Hi,
I want to kill TCP connections which have status as TIME_WAIT & no PID
(as per the output of the "netstat - p" command).
Is there any command/utility available to kill connections to a specific port or IP address.
The problem is that these connections don't have process ID (see below).
[remedy@CNDAUNREDBOP13 ~]$ netstat -p |grep 56000
tcp 0 0 CNDAUNREDBOP13:59388 10.5.45.39:56000 TIME_WAIT -
tcp 0 0 CNDAUNREDBOP13:59389 10.5.45.39:56000 TIME_WAIT -
tcp 0 0 CNDAUNREDBOP13:59390 10.5.45.39:56000 TIME_WAIT -
tcp 0 0 CNDAUNREDBOP13:59385 10.5.45.39:56000 TIME_WAIT -
tcp 0 0 CNDAUNREDBOP13:59386 10.5.45.39:56000 TIME_WAIT -
tcp 0 0 CNDAUNREDBOP13:59411 10.5.45.39:56000 TIME_WAIT -
davinder31may:
Hi,
I want to kill TCP connections which have status as TIME_WAIT & no PID
(as per the output of the "netstat - p" command).
Is there any command/utility available to kill connections to a specific port or IP address.
The problem is that these connections don't have process ID (see below).
Hi,
there are two ways of "killing" TIME_WAIT connection:
1) change time of ip_conntrack_timeout_time_wait (via sysctl or by writing number of seconds to /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait by "echo" command)
2) use "lsof" (list opened files) command, eg:
gate1:~# lsof -n -i@127.0.0.1
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 878 thiemtom 12u IPv4 276087 0t0 TCP 127.0.0.1:57480->127.0.0.1:openvpn (ESTABLISHED)
sshd 878 thiemtom 13u IPv4 276139 0t0 TCP 127.0.0.1:60649->127.0.0.1:xmpp-client (ESTABLISHED)
named 1494 bind 20u IPv4 5358 0t0 TCP 127.0.0.1:domain (LISTEN)
named 1494 bind 26u IPv4 5371 0t0 TCP 127.0.0.1:953 (LISTEN)
named 1494 bind 512u IPv4 5357 0t0 UDP 127.0.0.1:domain
lwresd 1591 root 512u IPv4 5589 0t0 UDP 127.0.0.1:921
ntpd 1605 ntp 18u IPv4 5618 0t0 UDP 127.0.0.1:ntp
openvpn 1637 nobody 7u IPv4 276088 0t0 TCP 127.0.0.1:openvpn->127.0.0.1:57480 (ESTABLISHED)
epmd 1707 ejabberd 4u IPv4 6890 0t0 TCP 127.0.0.1:4369->127.0.0.1:39726 (ESTABLISHED)
zebra 1708 quagga 9u IPv4 6480 0t0 TCP 127.0.0.1:zebra (LISTEN)
ospfd 1758 quagga 7u IPv4 6548 0t0 TCP 127.0.0.1:ospfd (LISTEN)
beam 1816 ejabberd 8u IPv4 6889 0t0 TCP 127.0.0.1:39726->127.0.0.1:4369 (ESTABLISHED)
beam 1816 ejabberd 20u IPv4 7591 0t0 TCP 127.0.0.1:5555 (LISTEN)
beam 1816 ejabberd 22u IPv4 7756 0t0 TCP 127.0.0.1:5555->127.0.0.1:40447 (ESTABLISHED)
beam 1816 ejabberd 24u IPv4 276140 0t0 TCP 127.0.0.1:xmpp-client->127.0.0.1:60649 (ESTABLISHED)
python 1840 pyicqt 3u IPv4 7755 0t0 TCP 127.0.0.1:40447->127.0.0.1:5555 (ESTABLISHED)
sshd 29453 root 8u IPv4 311274 0t0 TCP 127.0.0.1:6010 (LISTEN)
But I don't see the reason why to "kill" TCP_WAIT connection - it will timeout itself after some time (see ip_conntrack_timeout_time_wait)
agn
June 29, 2010, 3:47am
3
There's a utility called tcpdrop on BSDs. Not sure if its ported to any other OS.
gsiva
June 29, 2010, 8:02pm
4
What is the same scenario if there is snyc_rec instead of time_wait. So how to kill those process.
BSD's tcpdrop is not available on Linux because Linux does not support the TCPCTL_DROP ioctl (or the equivalent TCP_IOC_ABORT_CONN in Solaris) There is pushback against introducing such an ioctl in Linux every time the issue is raised.