tcpkill清除异常tcp连接

tcpkill清除异常tcp连接

在linux系统中，遇到TCP链接迟迟不能释放的情况，类似FIN_WAIT1、FIN_WAIT2的状态，释放时间不确定，而且对应的程序已经关闭，相应的端口也不再监听，无法通过杀进程来解决，这种情况下，为了快速恢复正常，不得不采用重启服务器的方法加以解决，在经过各大网站搜索找到linux下dsniff包中含有tcpkill命令，该命令可以将上述状态的TCP链接加以清除，进而免除服务器重启的情况。

在dsniff集成工具包中有一个tcpkill命令,可以解决这类问题:
下载地址:http://pkgs.repoforge.org/dsniff/ 此目录中可以找到相应系统的版本
wget  http://pkgs.repoforge.org/dsniff/dsniff-2.4-0.1.b1.el5.rf.x86_64.rpm
rpm -ivh dsniff-2.4-0.1.b1.el5.rf.x86_64.rpm

安装完成后可以发现系统多了一个tcpkill的命令,命令使用方法如下:
tcpkill -9 port ftp &>/dev/null
tcpkill -9 host 192.168.10.30 &>/dev/null
tcpkill -9 port 53 and port 8000 &>/dev/null
tcpkill -9 net 192.168.10 &>/dev/null
tcpkill -9 net 192.168.10 and port 22 &>/dev/null

安装：

1、RHEL5.x系统中安装比较简单：
wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/dsniff-2.4-0.1.b1.el5.rf.i386.rpm
rpm -ivh dsniff-2.4-0.1.b1.el5.rf.i386.rpm
[root@tech02 tmp]# rpm -ivh dsniff-2.4-0.1.b1.el5.rf.i386.rpm
warning: dsniff-2.4-0.1.b1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Preparing…                ########################################### [100%]
1:dsniff                 ########################################### [100%]
[root@tech02 tmp]# rpm -ql dsniff | grep bin
/usr/sbin/arpspoof
/usr/sbin/dnsspoof
/usr/sbin/dsniff
/usr/sbin/filesnarf
/usr/sbin/macof
/usr/sbin/mailsnarf
/usr/sbin/msgsnarf
/usr/sbin/sshmitm
/usr/sbin/sshow
/usr/sbin/tcpkill
/usr/sbin/tcpnice
/usr/sbin/urlsnarf
/usr/sbin/webmitm
/usr/sbin/webspy
以上就有tcpkill命令，说明安装成功！可以使用了。
2、RHEL 6系统:
wget ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/dsniff-2.4-0.9.b1.el6.i686.rpm
wget ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/libnet-1.1.5-1.el6.i686.rpm
wget ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/libnids-1.24-1.el6.i686.rpm
[root@RHEL601 tmp]# rpm -e libnet libnids –nodeps
[root@RHEL601 tmp]# rpm -ivh dsniff-2.4-0.9.b1.el6.i686.rpm
warning: dsniff-2.4-0.9.b1.el6.i686.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
error: Failed dependencies:
libICE.so.6 is needed by dsniff-2.4-0.9.b1.el6.i686
libSM.so.6 is needed by dsniff-2.4-0.9.b1.el6.i686
libXmu.so.6 is needed by dsniff-2.4-0.9.b1.el6.i686
libnet.so.1 is needed by dsniff-2.4-0.9.b1.el6.i686
libnids.so.1.24 is needed by dsniff-2.4-0.9.b1.el6.i686
[root@RHEL601 tmp]# yum install libICE libSM libXmu -y
Loaded plugins: rhnplugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package libICE.i686 0:1.0.6-1.el6 set to be updated
—> Package libSM.i686 0:1.1.0-7.1.el6 set to be updated
—> Package libXmu.i686 0:1.0.5-1.el6 set to be updated
–> Processing Dependency: libXt.so.6 for package: libXmu-1.0.5-1.el6.i686
–> Running transaction check
—> Package libXt.i686 0:1.0.7-1.el6 set to be updated
–> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
Package               Arch                Version                      Repository             Size
====================================================================================================
Installing:
libICE                i686                1.0.6-1.el6                  Server                 52 k
libSM                 i686                1.1.0-7.1.el6                Server                 26 k
libXmu                i686                1.0.5-1.el6                  Server                 58 k
Installing for dependencies:
libXt                 i686                1.0.7-1.el6                  Server                168 k

Transaction Summary
====================================================================================================
Install       4 Package(s)
Upgrade       0 Package(s)

Total download size: 305 k
Installed size: 668 k
Downloading Packages:
—————————————————————————————————-
Total                                                               2.4 MB/s | 305 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
db4-devel-4.7.25-17.el6.i686 has missing requires of db4 = (’0′, ’4.7.25′, ’17.el6′)
db4-devel-4.7.25-17.el6.i686 has missing requires of db4-cxx = (’0′, ’4.7.25′, ’17.el6′)
db4-devel-4.7.25-17.el6.i686 has missing requires of libdb_cxx-4.7.so
libnet-devel-1.1.5-1.el6.i686 has missing requires of libnet = (’0′, ’1.1.5′, ’1.el6′)
libnet-devel-1.1.5-1.el6.i686 has missing requires of libnet.so.1
libnids-devel-1.24-1.el6.i686 has missing requires of libnids = (’0′, ’1.24′, ’1.el6′)
libnids-devel-1.24-1.el6.i686 has missing requires of libnids.so.1.24
rrdtool-1.4.4-1.el5.rf.i386 has missing requires of gettext
rrdtool-1.4.4-1.el5.rf.i386 has missing requires of perl(Time::HiRes)
rrdtool-1.4.4-1.el5.rf.i386 has missing requires of ruby
rrdtool-1.4.4-1.el5.rf.i386 has missing requires of xorg-x11-fonts-Type1
Installing     : libICE-1.0.6-1.el6.i686                                                      1/4
Installing     : libSM-1.1.0-7.1.el6.i686                                                     2/4
Installing     : libXt-1.0.7-1.el6.i686                                                       3/4
Installing     : libXmu-1.0.5-1.el6.i686                                                      4/4

Installed:
libICE.i686 0:1.0.6-1.el6       libSM.i686 0:1.1.0-7.1.el6       libXmu.i686 0:1.0.5-1.el6

Dependency Installed:
libXt.i686 0:1.0.7-1.el6

Complete!
[root@RHEL601 tmp]# rpm -ivh libnet-1.1.5-1.el6.i686.rpm libnids-1.24-1.el6.i686.rpm dsniff-2.4-0.9.b1.el6.i686.rpm
warning: libnet-1.1.5-1.el6.i686.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing…                ########################################### [100%]
1:libnet                 ########################################### [ 33%]
2:libnids                ########################################### [ 67%]
3:dsniff                 ########################################### [100%]
[root@RHEL601 tmp]# tcpkill
Version: 2.4
Usage: tcpkill [-i interface] [-1..9] expression

个人在工作中仅仅用到了类似tcpkill -9 host 192.168.10.30 &>/dev/null的命令(注：该IP地址为远程IP）。
由于当时处理此类问题是没有来得及做记录，故暂时就不写使用实例了，以后再遇到此类情况，再加以补充。同时dsniff包中还含有许多命令，有兴趣的可以继续加以研究。