Related
I am not able to find an answer to a simple thing I will try to achive:
once a tcp connection is established to my linux server, let's say ssh / tcp 22 or x11 / tcp 6000 display -> how do I close this connection without killing the process (sshd / x11 display server).
I saw also some suggestoin to use iptables, but it does not work for me, the connection is still visible in netstat -an.
would be good if someone can point me to the right direction.
what I tried so far
tcpkill: kills the process, not good for me
iptables: does not close the established connection, but prevent further connections.
Thanks in adavnce
DJ
Ok, I found at least one solution (killcx) which is working. Maybe we will be able to find an easier solution.
Also, i saw the comment from "zb" - thanks - which might also work, but I was not able to find a working syntax, since this tool seems to be really useful but complex.
So here is an example how to work with the 1. solution which is working for me:
netstat -anp | grep 22
output: tcp 0 0 192.168.0.82:22 192.168.0.77:33597 VERBUNDEN 25258/0
iptables -A INPUT -j DROP -s 192.168.0.77 (to prevent reconnect)
perl killcx.pl 192.168.0.77:33597 (to kill the tcp connection)
killcx can be found here: http://killcx.sourceforge.net/
it "steals" the connection from the foreign host (192.168.0.77) and close it. So that solution is working fine, but to complex to setup quickly if you are under stress. Here are the required packages:
apt-get install libnetpacket-perl libnet-pcap-perl libnet-rawip-perl
wget http://killcx.sourceforge.net/killcx.txt -O killcx.pl
however, would be good to have an easier solution.
tcpkill wont work, since it will only kill any new connection, it doesnt kill existing ESTABLISHED connections
heres how you remove an Established TCP connection
find the PID of the process and the IP of the client connecting,
lets say you are on serverA and someone is connecting from serverB
root#A> netstat -tulpan | grep ssh | grep serverB
should see something like,
tcp 0 0 <serverA IP>:<port> <serverB>:<port> ESTABLISHED 221955/sshd
use lsof utility to get the File Descriptor of this connection using the parent PID
root#A> lsof -np 221995 | grep serverB IP
should see something like this
sshd 221955 <user> 17u IPv4 2857516568 0t0 TCP <serverA IP>:<port>-><serverB IP>:<port> (ESTABLISHED)
get the File Descriptor number (4th column) = 17u
use GDB to shut down this connection, w/out killing sshd
root#A> gdb -p 211955 --batch -ex 'call shutdown(17u, 2)'
should see something similar,
0x00007f0b138c0b40 in __read_nocancel () from /usr/lib64/libc.so.6
$1 = 0
[Inferior 1 (process 211955) detached]
that TCP connection should now be closed
How to create a TCP connection using nc which listens to multiple hosts?
nc -l -p 12345
Simultaneous connections are not possible with netcat. You should use something like ucspi-tcp's tcpserver tool or leverage xinetd since you're on Linux.
See: https://superuser.com/questions/232747/netcat-as-a-multithread-server
Consecutive connections could be handled through a shell script that restarts netcat after it finishes.
ncat can do it.
E.g. ncat --broker --listen -p 12345 will distribute all incoming messages to all other clients (think of it as a hub).
I recommend socat as nc alternative.
For OP's problem, socat - TCP-LISTEN:12345,fork,reuseaddr can do the job.
-k
Forces nc to stay listening for another connection after its current connection is completed. It is an error to use this option without the -l option.
using nc it is not possible to open parallel connections to same port, however you can trick nc to open multiple connections to same port.
To understand this, lets say you start listening on 4444 port using $ nc -l -p 4444 -v. Now, if you check output of $ netstat -anp | grep 4444 you will get its state as LISTEN and in here its pid is 3410.
tcp 0 0 0.0.0.0:4444 0.0.0.0:* LISTEN 3410/nc
Now, after it gets connected to client, lets say you run $ nc localhost 4444 -v, its state will get changed into ESTABLISHED. Now, try running $ netstat -anp | grep 4444 you will get its state as ESTABLISHED, see for same pid 3410, and a client process with pid 3435
tcp 0 0 127.0.0.1:46678 127.0.0.1:4444 ESTABLISHED 3435/nc
tcp 0 0 127.0.0.1:4444 127.0.0.1:46678 ESTABLISHED 3410/nc
Please note that there is no available listening port, so you can't have another client process. However if you run again $ nc -l -p 4444 -v you can have a listening port and can have multiple client process.
