informational page
        'm' - Print the session table a maximum of [count] times, every [period] seconds.
           Default is to print only print the table once.  To change [period] use the 'n' option
        'n' - Specify the [period] of seconds to peek at the session table.  Default is 5 seconds
        'w' - Print session table output to the file specified in [filename] instead of to the console

Columns printed:

        SEQ:PID or CPID:PPID - The sequence number and process number of the state object attached to
                this session.  For process-per-session mode daemons this is replaced by the child process
                and parent process pids
        STATUS - The current status of the transaction.  Supported values include:
                DISCON - Not connected.  These nodes are normally never displayed
                RCV_REQ - Waiting for incoming client HTTP or ICAP request
                DNS - Resolving the domain name of the HTTP server
                CON_SRV - Connecting to the HTTP server
                SND_REQ - Relaying the complete client request to the HTTP server
                PRL_REQ - Relaying the client request to the HTTP server before
                        the request has been completely received by IWSS
                RCV_RSP - Receiving the HTTP response from the server
                SND_RSP - Relaying the complete HTTP or ICAP response from the server to the client
                PRL_RSP - Relaying the partial HTTP response from the server to the client
                        before the entire response has been received by IWSS
                SND_100 - Sending a 100 Continue HTTP or ICAP response to the client
                TUNNEL - The session is an unexamined HTTPS or non-HTTP protocol transaction
                        which is tunneled by IWSS
                FTPHTTP - An FTP over HTTP transaction
                TXDONE - Transaction is complete but not yet reset
                PRL_ICAP - Sending an ICAP response before the complete ICAP request has been
                        received by IWSS
                FTP_CMD - Handling the command channel for an FTP session
                CON_CMD - Connecting the command channel to the FTP server - includes DNS
                DC_SRV - Connecting the passive-mde data channel to the FTP server
                DC_CLT - Connecting the active-mode data channel to the FTP client
                DL_SRV - Waiting for an active-node data connection from the FTP server
                DL_CLT - Waiting for the passive-mode data connection from the FTP client
                FTP_UL - Performing an FTP upload
                FTP_DL - Performing an FTP download
                PS_TXLOG - Writing the transaction log
                PS_AQINF - Preparing access quota info
                PS_AQENF - Enforcing the access quota
                PS_URLS - Checking URL lists
                PS_RATE - Performing TMUFE/WRS score query
                PS_PLUGIN - Running PreScan plugins
                PS_SKIP - Checking skip-scan rules
                SC_VIRUS - Performing virus/spyware scan
                SC_AAXS - Performing AAXS scan
                SC_ITL - Perfoming IntelliTunnel scan
        C_SOCK - Descriptor number of the client socket
        CLIENT_ADDR - IPv4 address of the client connection
        S_SOCK - Descriptor number of the server socket.  For FTP proxy this is only the
                command channel.  For ICAP this is unused.
        SERVER_ADDR - IPv4 address of the server connection.  For FTP proxy this is
                only the command channel.  For ICAP this is unused.
        LCL_PORT - The local port number used for the server connection
        STAGE - The current stage handling the session.  This is only used in WorkQueue
                daemons, designated by command line option -m for the proxy process
        STGTIME - The number of seconds the session has been in the current stage.
                This is only used in WorkQueue daemons, designated by command line option
                -m for the proxy process
        CONTIME - The number of seconds that this client session has been actively handled
        IOWAIT - The number of milliseconds since the last I/O event related to this session was handled
        THRUBYTE - The number of bytes written to any socket during this transaction
        THRUPUT - The number of bytes per second written during the current transaction
        FLAGS - Flags set for this session.  Currently supported flags:
                IDL - The session is idle, waiting for a client request
                SSL - The session is HTTPS
                SKP - Scanning of this transaction has been skipped due to configuration
                TBP - The session is non-HTTP binary protocol tunneled over port 80