Package: dsniff (2.4b1+debian-18) tcpkill

por | 8 enero, 2013

Package: dsniff (2.4b1+debian-18)

Various tools to sniff network traffic for cleartext insecurities

This package contains several tools to listen to and create network traffic:


 * arpspoof  - Send out unrequested (and possibly forged) arp replies.
 * dnsspoof  - forge replies to arbitrary DNS address / pointer queries
             on the Local Area Network.
 * dsniff    - password sniffer for several protocols.
 * filesnarf - saves selected files sniffed from NFS traffic.
 * macof     - flood the local network with random MAC addresses.
 * mailsnarf - sniffs mail on the LAN and stores it in mbox format.
 * msgsnarf  - record selected messages from different Instant Messengers.
 * sshmitm   - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
 * sshow     - SSH traffic analyser.
 * tcpkill   - kills specified in-progress TCP connections.
 * tcpnice   - slow down specified TCP connections via "active"
             traffic shaping.
 * urlsnarf  - output selected URLs sniffed from HTTP traffic in CLF.
 * webmitm   - HTTP / HTTPS monkey-in-the-middle. transparently proxies.
 * webspy    - sends URLs sniffed from a client to your local browser
             (requires libx11-6 installed).

inux: How to kill a TCP connection using netstat?

You cannot kill a TCP connection using netstat utility. netstat is use for

  • Display network connections
  • Routing tables
  • Interface statistics
  • Masquerade connections
  • Multicast memberships
  • And much more

However Linux support two other commands or utility that can be used to kill a TCP connection.

tcpkill command

Use tcpkill command to kill specified in-progress TCP connections. It is useful for libnids-based applications which require a full TCP 3-whs for TCB creation.


tcpkill -i eth0 { expression }


(a) Kill all outgoing ftp (port 21) connection:

tcpkill -i eth0 port 21

(b) Kill all all packets arriving at or departing from host (

tcpkill host


tcpkill host

 (c) To kill all IP packets between and any host except, type the following:

tcpkill ip host and not

Since tcpkill expressions are based upon tcpdump command’s filter expression, it is recommended that you read options with expression and examples.

cutter command

Cutter is an open source program that allows Linux firewall administrators to abort TCP/IP connections routed over Linux based firewall. It works on Linux router only. We have already covered examples of cutter here.