I want to kill TCP connections which have status as TIME_WAIT & no PID
(as per the output of the "netstat - p" command).
Is there any command/utility available to kill connections to a specific port or IP address.
The problem is that these connections don't have process ID (see below).
Hi,
there are two ways of "killing" TIME_WAIT connection:
1) change time of ip_conntrack_timeout_time_wait (via sysctl or by writing number of seconds to /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait by "echo" command)
2) use "lsof" (list opened files) command, eg:
But I don't see the reason why to "kill" TCP_WAIT connection - it will timeout itself after some time (see ip_conntrack_timeout_time_wait)
What is the maximum number of TCP ports that can be consumed at any one time? How can I determine what the number is or increase it?
I was under the impression that with our system (UnixWare 7.1.1) 1024 was the maximum under our current Kernel tuning parms, but I think that is really just... (4 Replies)
1. If I use an software application(which connects to the database in the server) in my local pc, how many PID should be registered? Would there be PID for the session and another PID for socket connection?
2. I noticed (through netstat) that when I logged in using the my software application,... (1 Reply)
Hi All,
In my project i have two process runs in the back end.
Once i start my project, and execute the command ps, i get below output:
PID TTY TIME CMD
9086 pts/1 0:00 ksh
9241 pts/1 0:02 java
9240 pts/1 0:00 shell_script_bg
java with 9241 PID is the main... (4 Replies)
Hellow Experts
i have one problem.
i run one script in backgroun.
and i want to kill that script with only script name.....
so what's the solution..
for your info
my script name is "testscript" n it contains "sleep 100"
thanks.... (16 Replies)
Hi,
On my Linux machine, using Bash, I sometimes run into a situation where doing the following does not seem to work at all.
kermit@fastbox ~ $ ps -A | grep firefox-bin
5375 ? 00:06:57 firefox-bin <defunct>
5624 ? 00:00:00 firefox-bin
kermit@fastbox ~ $ kill 5624... (7 Replies)
Hello,
Actually there are some bugs in application which does not close the TCP connection to other server though CORBA.
We need to kill that ESTABLISHED connections as new connection are not happeneing as the allocated ports were used and showing as ESTABLISHED
Is there any... (4 Replies)
Hi,
I wrote a script to kill a process id.
I am able to kill the PID only if I enter the root password in the middle of the execution because I did not run as root i.e after i run the script from the terminal, instead of killing directly, it is killing only after entering the pass when it... (12 Replies)
Hello Friends,
I've been trying to write a one line which checks java processes and filter them for a user (testuser) and then check process arguments with PARGS command and then check if there is certain patterns exists in pargs output then kill the process.
I have tried the following so... (2 Replies)
I created a program to kill long running pid processes.
I am getting the following error message:
-f command cannot be found.
I also want to count the number of pids that are killed and append the results to a text file. I am new to shell script programming.
1.The first part of code... (10 Replies)
Discussion started by: dellanicholson
10 Replies
LEARN ABOUT DEBIAN
tcprules
tcprules(1) General Commands Manual tcprules(1)NAME
tcprules - compile rules for tcpserver
SYNOPSIS
tcprules rules.cdb rules.tmp
OVERVIEW
tcpserver optionally follows rules to decide whether a TCP connection is acceptable. For example, a rule of
18.23.0.32:deny
prohibits connections from IP address 18.23.0.32.
tcprules reads rules from its standard input and writes them into rules.cdb in a binary format suited for quick access by tcpserver.
tcprules can be used while tcpserver is running: it ensures that rules.cdb is updated atomically. It does this by first writing the rules
to rules.tmp and then moving rules.tmp on top of rules.cdb. If rules.tmp already exists, it is destroyed. The directories containing
rules.cdb and rules.tmp must be writable to tcprules; they must also be on the same filesystem.
If there is a problem with the input, tcprules complains and leaves rules.cdb alone.
The binary rules.cdb format is portable across machines.
RULE FORMAT
A rule takes up one line. A file containing rules may also contain comments: lines beginning with # are ignored.
Each rule contains an address, a colon, and a list of instructions, with no extra spaces. When tcpserver receives a connection from that
address, it follows the instructions.
ADDRESSES
tcpserver starts by looking for a rule with address TCPREMOTEINFO@TCPREMOTEIP. If it doesn't find one, or if TCPREMOTEINFO is not set, it
tries the address TCPREMOTEIP. If that doesn't work, it tries shorter and shorter prefixes of TCPREMOTEIP ending with a dot. If none of
them work, it tries the empty string.
For example, here are some rules:
joe@127.0.0.1:first
18.23.0.32:second
127.:third
:fourth
::1:fifth
If TCPREMOTEIP is 10.119.75.38, tcpserver will follow the fourth instructions.
If TCPREMOTEIP is ::1, tcpserver will follow the fifth instructions. Note that you cannot detect IPv4 mapped addresses by matching
"::ffff", as those addresses will be converted to IPv4 before looking at the rules.
If TCPREMOTEIP is 18.23.0.32, tcpserver will follow the second instructions.
If TCPREMOTEINFO is bill and TCPREMOTEIP is 127.0.0.1, tcpserver will follow the third instructions.
If TCPREMOTEINFO is joe and TCPREMOTEIP is 127.0.0.1, tcpserver will follow the first instructions.
ADDRESS RANGES
tcprules treats 1.2.3.37-53:ins as an abbreviation for the rules 1.2.3.37:ins, 1.2.3.38:ins, and so on up through 1.2.3.53:ins. Similarly,
10.2-3.:ins is an abbreviation for 10.2.:ins and 10.3.:ins.
INSTRUCTIONS
The instructions in a rule must begin with either allow or deny. deny tells tcpserver to drop the connection without running anything.
For example, the rule
:deny
tells tcpserver to drop all connections that aren't handled by more specific rules.
The instructions may continue with some environment variables, in the format ,VAR="VALUE". tcpserver adds VAR=VALUE to the current envi-
ronment. For example,
10.0.:allow,RELAYCLIENT="@fix.me"
adds RELAYCLIENT=@fix.me to the environment. The quotes here may be replaced by any repeated character:
10.0.:allow,RELAYCLIENT=/@fix.me/
Any number of variables may be listed:
127.0.0.1:allow,RELAYCLIENT="",TCPLOCALHOST="movie.edu"
SEE ALSO tcprulescheck(1), tcpserver(1), tcp-environ(5)tcprules(1)