LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-01-2015, 10:31 AM   #1
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Rep: Reputation: 11
Post How can I Disconnect an Established connection via command line?


Hello.
How can I disconnect an Established connection via command line? When I use "netstat -nat" I can see Established connection IP addresses and I want to Disconnect them via command line.

Thank you.
 
Old 12-01-2015, 02:29 PM   #2
joe_2000
Senior Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Debian
Posts: 1,016

Rep: Reputation: 308Reputation: 308Reputation: 308Reputation: 308
Quote:
Originally Posted by hack3rcon View Post
Hello.
How can I disconnect an Established connection via command line? When I use "netstat -nat" I can see Established connection IP addresses and I want to Disconnect them via command line.

Thank you.
Not sure if you can actually sever tcp connections directly, but if you include the -p/--program flag to your command:
Code:
netstat -natp
you get an additional column in the output which gives you process ids and names. With this information you can kill the process that established the connection, which effectively will stop the connection as well.
Not sure if this is what you want though. Chances are you'll get a lot more useful advice if you explain a bit more about your question's background, and what you actually want to achieve.
 
Old 12-01-2015, 03:51 PM   #3
coltree
Member
 
Registered: Nov 2003
Location: Jacobs Well, Queensland AU
Distribution: OpenBSD
Posts: 102
Blog Entries: 1

Rep: Reputation: 34
Are you using Debian, etc ?

ifdown eth0
( man ifdown )

more generally

ifconfig eth0 down
( man ifconfig )
 
Old 12-01-2015, 04:45 PM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
http://bit.ly/1Rkxh4k
http://bit.ly/1Rkxgx9
says it so much better.

I have lost my tolerance for redundant example typing.

Last edited by Habitual; 12-01-2015 at 04:46 PM.
 
Old 12-01-2015, 04:45 PM   #5
joe_2000
Senior Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Debian
Posts: 1,016

Rep: Reputation: 308Reputation: 308Reputation: 308Reputation: 308
Quote:
Originally Posted by coltree View Post
Are you using Debian, etc ?

ifdown eth0
( man ifdown )

more generally

ifconfig eth0 down
( man ifconfig )
Hmm, this seems a bit over the top. This would completely shut down the given interface (eth0) leading to a disconnection of all connections using that interface. I doubt that that's what the op wants.

Besides, these commands are assuming that the relevant network interface actually is eth0, which might not be the case. It could be a different ethernet port, a wifi adapter, or follow a completely different naming convention.
 
Old 12-01-2015, 04:53 PM   #6
joe_2000
Senior Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Debian
Posts: 1,016

Rep: Reputation: 308Reputation: 308Reputation: 308Reputation: 308
I think this is what you want:

Linux: How to kill a TCP connection using netstat?
 
Old 12-02-2015, 04:27 PM   #7
greenleaf
Member
 
Registered: Feb 2004
Location: Chester, UK
Distribution: Linux From Scratch. 64 bit. Kernel 5.8.3. Fluxbox.
Posts: 53

Rep: Reputation: 22
Alternative - try using iptables

Most distributions use iptables for firewall control. You can drop packets that are exchanged with a particular ip address by modifying the tables with a suitable command. This can all be done from the command line.

Here is a link:
http://www.cyberciti.biz/faq/linux-iptables-drop/

There are lots of other pages about iptables on the net. When implemented, the tables are realized by the kernel, and are thus relatively fundamental.

When you have had enough of dropping those packets, you will need to delete the rule that causes them to be dropped. That is also done using the iptables command.

I hope that helps.

Last edited by greenleaf; 12-02-2015 at 04:31 PM.
 
Old 12-03-2015, 05:58 PM   #8
Norseman01
Member
 
Registered: Nov 2012
Posts: 85

Rep: Reputation: Disabled
Quote:
Originally Posted by hack3rcon View Post
Hello.
How can I disconnect an Established connection via command line? When I use "netstat -nat" I can see Established connection IP addresses and I want to Disconnect them via command line.

Thank you.
===============
there are good answers between the original question and this reply.

For those who are NOT Operation Control (OPs) I can suggest an easy way to find and eradicate an unwanted connection.

every process has a system id

1). Open a new text window
2). su <Enter> makes you root. not able to be root? stay out of things!
2). Make it as wide as you can
3). ps -axf | more <Enter>
4). find the line that has the item of your interest
5). look at the number in column#1 (far left (wedding band hand)) and enter kill -9 {that number} <Enter>
6). do #3 again and verify success.
7). assuming the initial number went away, look at bottom of list and see if process self-restarted.
....if so, re-run #3 to here and if it is still showing up,
....kill its parent, and that parent's parent... until it stays gone.

Note <Left Shift> <up/down arrow>
......to review screen if you reach the bottom without finding item sought on pass one.

in case you are wondering - yes, you can add grep and some commands and automate destruction of specific targets in a self restarting shell script. Every company has a "numb skull" who can't stay out of things marked "No Admittance".
The whole thing is a bit heavy handed, but it does work.


Norseman01
 
Old 12-03-2015, 06:55 PM   #9
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
You have the choice of killing the process - which may or may not work for you, depending on the process, and whatever else is going on- or block the connection. (And you haven't given that much detail, so we can't really comment on how well it is likely to work out in your circumstances.)

The other approach is to block the data flow in iptables. I'd say the neatest would be to insert a rule that blocks the data, either by port number or by remote ip. The exact details depends a bit on your existing set of iptables rules, but it does sound do-able and from the command line.

If the offending connection is on, say, port 1234 (and you don't have anything else that might be going on on that port), you'd put in a drop instruction on the port 1234 traffic. The only thing to be a bit wary of is that iptables rules are order dependant, so, if you put the rule in the wrong place, it wouldn't have the effect that you intended.(Equally, if you know the ip address, you could do the same thing by ip address, but that would kill all data transfer to that ip, and that might not be appropriate, depending).

I'm presuming that you have root access on this box.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to disconnect established connection in IPTables SlowCoder Linux - Security 8 07-02-2007 09:23 AM
ifconfig+no connection established coolirc Slackware 2 03-04-2007 02:12 PM
Disconnect An Established Connection metallica1973 Linux - Security 11 08-31-2005 09:15 PM
Time out in Connection established state if no Data flows on that connection asurya Linux - Networking 2 04-10-2005 03:54 PM
How to reset established connection? G-Fox Linux - Networking 4 10-02-2003 02:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration