Kill TCP IP & Port

Rajat Sehgal
Rajat Sehgal used Ask the Experts™
on
Hi Experts,
How to grep connected tcp IP & Port connection then forcefully kill using batch.

example;-
netstat -a output is

Active Connections

  Proto    Local Address                        Foreign Address                State
  TCP       192.168.1.101:49366            192.168.1.55:65000          ESTABLISHED
  TCP       192.168.1.101:49475            192.168.1.55:64000          ESTABLISHED
  TCP       192.168.1.101:49384            192.168.1.55:63500          ESTABLISHED
  TCP       192.168.1.101:49396            192.168.1.55:22                 ESTABLISHED

Need to forcefully kill all TCP connection which is connected with 192.168.1.55
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
netstat -ano
output:
Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0           ESTABLISHED      1296

Open in new window

taskkill /f /im 1296

It may require elevated privileges.
"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
Justin's answer is for killing the process listening or being connected to a particular port or IP, but certainly that is not what you are after - in particular as that is still a manual process. And even if only a single process is concerned, I would use either SysInternals TcpView or the following tool:

At http://www.nirsoft.net/utils/cports.html you can find a tool called CurPorts, which mainly is been used to show connections with their associated processes in a GUI. But it also allows a commandline kill:
   curports /close localIP localport remoteIP remoteport process
where you can omit the process (name or ID), and use * for the other parameters. That is:
   curports /close * * 192.168.1.55 *
Rajat SehgalFounder Enhance Technology

Author

Commented:
Is there any idea with batch, which can i use easily ?
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
All you need to put into a .cmd or .bat file is the line as I have shown (the very last line). Put that and CurPorts into the same folder, and run the batch file. Nothing more to do.
If you're trying to kill all connections from the command line then simply run

cports /close * * * *

Open in new window


If you want to process each connection for some reason, then you could use the following as a template:

[TCPKill.bat]
@echo off
setlocal enabledelayedexpansion
for /f "tokens=2,3,5" %%a in ('netstat -ano -p tcp^|findstr ESTABLISHED') do (
	set str=%%a %%b %%c
	set str=!str::= !
	if exist cports.exe (
		echo running cports.exe /close !str!
		cports.exe /close !str!
	) else (
		echo cports.exe not found.
		goto :eof
	)
	set str=
)

Open in new window


Which is good for IPv4 connections.  Bear in mind a given process may simply try to reconnect once disconnected.
Rajat SehgalFounder Enhance Technology

Author

Commented:
Helpful

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial