Header Shadow Image

«
»

Kill An Established Connection on DD-WRT and TP-LINK Router

So I had an established connection on my router that didn't look like it belonged.  I didn't recognize the device and it wasn't pingable so it was probably a stale old connection.  In this case it was one of my mobile devices which went offline sometime back but didn't close the connection.  On most systems I can use LSOF to check on the open files from the PID that's listed from netstat but lsof isn't installed on DD-WRT:

In this case, we can get teh PID from netstat -nap then list the processes that will hopefully tell us what connection that is:


root@DD-WRT-INTERNET:~# netstat -nap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
……
tcp        0      0 192.168.0.1:22          192.168.0.17:49858      ESTABLISHED 17700/dropbear
tcp        0    132 192.168.0.1:22          192.168.0.15:51286      ESTABLISHED 5220/dropbear
tcp        0      0 192.168.0.1:22          42.205.232.251:12233   ESTABLISHED 4869/dropbear
tcp        0     37 192.168.0.1:56031       192.168.0.10:3389       ESTABLISHED 4803/dropbear
tcp        0      0 192.168.0.1:22          42.205.232.251:1898    ESTABLISHED 4803/dropbear
…..
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  3      [ ]         STREAM     CONNECTED     2262658 821/process_monitor
unix  3      [ ]         STREAM     CONNECTED     2262657 821/process_monitor
unix  2      [ ]         DGRAM                    2262489 16941/dnsmasq
root@DD-WRT-INTERNET:~# ps|grep dropbear
 4803 root      1480 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
 4869 root      1332 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
 5220 root      1028 R    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
16962 root       972 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
17700 root      1664 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
root@DD-WRT-INTERNET:~#

Looking at the above, we clearly see that which process holds that connection and makes the job easy.


root@DD-WRT-INTERNET:~# which strace
root@DD-WRT-INTERNET:~# kill 17700
root@DD-WRT-INTERNET:~# ps|grep dropbear
 4803 root      1480 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
 4869 root      1332 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
 5220 root      1028 R    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
16962 root       972 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
root@DD-WRT-INTERNET:~# netstat -nap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
…..
tcp        0      1 192.168.0.1:22          192.168.0.17:49858      FIN_WAIT1   –
tcp        0    132 192.168.0.1:22          192.168.0.15:51286      ESTABLISHED 5220/dropbear
tcp        0      0 192.168.0.1:22          42.205.232.251:12233   ESTABLISHED 4869/dropbear
tcp        0     37 192.168.0.1:56031       192.168.0.10:3389       ESTABLISHED 4803/dropbear
tcp        0      0 192.168.0.1:22          42.205.232.251:1898    ESTABLISHED 4803/dropbear
…..
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  3      [ ]         STREAM     CONNECTED     2262658 821/process_monitor
unix  3      [ ]         STREAM     CONNECTED     2262657 821/process_monitor
unix  2      [ ]         DGRAM                    2262489 16941/dnsmasq
root@DD-WRT-INTERNET:~#

This entry was posted on Monday, July 29th, 2013 at 6:11 pm and is filed under NIX Posts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
     
  Copyright © 2003 - 2025 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License

  

0
Would love your thoughts, please comment.x
()
x
The IT Development and Technology Mini Vault | MicroDevSys.com
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.