Home

Awesome

tcp_killer

Shuts down a TCP connection on Linux or macOS. Local and remote endpoint arguments can be copied from the output of 'netstat -lanW'.

The functionality offered by tcp_killer is intended to mimic TCPView's "Close Connection" functionality and tcpdrop's functionality on Linux and macOS.

Basic Usage

python tcp_killer.py [-verbose] <local endpoint> <remote endpoint>

Arguments:

-verbose           Show verbose output
<local endpoint>   Connection's local IP address and port
<remote endpoint>  Connection's remote IP address and port

Examples:

tcp_killer.py 10.31.33.7:50246 93.184.216.34:443
tcp_killer.py 2001:db8:85a3::8a2e:370:7334.93 2606:2800:220:1:248:1893:25c8:1946.80
tcp_killer.py -verbose [2001:4860:4860::8888]:46820 [2607:f8b0:4005:807::200e]:80

Full Example

geffner@ubuntu:~$ # Create a server to listen on TCP port 12345
geffner@ubuntu:~$ nc -d -l -p 12345 &
[1] 135578

geffner@ubuntu:~$ # Connect to the local server on TCP port 12345
geffner@ubuntu:~$ nc -v -d localhost 12345 &
[2] 135579
Connection to localhost 12345 port [tcp/*] succeeded!

geffner@ubuntu:~$ # Find the connection endpoints
geffner@ubuntu:~$ netstat -lanW | grep 12345.*ESTABLISHED
tcp        0      0 127.0.0.1:33994         127.0.0.1:12345         ESTABLISHED
tcp        0      0 127.0.0.1:12345         127.0.0.1:33994         ESTABLISHED

geffner@ubuntu:~$ # Kill the connection by copying and pasting the output of netstat
geffner@ubuntu:~$ python tcp_killer.py 127.0.0.1:33994         127.0.0.1:12345
TCP connection was successfully shutdown.
[1]-  Done                    nc -d -l -p 12345
[2]+  Done                    nc -v -d localhost 12345

Dependencies

lsof

This program uses lsof to find the process and socket file descriptor associated with a given TCP connection.

lsof can be installed via your package management system (for example, sudo apt-get install lsof).

frida

This program uses the frida framework to perform code injection.

Frida can be installed as follows: sudo pip install frida

Disclaimer

This is not an official Google product.