问题原因:
解决方案:网上查到一个工具 killcx,使用 killcx 工具来关闭TCP连接
killcx是一个在linux下可以关闭TCP连接的 Perl 脚本,厉害之处在于:无论该TCP连接处于什么状态,都可以有效关闭TCP连接。
安装:
去官网 ( http://killcx.sourceforge.net/ ) 下载安装包,以下是官网的使用方法以及介绍,我直接复制下来了
-------------------------------------------------------------------------------------------------开始分割线-------------------------------------------------------------------------------------------
Killcx is a Perl script to close a TCP connection under Linux, whatever its state is (half-open, established, waiting or closing state).
I - Overview :
Under Windows, closing a TCP connection is quite an easy task (see wKillcx),
but under Linux, it‘s a bit more complicated : one needs to sniff the
connection and extract the magic Acknowlegment and Sequence numbers from
a TCP packet.
Killcx works by creating a fake SYN packet with a bogus SeqNum, spoofing
the remote client IP/port and sending it to the server. It will fork a
child process that will capture the server response, extract the 2 magic
values from the ACK packet and use them to send a spoofed RST packet.
The connection will then be closed.
Note that the fake SYN packet is sent because even if the connection was
somehow stuck (no incoming/outgoing packets), killcx would still be
able to close it.
II - Parameters :
- syntax : killcx [dest_ip:dest_port] {interface}
dest_ip : remote IP
dest_port : remote port
interface (optional) : network interface (eth0, lo etc).
- example : killcx 120.121.122.123:1234
killcx 120.121.122.123:1234 eth0
III - Perl modules needed :
You need the following modules to run killcx :
* Net::RawIP : needed to create spoofed packets.
* Net::Pcap : needed to capture TCP packets.
* NetPacket::Ethernet : needed to decode TCP/IP packets.
IV - Various :
- interface : the interface parameter is optional. If not given, killcx
will use the first one it can find. Note that in many cases, you will
get much better results by using ‘lo‘ (loopback interface), specially if
the connection is not yet or no longer in the ESTABLISHED state, for
instance SYN_RECV or TIME_WAIT.
- closing connection : killcx will close the connection on both sides,
your server and the remote IP, only if it is in the ESTABLISHED state.
For all other states, the connection will only be closed on your server
side. This doesn‘t matter too much because if the remote client sent
another TCP packet your server would reply with a RST one anyway, except
if it was a SYN packet of course.
- verboseness : killcx, both the parent and its child, will ouput all operations to the screen.
VI - Download :
killcx.tgz - v1.0.3 - (c) Jerome Bruandet
View source
-------------------------------------------------------------------------------------------------结束分割线-----------------------------------------------------------------------------------------------
官网明确指出需要安装几个perl依赖的库,
You need the following modules to run killcx :
* Net::RawIP : needed to create spoofed packets. * Net::Pcap : needed to capture TCP packets. * NetPacket::Ethernet : needed to decode TCP/IP packets.
如果你的服务器可以联网,那么你只需要做以下操作,利用CPAN安装这几个模块
# perl -MCPAN -e shell cpan> install Net::RawIP cpan> install Net::Pcap cpan> install NetPacket::Ethernet
直接下载也行
cpan -i Net::RawIP Net::Pcap NetPacket::Ethernet
我执行的时候报错,如下
# perl -MCPAN -e shell Can‘t locate CPAN.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .). BEGIN failed--compilation aborted.
说明你的服务器没有安装perl-CPAN
yum -y install perl-CPAN
安装成功以后,直接执行以上操作,继续安装即可,但是我的服务器没有网,我们需要去官网给的三个模块的链接手动下载
原文:https://www.cnblogs.com/augusite/p/11424999.html