Killcx : close a TCP connection (for Linux)

Killcx is a Perl script to close a TCP connection under Linux, whatever its state is (half-open, established, waiting or closing state).

I - Overview :

Under Windows, closing a TCP connection is quite an easy task (see wKillcx), but under Linux, it's a bit more complicated : one needs to sniff the connection and extract the magic Acknowlegment and Sequence numbers from a TCP packet.
Killcx works by creating a fake SYN packet with a bogus SeqNum, spoofing the remote client IP/port and sending it to the server. It will fork a child process that will capture the server response, extract the 2 magic values from the ACK packet and use them to send a spoofed RST packet. The connection will then be closed.
Note that the fake SYN packet is sent because even if the connection was somehow stuck (no incoming/outgoing packets), killcx would still be able to close it.

II - Parameters :

  - syntax   : killcx [dest_ip:dest_port] {interface}

    dest_ip              : remote IP
    dest_port            : remote port
    interface (optional) : network interface (eth0, lo etc).

  - example  : killcx 120.121.122.123:1234
               killcx 120.121.122.123:1234 eth0


III - Perl modules needed :

You need the following modules to run killcx :

* Net::RawIP : needed to create spoofed packets.
* Net::Pcap : needed to capture TCP packets.
* NetPacket::Ethernet : needed to decode TCP/IP packets.


IV - Various :

- interface : the interface parameter is optional. If not given, killcx will use the first one it can find. Note that in many cases, you will get much better results by using 'lo' (loopback interface), specially if the connection is not yet or no longer in the ESTABLISHED state, for instance SYN_RECV or TIME_WAIT.

- closing connection : killcx will close the connection on both sides, your server and the remote IP, only if it is in the ESTABLISHED state. For all other states, the connection will only be closed on your server side. This doesn't matter too much because if the remote client sent another TCP packet your server would reply with a RST one anyway, except if it was a SYN packet of course.

- verboseness : killcx, both the parent and its child, will ouput all operations to the screen.


VI - Download :

killcx.tgz - v1.0.3 - (c) Jerome Bruandet

View source


spam sucks, it's gay !