see netstat -anp | grep 4444 output after you start listening to same port.
tcp 0 0 0.0.0.0:4444 0.0.0.0:* LISTEN 3476/nc
tcp 0 0 127.0.0.1:46678 127.0.0.1:4444 ESTABLISHED 3435/nc
tcp 0 0 127.0.0.1:4444 127.0.0.1:46678 ESTABLISHED 3410/nc
see netstat -anp | grep 4444 output after you attach new client to same port.
tcp 0 0 127.0.0.1:4444 127.0.0.1:46694 ESTABLISHED 3476/nc
tcp 0 0 127.0.0.1:46678 127.0.0.1:4444 ESTABLISHED 3435/nc
tcp 0 0 127.0.0.1:4444 127.0.0.1:46678 ESTABLISHED 3410/nc
tcp 0 0 127.0.0.1:46694 127.0.0.1:4444 ESTABLISHED 3483/nc
You can say connections behavior is like:
SERVER_PROCESS_1 <---> CLIENT_PROCESS_1
SERVER_PROCESS_2 <---> CLIENT_PROCESS_2
so, you can write some script to simulate this behavior, or use this bash script to modify.
#!/usr/bin/bash
lport="4444"
i=0;
while [ true ]; do
echo "opening socket $(( i++ ))";
if [[ "$(ss sport = :$lport -l -H | wc -l)" -eq 0 ]]; then
nc -l -vv -p $lport &
#do something else to process or attach different command to each diff server process
fi;
if [[ "$(ss sport = :$lport -l -H | wc -l)" -ne 0 ]]; then
watch -n 0.1 -g "ss sport = :$lport -l -H" > /dev/null;
fi;
if [[ i -eq 10 ]]; then
break;
fi;
done;
in here every time client consume a connection this script will start new listen socket.
This behavior is however can be changed in ncat (here, using -k)as you can analyze the with below example:
server is started using $ ncat -l -p 4444 -v -4 -k and 3 clients are started using $ ncat -4 localhost 4444. Now output for $ netstat -anp | grep 4444 is:
tcp 0 0 0.0.0.0:4444 0.0.0.0:* LISTEN 3596/ncat
tcp 0 0 127.0.0.1:4444 127.0.0.1:46726 ESTABLISHED 3596/ncat
tcp 0 0 127.0.0.1:46726 127.0.0.1:4444 ESTABLISHED 3602/ncat
tcp 0 0 127.0.0.1:46722 127.0.0.1:4444 ESTABLISHED 3597/ncat
tcp 0 0 127.0.0.1:4444 127.0.0.1:46724 ESTABLISHED 3596/ncat
tcp 0 0 127.0.0.1:4444 127.0.0.1:46722 ESTABLISHED 3596/ncat
tcp 0 0 127.0.0.1:46724 127.0.0.1:4444 ESTABLISHED 3601/ncat
Every time new client connect, server fork its process to attach to client, so each server process is using same pid. So output of server in this way is shared to every attached clients, however each client can send individual message to server.
You can say connections behavior is like:
SERVER_PROCESS_1 <---> CLIENT_PROCESS_1
SERVER_PROCESS_1 <---> CLIENT_PROCESS_2
SERVER_PROCESS_1 <---> CLIENT_PROCESS_3
without -k, ncat will behave same as nc.
Benefits or loses can be defined on how they are to be needed.
For this example, i used nc or nc.traditional (v1.10-41.1+b1), and ncat (7.80).
This is an incomplete answer, because I haven't got it working. Arguably more of a question, in fact. Maybe someone else can finish it off.
First of all, it seems there are different versions of netcat. I'm on Ubuntu, so I've probably got the version that came with Ubuntu. When I nc -h, it says this:
OpenBSD netcat (Debian patchlevel 1.187-1ubuntu0.1)
When I run man nc, it says this:
-F Pass the first connected socket using sendmsg(2) to stdout and exit. This
is useful in conjunction with -X to have nc perform connection setup with
a proxy but then leave the rest of the connection to another program (e.g.
ssh(1) using the ssh_config(5) ProxyUseFdpass option).
It seems to me that this means that, instead of doing the usual thing with stdin and stdout, it just prints something to stdout. That something could then be used by another process to do the actual connection to the client.
