Reputation: 201
Close established TCP connection on Linux
I am not able to find an answer to a simple thing I will try to achive: once a tcp connection is established to my linux server, let's say ssh / tcp 22 or x11 / tcp 6000 display -> how do I close this connection without killing the process (sshd / x11 display server). I saw also some suggestoin to use iptables, but it does not work for me, the connection is still visible in netstat -an. would be good if someone can point me to the right direction.
what I tried so far
tcpkill: kills the process, not good for me
iptables: does not close the established connection, but prevent further connections.
Thanks in adavnce DJ
Upvotes: 6
Views: 17618
Answers (3)
Reputation: 23774
using ss to check an terminate them
-K, --kill forcibly close sockets, display what was closed
### list them
ss -tp '( sport = :443 )'
### or
ss --tcp src :443
### terminate them
ss -K -tp '( sport = :443 )'
### or
ss --kill --tcp src :443
note: the first time ss -K is run , it kills and displays result, second time is run shows headers , no output; thus it appears that we have to run it twice but it is not the case, the first time it does
Tested on Debian 11
More How to terminate dead connections from the command line without restarting server
Upvotes: 2
Reputation: 842
tcpkill wont work, since it will only kill any new connection, it doesnt kill existing ESTABLISHED connections
heres how you remove an Established TCP connection
find the PID of the process and the IP of the client connecting, lets say you are on serverA and someone is connecting from serverB
root@A> netstat -tulpan | grep ssh | grep serverB
should see something like,
tcp 0 0 <serverA IP>:<port> <serverB>:<port> ESTABLISHED 221955/sshd
use lsof utility to get the File Descriptor of this connection using the parent PID
root@A> lsof -np 221995 | grep serverB IP
should see something like this
sshd 221955 <user> 17u IPv4 2857516568 0t0 TCP <serverA IP>:<port>-><serverB IP>:<port> (ESTABLISHED)
get the File Descriptor number (4th column) = 17u
use GDB to shut down this connection, w/out killing sshd
root@A> gdb -p 211955 --batch -ex 'call shutdown(17u, 2)'
should see something similar,
0x00007f0b138c0b40 in __read_nocancel () from /usr/lib64/libc.so.6
$1 = 0
[Inferior 1 (process 211955) detached]
that TCP connection should now be closed
Upvotes: 2
Reputation: 201
Ok, I found at least one solution (killcx) which is working. Maybe we will be able to find an easier solution. Also, i saw the comment from "zb" - thanks - which might also work, but I was not able to find a working syntax, since this tool seems to be really useful but complex. So here is an example how to work with the 1. solution which is working for me:
netstat -anp | grep 22
output: tcp 0 0 192.168.0.82:22 192.168.0.77:33597 VERBUNDEN 25258/0
iptables -A INPUT -j DROP -s 192.168.0.77 (to prevent reconnect)
perl killcx.pl 192.168.0.77:33597 (to kill the tcp connection)
killcx can be found here: http://killcx.sourceforge.net/ it "steals" the connection from the foreign host (192.168.0.77) and close it. So that solution is working fine, but to complex to setup quickly if you are under stress. Here are the required packages:
apt-get install libnetpacket-perl libnet-pcap-perl libnet-rawip-perl
wget http://killcx.sourceforge.net/killcx.txt -O killcx.pl
however, would be good to have an easier solution.
Upvotes: 4
Related Questions
- Close TCP connection on Linux ungracefully
- How to kill a single TCP connection in Linux?
- How to close a TCP connection by port?
- How do I remove a CLOSE_WAIT socket connection?
- Closing a listening TCP socket in C
- Closing a server socket in C linux
- Close opened sockets in child process
- close active connection on linux base server
- Properly close a TCP socket
- close a socket from shell