最後更新: 2019-03-21

介紹

Use tcpkill command to kill specified in-progress TCP connections.

 * 它會 listen 在某 interface 上, 之後當那 tcp connection 再到 server 時, 就會 kill 了它.

tcpkill -i ens4 port 9001

Output

192.168.88.177:61336 > 192.168.88.150:9001: R 105686299:105686299(0) win 0
192.168.88.177:61336 > 192.168.88.150:9001: R 105702989:105702989(0) win 0
192.168.88.177:61336 > 192.168.88.150:9001: R 105736369:105736369(0) win 0
192.168.88.150:9001 > 192.168.88.177:61336: R 1407857911:1407857911(0) win 0
192.168.88.150:9001 > 192.168.88.177:61336: R 1407858026:1407858026(0) win 0
192.168.88.150:9001 > 192.168.88.177:61336: R 1407858256:1407858256(0) win 0 

 * 所以千萬不要用在 port 22 !!

Install

# epel

yum -y install dsniff

# ubuntu

apt-get install dsniff

Usage

tcpkill [-i interface] [-1...9] expression

 * 它會 "device eth1 entered promiscuous mode"

Block with ip tables:

iptables -A INPUT -s IP-ADDRESS -j DROP

# Specify the degree of brute force to use in killing a connection.

-1 ~ 9

Expression

tcpdump(8) filter expression

Example

(a) Kill all outgoing ftp (port 21) connection:

tcpkill -i eth0 port 9001

(b) Kill all all packets arriving at or departing from host 192.168.1.2

tcpkill host 192.168.1.2