在linux系统中,遇到TCP链接迟迟不能释放的情况,类似FIN_WAIT1、FIN_WAIT2的状态,释放时间不确定,而且对应的程序已经关闭,相应的端口也不再监听,无法通过杀进程来解决,这种情况下,为了快速恢复正常,不得不采用重启服务器的方法加以解决,在经过各大网站搜索找到linux下dsniff包中含有tcpkill命令,该命令可以将上述状态的TCP链接加以清除,进而免除服务器重启的情况,因为重启服务器有风险(机器可能宕机起不来),若是赶上节假日,机房工作人员不方便操作,就会严重影响业务正常运行,损失自不必说,自己评估吧,吼吼吼^_^ 个人在 RHEL 6 和 RHEL 5.x系统中均做了安装,开始在RHEL 6中尝试以源码安装,由于依赖太多包,安装繁琐,最后采取rpm的安装方式,最终成功安装,现在加以总结,整理该文档,将网上部分文章加以汇总,希望能对各位同仁有所帮助,过程如下:1、RHEL5.x系统中安装比较简单:wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/dsniff-2.4-0.1.b1.el5.rf.i386.rpmrpm -ivh dsniff-2.4-0.1.b1.el5.rf.i386.rpm[root@tech02 tmp]# rpm -ivh dsniff-2.4-0.1.b1.el5.rf.i386.rpm warning: dsniff-2.4-0.1.b1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6Preparing… ########################################### [100%] 1:dsniff ########################################### [100%][root@tech02 tmp]# rpm -ql dsniff | grep bin/usr/sbin/arpspoof/usr/sbin/dnsspoof/usr/sbin/dsniff/usr/sbin/filesnarf/usr/sbin/macof/usr/sbin/mailsnarf/usr/sbin/msgsnarf/usr/sbin/sshmitm/usr/sbin/sshow/usr/sbin/tcpkill/usr/sbin/tcpnice/usr/sbin/urlsnarf/usr/sbin/webmitm/usr/sbin/webspy以上就有tcpkill命令,说明安装成功!可以使用了。2、RHEL 6系统:wget ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/dsniff-2.4-0.9.b1.el6.i686.rpmwget ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/libnet-1.1.5-1.el6.i686.rpmwget ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/libnids-1.24-1.el6.i686.rpm[root@RHEL601 tmp]# rpm -e libnet libnids –nodeps[root@RHEL601 tmp]# rpm -ivh dsniff-2.4-0.9.b1.el6.i686.rpm warning: dsniff-2.4-0.9.b1.el6.i686.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEYerror: Failed dependencies: libICE.so.6 is needed by dsniff-2.4-0.9.b1.el6.i686 libSM.so.6 is needed by dsniff-2.4-0.9.b1.el6.i686 libXmu.so.6 is needed by dsniff-2.4-0.9.b1.el6.i686 libnet.so.1 is needed by dsniff-2.4-0.9.b1.el6.i686 libnids.so.1.24 is needed by dsniff-2.4-0.9.b1.el6.i686[root@RHEL601 tmp]# yum install libICE libSM libXmu -yLoaded plugins: rhnpluginThis system is not registered with RHN.RHN support will be disabled.Setting up Install ProcessResolving Dependencies– Running transaction check— Package libICE.i686 0:1.0.6-1.el6 set to be updated— Package libSM.i686 0:1.1.0-7.1.el6 set to be updated— Package libXmu.i686 0:1.0.5-1.el6 set to be updated– Processing Dependency: libXt.so.6 for package: libXmu-1.0.5-1.el6.i686– Running transaction check— Package libXt.i686 0:1.0.7-1.el6 set to be updated– Finished Dependency Resolution
Dependencies Resolved
==================================================================================================== Package Arch Version Repository Size====================================================================================================Installing: libICE i686 1.0.6-1.el6 Server 52 k libSM i686 1.1.0-7.1.el6 Server 26 k libXmu i686 1.0.5-1.el6 Server 58 kInstalling for dependencies: libXt i686 1.0.7-1.el6 Server 168 k