Unfortunately, -F has no effect that I can see. So maybe I'm doing it wrong. Or maybe there's some secret pipe somewhere that I have to listen to, or a supplementary argument they forgot to document. Or maybe I happen to have a broken build of netcat, and it works for everyone else who's on Ubuntu.
In combination with the -k option (or, failing that, a while-true loop), this would allow many different clients to have separate connections. Suppose you have an executable called handle_connection, which takes as arguments an in file descriptor from a client and an out file descriptor to the client, and spawns a subprocess which communicates with the client. Then the server script might look like this:
nc -lkF $host $port | while read in out ; do
handle_connection $in $out ;
done
ncat can do it, but the correct command with ncat is:
ncat --keep-open --listen -p 12345
This will accept multiple connections at the same time.
You can then send the data with multiple clients. e.g. open in two or more terminals, and try typing there:
nc localhost 12345
I have three MySQL database sockets running on a Linux machine. By the cmd "sudo netstat -npl|grep mysql", I can find the ports and db sockets. But I need to match them one to one by using pid.
Is there any cmd I can use to show the port number of a db socket directly in Linux?
The output looks like this:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3886/mysqld
The PID of the mysqld process is the number before /mysqld, i.e. 3886.
There's several different ways to do it, but for your purposes, I suggest simply looking at the output of the command you're already running.
$ sudo netstat -npl|grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1124/mysqld
unix 2 [ ACC ] STREAM LISTENING 8713 1124/mysqld /var/run/mysqld/mysqld.sock
This is telling me that process 1124 is listening on 3306 and /var/run/mysqld/mysqld.sock
I tried to close the tomcat using ./shutdown.sh from tomcat /bin directory. But found that the server was not closed properly. And thus I was unable to restartMy tomcat is running on port 8080.
I want to kill the tomcat process running on 8080. I first want to have the list of processes running on a specific port (8080) in order to select which process to kill.
This fuser 8080/tcp will print you PID of process bound on that port.
And this fuser -k 8080/tcp will kill that process.
Works on Linux only. More universal is use of lsof -i4 (or 6 for IPv6).
To list any process listening to the port 8080:
lsof -i:8080
To kill any process listening to the port 8080:
kill $(lsof -t -i:8080)
or more violently:
kill -9 $(lsof -t -i:8080)
(-9 corresponds to the SIGKILL - terminate immediately/hard kill signal: see List of Kill Signals and What is the purpose of the -9 option in the kill command?. If no signal is specified to kill, the TERM signal a.k.a. -15 or soft kill is sent, which sometimes isn't enough to kill a process.).
Use the command
sudo netstat -plten |grep java
used grep java as tomcat uses java as their processes.
It will show the list of processes with port number and process id
tcp6 0 0 :::8080 :::* LISTEN
1000 30070621 16085/java
the number before /java is a process id. Now use kill command to kill the process
kill -9 16085
-9 implies the process will be killed forcefully.
Option 1 A One-liner to kill only LISTEN on specific port:
kill -9 $(lsof -t -i:3000 -sTCP:LISTEN)
Option 2 If you have npm installed you can also run
npx kill-port 3000
One liner, a time saver
kill -9 $(lsof -t -i tcp:8080)
Explanation here: use a combination of lsof and kill
root#localhost:~# lsof -i tcp:8080
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 23672 sine 238u IPv6 3028222 0t0 TCP localhost:http-alt (LISTEN)
select pid and use kill
kill 23672
You can use the lsof command.
Let port number like here is 8090
lsof -i:8090
This command returns a list of open processes on this port.
Something like…
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ssh 75782 eoin 5u IPv6 0x01c1c234 0t0 TCP localhost:8090 (LISTEN)
To free the port, kill the process using it(the process id is 75782)…
kill -9 75782
This one worked for me.
here is the link from the original post: link
If you want to kill a process running on port number 8080 then first you need to find the 8080 port process identification number(PID) and then kill it. Run the following command to find 8080 port number PID:
sudo lsof -t -i:8080
Here,
sudo - command to ask admin privilege(user id and password).
