Kill an established TCP connection in Linux

networkSometimes I need to kill an established TCP session especially the long time running TCP connections that doing barely nothing, without killing the process that opens it.

How to kill an ESTABLISHED TCP connection in Linux?

There are basically two ways, using tcpkill or killcx.

Solution 1: tcpkill (passive mechanism)

With the help of a simple tool called tcpkill, we can kill TCP connections with active traffic easily.

tcpkill -i eth0 { expression }  #The expression can be an IP address

When started it, it listens on a wire for any traffic matching the expression filter (compatible with tcpdump expressions). When it sniffs related traffic, tcpkill tries to learn about the TCP ACK and SEQ numbers. Once it knows the numbers it spoofs a TCP segments and try to reset the TCP session on both sides.

If the TCP session is idle or in generic there is no data being exchanged, then this tool is not going to work.

Solution 2: killcx (active mechanism)

Killcx is taking a different approach and tries to generate traffic on the wire to discover what the ACK and SEQ numbers are. Once it forces the peer to reply to its spoofed traffic it kills the TCP session immediately.

killcx.pl dest_ip:dest_port
Share Button

Leave a comment

Your email address will not be published. Required fields are marked *