Transaction Summary====================================================================================================Install 4 Package(s)Upgrade 0 Package(s)
Total download size: 305 kInstalled size: 668 kDownloading Packages:—————————————————————————————————-Total 2.4 MB/s | 305 kB 00:00 Running rpm_check_debugRunning Transaction TestTransaction Test SucceededRunning TransactionWarning: RPMDB altered outside of yum.db4-devel-4.7.25-17.el6.i686 has missing requires of db4 = (‘0’, ‘4.7.25’, ’17.el6′)db4-devel-4.7.25-17.el6.i686 has missing requires of db4-cxx = (‘0’, ‘4.7.25’, ’17.el6′)db4-devel-4.7.25-17.el6.i686 has missing requires of libdb_cxx-4.7.solibnet-devel-1.1.5-1.el6.i686 has missing requires of libnet = (‘0’, ‘1.1.5’, ‘1.el6’)libnet-devel-1.1.5-1.el6.i686 has missing requires of libnet.so.1libnids-devel-1.24-1.el6.i686 has missing requires of libnids = (‘0’, ‘1.24’, ‘1.el6’)libnids-devel-1.24-1.el6.i686 has missing requires of libnids.so.1.24rrdtool-1.4.4-1.el5.rf.i386 has missing requires of gettextrrdtool-1.4.4-1.el5.rf.i386 has missing requires of perl(Time::HiRes)rrdtool-1.4.4-1.el5.rf.i386 has missing requires of rubyrrdtool-1.4.4-1.el5.rf.i386 has missing requires of xorg-x11-fonts-Type1 Installing : libICE-1.0.6-1.el6.i686 1/4 Installing : libSM-1.1.0-7.1.el6.i686 2/4 Installing : libXt-1.0.7-1.el6.i686 3/4 Installing : libXmu-1.0.5-1.el6.i686 4/4
Installed: libICE.i686 0:1.0.6-1.el6 libSM.i686 0:1.1.0-7.1.el6 libXmu.i686 0:1.0.5-1.el6
Dependency Installed: libXt.i686 0:1.0.7-1.el6
Complete![root@RHEL601 tmp]# rpm -ivh libnet-1.1.5-1.el6.i686.rpm libnids-1.24-1.el6.i686.rpm dsniff-2.4-0.9.b1.el6.i686.rpm warning: libnet-1.1.5-1.el6.i686.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEYPreparing… ########################################### [100%] 1:libnet ########################################### [ 33%] 2:libnids ########################################### [ 67%] 3:dsniff ########################################### [100%][root@RHEL601 tmp]# tcpkill Version: 2.4Usage: tcpkill [-i interface] [-1..9] expression
个人在工作中仅仅用到了类似tcpkill -9 host 192.168.10.30 /dev/null的命令(注:该IP地址为远程IP)。由于当时处理此类问题是没有来得及做记录,故暂时就不写使用实例了,以后再遇到此类情况,再加以补充。同时dsniff包中还含有许多命令,有兴趣的可以继续加以研究。具体使用方法参考下面提供的页面:参考页面:1、http://www.lowth.com/cutter/2、http://en.wikipedia.org/wiki/Tcpkill3、http://blog.sina.com.cn/s/blog_56b96c5a01011zrs.html4、http://hi.baidu.com/opwrt/item/b4d25b3f5bf9a3bf124b14665、http://www.x5u.net/index.php/archives/26
2014年3月20日添加如下命令示例
tcpkill -9 port ftp /dev/nulltcpkill -9 host 192.168.10.30 /dev/nulltcpkill -9 port 53 and port 8000 /dev/nulltcpkill -9 net 192.168.10 /dev/nulltcpkill -9 net 192.168.10 and port 22 /dev/null
tcpkill -i eth0 src or dst port 21
以诚感人者,人亦诚而应。