lsof - list of files(Also used for to list related processes)
-t - show only process ID
-i - show only internet connections related process
:8080 - show only processes in this port number
So you can now easily kill your PID using following command:
sudo kill -9 <PID>
Here,
kill - command to kill the process
-9 - forcefully
You can use one command to to kill a process on a specific port using the following command:
sudo kill -9 $(sudo lsof -t -i:8080)
For more you can see the following link
How to kill a process on a specific port on linux
Best way to kill all processes on a specific port;
kill -9 $(sudo lsof -t -i:8080)
This prints to stdout the process ids of everything running on <port_number>:
fuser -n tcp <port_number>
It also prints some stuff to stderr, so:
fuser -n tcp <port_number> 2> /dev/null
We can then supply these process ids to the kill command:
sudo kill $(fuser -n tcp <port_number> 2> /dev/null)
You could also put this in a function if you do it a lot:
function killport() {
sudo kill $(fuser -n tcp $1 2> /dev/null)
}
To know the pid of service running on particular port :
netstat -tulnap | grep :*port_num*
you will get the description of that process. Now use kill or kill -9 pid. Easily killed.
e.g
netstat -ap | grep :8080
tcp6 0 0 :::8080 :::* LISTEN 1880/java
Now:
kill -9 1880
Remember to run all commands as root
Get the PID of the task and kill it.
lsof -ti:8080 | xargs kill
First you need to do is run (replace with your port number):
fuser -k 3000/tcp
This will release the port. After you run the above command run:
service docker restart
And your problem is resolved.
try like this,
sudo fuser -n tcp -k 8080
Choose the port number and apply the grep in netstat command as shown below
netstat -ap | grep :7070
Console Output
tcp 0 0 :::7070 :::* LISTEN 3332/java
Kill the service based on PID ( Process Identification Number )
kill -9 3332
This will kill programs running on port 80
sudo fuser -k 80/tcp
Run the following command to find 8080 port number PID:
sudo lsof -t -i:8080
You can now easily kill your PID using following command:
sudo kill -9
You can use one command to to kill a process on a specific port using the following command:
sudo kill -9 $(sudo lsof -t -i:8000)
lsof -i tcp:8000
This command lists the information about process running in port 8000
kill -9 [PID]
This command kills the process
Linux: First you can find PID of this command if you know the port :
netstat -tulpn
example:-
Local Address Foreign Address State PID/Program name
:::3000 :::* LISTEN 15986/node
You then take the kill process. run the following command:
kill -9 PID
Expample: -
kill -9 15986
Linux: You can use this command if you know the port :
netstat -plten | grep LISTEN | grep 8080
AIX:
netstat -Aan | grep LISTEN | grep 8080
You then take the first column (example: f100050000b05bb8) and run the following command:
rmsock f100050000b05bb8 tcpcb
kill process.
You can know list of all ports running in system along with its details (pid, address etc.) :
netstat -tulpn
You can know details of a particular port number by providing port number in following command :
sudo netstat -lutnp | grep -w '{port_number}'
ex: sudo netstat -lutnp | grep -w '8080'
Details will be provided like this :
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
if you want to kill a process using pid then : kill -9 {PID}
if you want to kill a process using port number : fuser -n tcp {port_number}
use sudo if you are not able to access any.
Simply run this command. Don't forget to replace portnumber, with your port ;)
kill -9 $(sudo lsof -t -i:portnumber)
kill -9 `fuser 8080/tcp|xargs -n 1`, this commands also kills the process that listens on port 8080 with TCP connection
sudo apt-get install psmisc (or sudo yum install psmisc)
sudo fuser 80/tcp
Result:
80/tcp: 1858 1867 1868 1869 1871
Kill process one by one
kill -9 1858
I'm working on a Yocto Linux system that has a limited set of available Linux tools. I wanted to kill the process that was using a particular port (1883).
First, to see what ports we are listening to I used the following command:
root#root:~# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:hostmon 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
tcp 0 0 :::hostmon :::* LISTEN
tcp 0 0 localhost:domain :::* LISTEN
tcp 0 0 :::ssh :::* LISTEN
tcp 0 0 :::1883 :::* LISTEN
Next, I found the name of the process using port 1883 in the following way:
root#root:~# fuser 1883/tcp
290
root#root:~# ps | grep 290
290 mosquitt 25508 S /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
12141 root 8444 S grep 290
As we can see above, it's the program /usr/sbin/mosquitto that's using port 1883.
Lastly, I killed the process:
root#root:~# systemctl stop mosquitto
I used systemctl becuase in this case it was a systemd service.
