Matar conexões tcp no redhat

Posted . Visible to the public.

1. Instalar dependências libcap e libcap-devel via pacotes rpm

wget ftp://ftp.pbone.net/mirror/apt.sw.be/redhat/el6/en/x86_64/testing/RPMS/libpcap-1.4.0-1.el6.rft.x86_64.rpm
rpm -ivh libpcap-1.4.0-1.el6.rft.x86_64.rpm
wget ftp://ftp.pbone.net/mirror/apt.sw.be/redhat/el6/en/x86_64/testing/RPMS/libpcap-devel-1.4.0-1.el6.rft.x86_64.rpm
rpm -ivh libpcap-devel-1.4.0-1.el6.rft.x86_64.rpm

2. Instalar os modulos Perl: "parent", "Net::RawIP", "Net::Pcap" e "NetPacket::Ethernet"

sudo yum install cpan
sudo cpan -i parent
sudo cpan -i Net::RawIP
sudo cpan -i Net::Pcap
sudo cpan -i NetPacket::Ethernet

2*. Se não funcionar com o cpan, instalar manualmente:

parent

wget http://www.perl.org/CPAN/authors/id/C/CO/CORION/parent-0.234.tar.gz
cd parent-0.234
sudo perl Makefile.PL
sudo make
sudo make install
cd ../

Net-RawIP

wget http://search.cpan.org/CPAN/authors/id/S/SA/SAPER/Net-RawIP-0.25.tar.gz
tar -zvxf Net-RawIP-0.25.tar.gz
cd Net-RawIP-0.25
sudo perl Makefile.PL
sudo make
sudo make install
cd ../

Net-Pcap

wget http://search.cpan.org/CPAN/authors/id/S/SA/SAPER/Net-Pcap-0.17.tar.gz
tar -zvxf Net-Pcap-0.17.tar.gz
cd Net-Pcap-0.17
sudo perl Makefile.PL
sudo make
sudo make install
cd ../

NetPacket

wget http://search.cpan.org/CPAN/authors/id/Y/YA/YANICK/NetPacket-1.6.0.tar.gz
tar -zvxf NetPacket-1.6.0.tar.gz
cd NetPacket-1.6.0
sudo perl Makefile.PL
sudo make
sudo make install
cd ../

3. Para matar conexões específicas baixar o killcx. Ver http://killcx.sourceforge.net/

wget -O killcx-1.0.3.tgz http://downloads.sourceforge.net/project/killcx/killcx/1.0.3/killcx-1.0.3.tgz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fkillcx%2Ffiles%2Fkillcx%2F1.0.3%2F&ts=1446738082&use_mirror=nbtelecom
tar -zvxf killcx-1.0.3.tgz
cd killcx-1.0.3

4. Para matar todas as conexões close_wait ou time_wait escrever o seguinte script perl:

vim kill_connections.pl

Com o seguinte conteudo:

use strict;
use Socket;
use Net::RawIP;
use Net::Pcap;
use NetPacket::Ethernet qw(:strip);
use NetPacket::IP qw(:strip);
use NetPacket::TCP;
use POSIX qw(setsid);


my $num_args = $#ARGV + 1;
if ($num_args != 4) {
	print "\nUsage: wrong\n";
	exit;
}

my $src_ip=$ARGV[0];
my $src_port=$ARGV[1];
my $dst_ip=$ARGV[2];
my $dst_port=$ARGV[3];

my $packet = Net::RawIP->new({
		ip => {  frag_off => 0, tos => 0,
		saddr => $dst_ip, daddr => $src_ip
		},
		tcp =>{  dest => $src_port, source => $dst_port,
		seq => 10, ack => 1
		}
		});
$packet->send;

5. E o script bash:

vim kill_connections.sh

Com o seguinte conteudo:

#!/bin/bash
netstat -tulnap | grep 'ESPERANDO_FECHAR\|CLOSE_WAIT\|TIME_WAIT' | awk '{print $4,$5}' |  sed 's/:/ /g' | sed 's/f/ /g' | while read line; do
	perl kill_connections.pl $line;
done

6. Permitir execução do arquivo:

chmod +x kill_connections.sh

7. Rodar o script:

sudo ./kill_connections.sh
Cleydson Júnior
Last edit
Cleydson Júnior
Posted by Cleydson Júnior to ZeroGlosa (2015-11-11 19:31)