killing a socket connection from cmdline?

I would like to test my client socket exception code. Is there
a way to clobber the socket connection from outside the program?
I could just take the network interface down, but I would prefer
something a bit more targeted.

Here's an example... I would like FD 5 to fail, causing the
client to have a read or write error to the database server.

ohm ~$ lsof -p 30951|head -1
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
orcltest 30951 mh 5u IPv4 40154281 TCP ohm:33058->db:ncube-lm (ESTABLISHED)

Many TIA!
Mark

--
Mark Harrison
Pixar Animation Studios

Maxwell Lol <(E-Mail Removed)> wrote:
> (E-Mail Removed) writes:
>
> > I would like to test my client socket exception code. Is there
> > a way to clobber the socket connection from outside the program?
> > I could just take the network interface down, but I would prefer
> > something a bit more targeted.
>
> You could fabricate a RST packet (forging the source IP address) and
> pump it on the wire.

Thanks... any pointers on how to do that?

Thanks!

--
Mark Harrison
Pixar Animation Studios

Maxwell Lol wrote:
> (E-Mail Removed) writes:
>
>> Maxwell Lol <(E-Mail Removed)> wrote:
>>> (E-Mail Removed) writes:
>>>
>>>> I would like to test my client socket exception code. Is there
>>>> a way to clobber the socket connection from outside the program?
>>>> I could just take the network interface down, but I would prefer
>>>> something a bit more targeted.
>>> You could fabricate a RST packet (forging the source IP address) and
>>> pump it on the wire.
>> Thanks... any pointers on how to do that?
>
> You have to look at a "raw socket" packet generator.
> And you have to be superuser.
> You probably need a network sniffer as well.
>
> Let me google a few references...
>
> http://en.wikipedia.org/wiki/Raw_socket
> http://kerneltrap.org/node/3072 - TCP RST attacks
> http://search.cpan.org/dist/Net-RawIP/lib/Net/RawIP.pm - a Perl module
> http://mixter.void.ru/rawip.html - raw IP in C
>
> In the C version, you want a TH_RST packet.
>
>
> RST is designed to handle the following case.
>
>
>
> A and B establish a connection.
> B reboots, and forgets about this.
> A sends a packet to B to port X from port Y.
>
> B sends a RST packet back, saying "what are you talking about? I don't
> have a connection with you. Please close this connection down."
>
> So you have to know/fake the IP address of B, and know both ports X
> and Y. One of the ports will be the well known port number. The other
> you have to find out. I thnk you also need to know the sequence
> number.
>
> Typically people do this with a sniffer. You could use a switch with a
> packet mirroring function, or run a sniffer on either host A or B.
>
> As a note, Comcast did this to disable P2P traffic.
> http://www.eff.org/wp/packet-forgery...comcast-affair
>
> Here's a tool that might be useful - I found this with google.
>
> NAST - Network Analyzer Sniffing Tool - http://nast.berlios.de/
>
> It can reset an extablished conection.
>
> Sorry - that's the best I can do...
>
>
>
>
>
>
I believe that if the client application has set SO_LINGER as a socket
option with a timeout of 0 it will send a reset when the connection is
closed.

I am pretty sure that Windows will do this, not sure about Linux.

Noah Davids <(E-Mail Removed)> wrote:
> I believe that if the client application has set SO_LINGER as a
> socket option with a timeout of 0 it will send a reset when the
> connection is closed.

> I am pretty sure that Windows will do this, not sure about Linux.

My understanding is that just about any stack's socket interface is
supposed to behave that way with SO_LINGER set to a timeout of 0.

While I generally frown upon it with extreme prejudice, both HP-UX
11.X and Solaris (IIRC Solaris still has it) has an ndd option
(tcp_discon and/or tcp_discon_by_addr) that will effectively do the
same thing to a local endpoint, and I believe cause it to issue an RST
segment to the remote. So, if one half of your connection were on
such a platform, you could get by without special case code in the
application itself, or needing to have knowledge of the current
sequence numbers for the connection etc that one needs to "forge" the
RST segment from an external application.

rick jones
--
oxymoron n, Hummer H2 with California Save Our Coasts and Oceans plates
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

On Dec 24 2008, 9:05*am, m...@pixar.com wrote:
> Here's an example... I would like FD 5 to fail, causing the
> client to have a read or write error to the database server.
>
> ohm ~$ lsof -p 30951|head -1
> COMMAND * * PID USER * FD * TYPE * DEVICE * * SIZE * * NODE NAME
> orcltest *30951 * mh * *5u *IPv4 40154281 * * * * * * * TCP ohm:33058->db:ncube-lm (ESTABLISHED)

If what you want is really kill the socket, you may use fuser:

# fuser -k 22/tcp
# fuser -k 53/udp

But, as suggested before, if you want to get a RST packet, you may use
iptables with the match extension connbytes:

# iptables -A INPUT -p tcp --dport $PORT -m connbytes --connbytes 50 --
connbytes-dir both --connbytes-mode bytes -j REJECT --reject-with tcp-
reset

With this rule, when the connection gets more than 50 bytes, it will
be rejected. Remember to set $PORT to your app TCP port.

(E-Mail Removed) wrote:
> Maxwell Lol <(E-Mail Removed)> wrote:
>> (E-Mail Removed) writes:
>>
>>> I would like to test my client socket exception code. Is there
>>> a way to clobber the socket connection from outside the program?
>>> I could just take the network interface down, but I would prefer
>>> something a bit more targeted.
>> You could fabricate a RST packet (forging the source IP address) and
>> pump it on the wire.
>
> Thanks... any pointers on how to do that?
>
> Thanks!
>

for all unix-like platform, commonly command :

kill -9 `lsof | grep ESTABLISHED | awk '{print $2}'`

Kevin.Gui wrote:
>
>
> (E-Mail Removed) wrote:
>> Maxwell Lol <(E-Mail Removed)> wrote:
>>> (E-Mail Removed) writes:
>>>
>>>> I would like to test my client socket exception code. Is there
>>>> a way to clobber the socket connection from outside the program?
>>>> I could just take the network interface down, but I would prefer
>>>> something a bit more targeted.
>>> You could fabricate a RST packet (forging the source IP address) and
>>> pump it on the wire.
>>
>> Thanks... any pointers on how to do that?
>>
>> Thanks!
>>
>
> for all unix-like platform, commonly command :
>
> kill -9 `lsof | grep ESTABLISHED | awk '{print $2}'`
>
>

what's different between two commands(lsof and fuser) when using, is it
same?

On Jan 13, 7:50 am, "Kevin.Gui" <kevin....@sonataservices.com> wrote:
> what's different between two commands(lsof and fuser) when using, is it

If I really understand what you are asking, I think that is the easy
of use...

See, with lsof you will need a helper app to kill the socket owner, as
with lsof you just got the socket owner pid.

> kill -9 `lsof | grep ESTABLISHED | awk '{print $2}'`

But with fuser, you just need to pass the port number of the socket,
and no pid is need:

> fuser -k 22/tcp

Of course that fuser will grab the pid by its own.