This is the solution for Windows:
C:\Users\Niroshan>netstat -ano|findstr "PID :8080"
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 18264
taskkill /pid 18264 /f
first check the process netstat -lt
check process id fuser <port number>/tcp
kill the process running on the port kill <process id>
Other way with Git Bash:
stopProcessByPortNumber() {
port=":${1}"
portStrLine="$(netstat -ano | findstr LISTENING | findstr $port)"
processId="$(grep -oP '(\d+)(?!.*\d)' <<< $portStrLine)"
echo $processId
taskkill -PID $processId -F
}
In my case cent os has some issue in suggested answer. So I used following solution :
ss -tanp | grep 65432 | head -1 | grep -Po "(?<=pid=).*(?=,)" | xargs kill
to build on what #veer7 said:
if you want to know what was on the port, do this before you kill it.
$ sudo netstat -plten |grep java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 1000 906726 25296/java
tcp6 0 0 :::8009 :::* LISTEN 1000 907503 25296/java
tcp6 0 0 :::8080 :::* LISTEN 1000 907499 25296/java
$ ps 25296
PID TTY STAT TIME COMMAND
25296 ? Sl 0:16 /usr/lib/jvm/java-8-openjdk-amd64/bin/java -Dcatalina.base=/hom
Use 'ps' and the number of the process that netstat reported back
How to kill process if the service on the port is not responding
timeout 1 telnet localhost 8080 2>&1 | if grep -q 'Unable'; then sudo kill -9 $(sudo lsof -t -i:8080); fi
What it does
Start 'timeout' with one second, to make telnet exit
' 2>&1 | ' pipe error-message without exiting
If error-message contains 'Unable', then run the kode to kill process locking port 8080
This can ble placed in a file and run regulary from 'sudo crontab'
We have an linux application (we don't have the source) that seems to be hanging. The socket between the two processes is reported as ESTABLISHED, and there is some data in the kernel socket buffer (although nowhere near the configured 16M via wmem/rmem). Both ends of the socket seem to be stuck on a sendto().
Below is some investigation using netstat/lsof and strace:
HOST A (10.152.20.28)
[root#hosta ~]# lsof -n -u df01 | grep 12959 | grep 12u
q 12959 df01 12u IPv4 4398449 TCP 10.152.20.28:38521->10.152.20.29:gsigatekeeper (ESTABLISHED)
[root#hosta ~]# netstat -anp | grep 38521
tcp 268754 90712 10.152.20.28:38521 10.152.20.29:2119 ESTABLISHED 12959/q
[root#hosta ~]# strace -p 12959
Process 12959 attached - interrupt to quit
sendto(12, "sometext\0somecode\0More\0exJKsss"..., 542, 0, NULL, 0 <unfinished ...>
Process 12959 detached
[root#hosta~]#
HOST B (10.152.20.29)
[root#hostb ~]# netstat -anp | grep 38521
tcp 72858 110472 10.152.20.29:2119 10.152.20.28:38521 ESTABLISHED 25512/q
[root#hostb ~]# lsof -n -u df01 | grep 38521
q 25512 df01 14u IPv4 6456715 TCP 10.152.20.29:gsigatekeeper->10.152.20.28:38521 (ESTABLISHED)
[root#hostb ~]# strace -p 25512
Process 25512 attached - interrupt to quit
sendto(14, "\0\10\0\0\0Owner\0sym\0Type\0Ctpy\0Time\0Lo"..., 207, 0, NULL, 0 <unfinished ...>
Process 25512 detached
[root#hostb~]#
We have upgraded the NIC driver to the latest and greatest. The systems are running RHEL 5.6 x64 (2.6.18-238.el5), I have checked the eratta for RHEL 5.7 and 5.8 but I can see no mention of bugs with the bnx2 driver or the kernel.
Does anyone have any ideas of how to debug this further?
Is either side actually reading? If not, it could be that both sides' receive buffers are full, leading to not sending data (due to the receive window being filled), leading to both send buffers being filled, which will cause sendto to block. (It's possible that this could happen despite your setting of wmem/rmem if the application is setting the SO_RCVBUF and SO_SNDBUF socket options.)
To debug this, I'd synchronize both machine's clocks, then run both applications under strace with the -e trace=network and -tt options, so you can compare the logs and see if the application isn't reading.
You could also use a network analyzer (such as Wireshark) to determine if the TCP receive window gets stuck on 0.
If this is the case, you could probably work around this by creating a small caching proxy, which would recv/send from both sides, buffering whatever can't be sent at the time.