11

I'm trying to kill an ESTABLISHED TCP connection using tcpkill. The connection is an open HTTPS connection. It appears on netstat as:

tcp        0      0 X.X.X.X:55601         X.X.X.X:https    ESTABLISHED

So, as per the man page, I enter:

$ tcpkill -i eth1 -9 port 443

The tcpkill utility outputs:

tcpkill: listening on eth1 [port 443]

...and then just hangs. After waiting for about 15 minutes, I'm not sure what's going on here.

Am I doing something wrong?

Charles Salvia
  • 213
  • 1
  • 2
  • 7

2 Answers2

11

For tcpkill to work (i.e., craft a reset packet that has the correct sequence number and source port), there must be traffic. If nothing more is printed then there is no traffic. To verify you could run tcpdump -i eth1 port 443.

Mark Wagner
  • 17,764
  • 2
  • 30
  • 47
3

I had to kill an established connection on which there was no traffic (a debug session on a JVM).

tcpkill as explained in @Mark Wagner answer could not do it, however killcx 1.0.3 (link) did (Ubuntu 10.04).

It is a perl script that has a dependency on a few libraries.

Edit

On a connection that could not be killed with killcx the combination of both tcpkill and killcx did it:

Say the connection if from LOCAL:PORTL to REMOTE:PORTR

  • In a terminal start tcpkill: tcpkill port PORTL. Tcpkill will start listening for traffic
  • In a second terminal launch killcx: killcx REMOTE:PORTR
Bruno Grieder
  • 201
  • 2
  • 3