Linux下用Dsniff的tcpkill命令處理FIN_WAIT鏈接

在Linux系統中，遇到TCP鏈接遲遲不能釋放的情況，類似FIN_WAIT1、FIN_WAIT2的狀態，釋放時間不確定，而且對應的程序已經關閉，相應的端口也不再監聽，無法通過殺進程來解決，這種情況下，為了快速恢復正常，不得不采用重啟服務器的方法加以解決，在經過各大網站搜索找到Linux下dsniff包中含有tcpkill命令，該命令可以將上述狀態的TCP鏈接加以清除，進而免除服務器重啟的情況，因為重啟服務器有風險（機器可能宕機起不來），若是趕上節假日，機房工作人員不方便操作，就會嚴重影響業務正常運行，損失自不必說，自己評估吧，吼吼吼^_^

個人在 RHEL 6 和 RHEL 5.x系統中均做了安裝，開始在RHEL 6中嘗試以源碼安裝，由於依賴太多包，安裝繁瑣，最後采取rpm的安裝方式，最終成功安裝，現在加以總結，整理該文檔，將網上部分文章加以匯總，希望能對各位同仁有所幫助，過程如下:

1、RHEL5.x系統中安裝比較簡單：
wget http://apt.sw.be/RedHat/el5/en/i386/rpmforge/RPMS/dsniff-2.4-0.1.b1.el5.rf.i386.rpm
rpm -ivh dsniff-2.4-0.1.b1.el5.rf.i386.rpm
[root@tech02 tmp]# rpm -ivh dsniff-2.4-0.1.b1.el5.rf.i386.rpm
warning: dsniff-2.4-0.1.b1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Preparing... ########################################### [100%]
1:dsniff ########################################### [100%]
[root@tech02 tmp]# rpm -ql dsniff | grep bin
/usr/sbin/arpspoof
/usr/sbin/dnsspoof
/usr/sbin/dsniff
/usr/sbin/filesnarf
/usr/sbin/macof
/usr/sbin/mailsnarf
/usr/sbin/msgsnarf
/usr/sbin/sshmitm
/usr/sbin/sshow
/usr/sbin/tcpkill
/usr/sbin/tcpnice
/usr/sbin/urlsnarf
/usr/sbin/webmitm
/usr/sbin/webspy
以上就有tcpkill命令，說明安裝成功！可以使用了。
2、RHEL 6系統:
wget ftp://ftp.univie.ac.at/systems/linux/Fedora/epel/6/i386/dsniff-2.4-0.9.b1.el6.i686.rpm
wget ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/libnet-1.1.5-1.el6.i686.rpm
wget ftp://ftp.univie.ac.at/systems/linux/fedora/epel/6/i386/libnids-1.24-1.el6.i686.rpm
[root@RHEL601 tmp]# rpm -e libnet libnids --nodeps
[root@RHEL601 tmp]# rpm -ivh dsniff-2.4-0.9.b1.el6.i686.rpm
warning: dsniff-2.4-0.9.b1.el6.i686.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
error: Failed dependencies:
libICE.so.6 is needed by dsniff-2.4-0.9.b1.el6.i686
libSM.so.6 is needed by dsniff-2.4-0.9.b1.el6.i686
libXmu.so.6 is needed by dsniff-2.4-0.9.b1.el6.i686
libnet.so.1 is needed by dsniff-2.4-0.9.b1.el6.i686
libnids.so.1.24 is needed by dsniff-2.4-0.9.b1.el6.i686
[root@RHEL601 tmp]# yum install libICE libSM libXmu -y
Loaded plugins: rhnplugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package libICE.i686 0:1.0.6-1.el6 set to be updated
---> Package libSM.i686 0:1.1.0-7.1.el6 set to be updated
---> Package libXmu.i686 0:1.0.5-1.el6 set to be updated
--> Processing Dependency: libXt.so.6 for package: libXmu-1.0.5-1.el6.i686
--> Running transaction check
---> Package libXt.i686 0:1.0.7-1.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
Package Arch Version Repository Size
====================================================================================================
Installing:
libICE i686 1.0.6-1.el6 Server 52 k
libSM i686 1.1.0-7.1.el6 Server 26 k
libXmu i686 1.0.5-1.el6 Server 58 k
Installing for dependencies:
libXt i686 1.0.7-1.el6 Server 168 k

Transaction Summary
====================================================================================================
Install 4 Package(s)
Upgrade 0 Package(s)

Total download size: 305 k
Installed size: 668 k
Downloading Packages:
----------------------------------------------------------------------------------------------------
Total 2.4 MB/s | 305 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
db4-devel-4.7.25-17.el6.i686 has missing requires of db4 = ('0', '4.7.25', '17.el6')
db4-devel-4.7.25-17.el6.i686 has missing requires of db4-cxx = ('0', '4.7.25', '17.el6')
db4-devel-4.7.25-17.el6.i686 has missing requires of libdb_cxx-4.7.so
libnet-devel-1.1.5-1.el6.i686 has missing requires of libnet = ('0', '1.1.5', '1.el6')
libnet-devel-1.1.5-1.el6.i686 has missing requires of libnet.so.1
libnids-devel-1.24-1.el6.i686 has missing requires of libnids = ('0', '1.24', '1.el6')
libnids-devel-1.24-1.el6.i686 has missing requires of libnids.so.1.24
rrdtool-1.4.4-1.el5.rf.i386 has missing requires of gettext
rrdtool-1.4.4-1.el5.rf.i386 has missing requires of perl(Time::HiRes)
rrdtool-1.4.4-1.el5.rf.i386 has missing requires of ruby
rrdtool-1.4.4-1.el5.rf.i386 has missing requires of xorg-x11-fonts-Type1
Installing : libICE-1.0.6-1.el6.i686 1/4
Installing : libSM-1.1.0-7.1.el6.i686 2/4
Installing : libXt-1.0.7-1.el6.i686 3/4
Installing : libXmu-1.0.5-1.el6.i686 4/4

Installed:
libICE.i686 0:1.0.6-1.el6 libSM.i686 0:1.1.0-7.1.el6 libXmu.i686 0:1.0.5-1.el6

Dependency Installed:
libXt.i686 0:1.0.7-1.el6

Complete!
[root@RHEL601 tmp]# rpm -ivh libnet-1.1.5-1.el6.i686.rpm libnids-1.24-1.el6.i686.rpm dsniff-2.4-0.9.b1.el6.i686.rpm
warning: libnet-1.1.5-1.el6.i686.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing... ########################################### [100%]
1:libnet ########################################### [ 33%]
2:libnids ########################################### [ 67%]
3:dsniff ########################################### [100%]
[root@RHEL601 tmp]# tcpkill
Version: 2.4
Usage: tcpkill [-i interface] [-1..9] expression

個人在工作中僅僅用到了類似tcpkill -9 host 192.168.10.30 &>/dev/null的命令(注：該IP地址為遠程IP）。
由於當時處理此類問題是沒有來得及做記錄，故暫時就不寫使用實例了，以後再遇到此類情況，再加以補充。同時dsniff包中還含有許多命令，有興趣的可以繼續加以研究。