Linux implementation of tcpdrop (dropping TCP sockets on working system)
Latest commit 0512e4f Jul 28, 2012 @arut Merge pull request #3 from CaledoniaProject/master
Included a dkms configuration


== Linux tcpdrop kernel module ==

(c) 2012 Roman Arutyunyan <>

This module lets you drop TCP connections from 
working Linux system. It also supports unscheduling 
TIME_WAIT sockets.

The module creates pseudo-file /proc/net/tcp_drop
which expects input of the following format:

saddr:sport daddr:dport

Note: Spaces between the two can be of any type & size.


Linux kernel 3.0.0

Build & install:

Untar/ungzip & cd to module directory & just run make.

Load module:

sudo insmod ./tcp_drop.ko

Unload module:

sudo rmmod tcp_drop

Note: remember you need root privileges to write to /proc/net/tcp_drop.


We have 4 connected sockets by IMAP client (port 143). Let's drop the last one:

netstat -n|grep ESTABLISHED|grep 143

tcp        0      0        ESTABLISHED
tcp        0      0        ESTABLISHED
tcp        0      0        ESTABLISHED
                    ^.............copy this...............^

Just copy the middle part of string (incl. tabs/spaces) to /proc/net/tcp_drop:

echo "" > /proc/net/tcp_drop

Now it'dead:

netstat -n|grep ESTABLISHED|grep 143
tcp        0      0        ESTABLISHED
tcp        0      0        ESTABLISHED

IMAP client has received a socket error & will reconnect when needed.


Let's kill a TIME_WAIT socket.
I've just created a TIME_WAIT socket with a netcat connection to localhost:8080:

netstat -n|grep TIME_WAIT
tcp        0      0          TIME_WAIT

Here's how to kill it (it's better to say 'unschedule'):

echo "" > /proc/net/tcp_drop

Let's see:

netstat -n|grep TIME_WAIT

<nothing here>

IPv6 support:

If built for non-ancient (>2.6.19) kernel IPv6 is fully supported.
Dropping IPv6 connections is done the same way as IPv4:

echo "::1:34717               ::1:8080" > /proc/net/tcp_drop

Standard representation of IPv6 address with port ([ipv6addr]:port)
is also supported:

echo "[::1]:34717               [::1]:8080" > /proc/net/tcp_drop

What server/client code receives:

All code which has been using the socket killed
receives network error (it's like receiving TCP RESET):

telnet localhost 8080
Trying ::1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.