tcpkill(8)
Kill TCP connections by dropping packets matching a specified pattern.
Synopsis
tcpkill [-i interface] [-1 | -2 | -3 | -4 | -5 | -6 | -7 | -8 | -9] [-s sourceip] [-d destip] [-S sourceport] [-D destport] expressionDescription
tcpkill is a tool that kills existing TCP connections by injecting forged TCP reset (RST) packets into the network stream, causing both endpoints to terminate the connection gracefully. It uses libpcap to monitor traffic and matches connections based on Berkeley packet filter expressions.
The command requires root or administrator privileges to send forged packets. It works by capturing packets matching your filter criteria and then sending RST packets back to both the source and destination to abruptly close the connection.
Common options
| Flag | What it does |
|---|---|
-i interface | Listen on the specified network interface (e.g., eth0, wlan0) |
-s sourceip | Match only connections from this source IP address |
-d destip | Match only connections to this destination IP address |
-S sourceport | Match only connections from this source port |
-D destport | Match only connections to this destination port |
-1 through -9 | Send 1-9 forged packets per connection (default is 3) |
-n | Don't attempt to resolve hostnames |
Examples
Kill all TCP connections to/from a specific IP address on eth0
sudo tcpkill -i eth0 host 192.168.1.100Kill all HTTP connections (port 80) between your machine and 10.0.0.5
sudo tcpkill -i wlan0 -D 80 host 10.0.0.5Kill all SSH connections originating from port 22 on the 192.168.1.0/24 subnet
sudo tcpkill -i eth0 -S 22 src 192.168.1.0/24Kill all connections involving port 8080 on the current interface
sudo tcpkill -i eth0 port 8080Kill connections to 172.16.0.50, sending 9 RST packets per connection
sudo tcpkill -i eth0 -9 dst 172.16.0.50Kill all HTTP and HTTPS connections using a complex BPF expression
sudo tcpkill -i wlan0 'tcp and (dst port 443 or dst port 80)'