Resetting an ESTABLISHED tcp connection with 'tcpkill'

On SuSE, you just need to do a little compiling.

At sometime in your administration duties you may need a way to kill an ESTABLISHED tcp connection while keeping the original process open. A good command for this is 'tcpkill'. This command is part of the 'dsniff' suite and it is not installed on SuSE by default. In this short article, I will show you how to compile, install and use this command.

First, you will need tp download a couple of programs which can be had from the Article Links at the bottom of this page.

  • Libnet
  • Libnids
  • and dsniff

You wil need to compile each of them in the order I have listed above like so:


./configure ; make ; make install

If you get an error complaining about sshcrypto.c and DES_DECRYPT, you should add these lines to the file after the line "#include <openssl/ssl.h>" then recompile.


#include <openssl/blowfish.h>
#include <openssl/des.h>
#include <openssl/des_old.h>

If you get an error about sshow.c and CLK_TCK, you should add this #define line to the file and then recompile


/* This is the obsolete POSIX.1-1988 name for the same constant.  */ 
#define CLK_TCK      CLOCKS_PER_SEC 

After the installation, you will find a couple of programs in /usr/local/sbin, you may move them to wherever you like. To use 'tcpkill', first check netstat to see the cultprit port which you need to kill. It does not really kill the connection, it sends a RST to the server. After issueing the following command, it will hang there until it gets some packets. Say you need to RST ftp packets to an application your working on:


tcpkill -i eth0 port 21

There you have it. Enjoy!


Peace be unto you. Thank you for visiting!