INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

how to disconnect a specific IP connected to a specific port

how to disconnect a specific IP connected to a specific port

how to disconnect a specific IP connected to a specific port

(OP)
Hi, all.

We have a server running Red Hat 5, where lots of remote clients connect on a specific port, lets say 5678.

I run the command "netstat -an | grep 5678" and I get a listing of remote IP's that are connected to this service.

I would need a command to disconnect a specific IP (lets say 11.22.33.44) from my port.

Any ideas ?

Thanks a lot. Sebastian.  

RE: how to disconnect a specific IP connected to a specific port

Using the command netstat with the -p option (as root) will give you the pid number and then you can kill that particular process instance to close the connection. I normally run netsat -pane for a nice display of options. If you would like to block that particular IP, you can do so by setting up a rule in iptables, though this can be problematic as the IP changes.
 

RE: how to disconnect a specific IP connected to a specific port

(OP)
mr Noway2 : the process id shown by netstat -pane is the one of the service, this is, the Apache application.

Anyway this command is quite interesting :

[root@labss1 cmds]# netstat -aenp | grep 1352
tcp        0      0 23.137.164.154:1352          23.172.140.46:2373           ESTABLISHED 500        12337      3433/server
tcp        0      0 23.137.164.154:1352          23.172.140.48:1100           ESTABLISHED 500        12546      3433/server

When I use the "-e" flag, some "extended" information comes up, and this is the column with some strange number : 12337 on first connection and 12546 on the seccond connection.

Can you tell me what this info is ?

By the way : I think I have found the solution to my problem - it is called TCPKILL and is part of the DSNIFF package
>>> http://monkey.org/~dugsong/dsniff/

Sebastian.
 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close