>anyone know if there is a way to kill tcp connections directly, or anyway
>to find out which processes are talking on which ports? my goal is to be
>able to drop a connection explicitly or find out which process is holding
>which connection. tia!
lsof is what you want to tell what process is currently using what port.
it is heavily mirrored so a quick search @ ftpsearch or your favorite
search engine will turn it up.
lsof must be compiled in reference to the kernel you are running (not just
the version number you are running, the actual instance of it), so if your
distro ships lsof, and youve upgrade your kernel, you need to recompile it.
warning, it may take you 45 minutes to an hour to figure out how to use
lsof (it's got more features than are easily instantly grokkable)
linux' netstat allows you to see what user's process (not what process)
has a port open; other unices netstat's aren't all so nice.
netstat ships with probably every unix distro in existence.
generally the way to down a connection using a port is to kill the
process on your end of it. the socket may hang around and be marked
in use (probably in state "CLOSE" or "CLOSE WAIT" as reported by
netstat), but there will be no more real traffic over it.
note that one of the main applications of this that i see is knocking
someone who you dont want on your machine, off. (ie a bad guy). this
might prove difficult using the above method, as the smart kids patch netstat
and ps, and possibly the kernel so that their processes/connections don't
show up when a list is made. if that is the case, you're far enough gone
to warrant a reinstall, IMNSHO.
you may be able to instantly completely drop a connection by firewalling
it using ipfwadm/ipchains, i'm not sure how those behave when you set up
a rule involving an already in-place connection.
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
