Linux Cutting the tcp/ip network connection with cutter command

Recently I came across very powerful and nifty tool called cutter. Just imagine that people in your private network using peer to peer (P2P) software such as Kazaa, iMesh or others and you want to cut them or just want to cut all ftp connection over your firewall but not all traffic to host. Network security administrators sometimes need to be able to abort TCP/IP connections routed over their firewalls on demand

cutter utility

In the following sample network diagram client workstation sending ftp, http, ssh traffic using (Linux based) router to server outside our network, and you would like to cut ftp traffic without interrupting other connection? So how do you block and cut traffic? Simply, use cutter utility.

client ->    Linux firewall -> Internet --> Servers
FTP    ->  -> Internet --> FTP Server
HTTP   ->  -> Internet --> HTTP Server
SSH    ->  -> Internet --> SSH Server

Cutter is an open source program that allows Linux firewall administrators to abort TCP/IP connections routed over Linux based firewall. This tool is very handy in situation like:

  • To terminate connection such as SSH tunnels or VPNs left by your own users
  • To abort crackers attacks as soon as they detected
  • To kill high bandwidth consuming connection
  • To kill peer-to-peer traffic etc

How do I use cutter command?

Use apt-get to install cutter on a Debian / Ubuntu Linux firewall:
# apt-get install cutter

1) Login to your iptables based firewall router

2) Identify your internal connection (use netstat or tcpdump)

3) Use cutter the command as follows:
cutter {IP-address} {Port}

Cut all connections from to server
# cutter

Cut all ssh connection from to server
# cutter 22

Cut all ssh connection from to ssh server
# cutter 22

Please note that cutter has been designed for use as a administrators tool for Linux firewalls do not use this tool for malicious purpose. For more information about this tool & how actually it works by sending FIN -> ACK -> RST sequence of packets to terminate connection, see the official web site.

Update: As pointed out by Mina Naguib you can also use tcpkill command for same purpose.

Related articles:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 15 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
15 comments… add one
  • Bryan Jr. Dec 13, 2005 @ 0:37

    I saw your post at, never know such command exist ever. I’m looking to kill kazza traffic with this 😉

    Bryan Jr.

  • Anonymous Dec 13, 2005 @ 3:45

    Very useful but not for everybody, untile and unless your are net admin 😉

  • kdefanboy Dec 13, 2005 @ 3:47

    Very cool, now where is my router box?

  • Anonymous Dec 13, 2005 @ 7:16

    Okay, so how is this different from making a change to the iptables config files or from executing an iptables command on the command line?

  • Mina Naguib Dec 13, 2005 @ 8:50

    `tcpkill`, part of Dug Song’s “dsniff” package, does the same thing plus a bit more

  • Sundar Dec 13, 2005 @ 9:44

    Really good stuff, pal.

  • LinuxTitli Dec 13, 2005 @ 10:54

    Mina Naguib, thanks for pointing out tcpkill tool. I appreciate your post

  • LinuxTitli Dec 13, 2005 @ 11:03

    >Anonymous said…
    >Okay, so how is this different from making a change to the iptables config files or from executing an iptables command on the command line?

    Making changes to firewall script is another solution only if you wanna block your user permanently; it is all about cutting connections what will you do suppose workstation left unused ssh tunnels or vpn connection Friday night and they will only back on monday? Solution is simple cut it that connection as I cannot shutdown workstation (they may login from home) …this will also save memory load on Linux route (you can see the difference using following command on router itself)
    cat /proc/slabinfo

  • Anonymous Dec 13, 2005 @ 21:02

    Well Anonymous user it is diffrent than iptables as some one pointed out on digg:

    iptables is only active on future connections, not current ones. you could institute a snort-inline setup which if you added rules to then it would drop current connections that matched your rules.

    Also this utility is in gentoo portage. Source: diecastbeatdown @

  • sameer Oct 3, 2006 @ 21:43

    well on non-routers you can use netstat to kill a tcp connection

    # netstat -p | grep

    # kill -9 pid


  • mohamed Apr 11, 2007 @ 22:20

    nice work

  • marek Apr 26, 2007 @ 14:40

    ># sameer Says:
    >October 3rd, 2006 at 9:43 pm
    >well on non-routers you can use netstat to kill a tcp connection
    ># netstat -p | grep
    ># kill -9 pid

    Well what if I don’t want to kil the process, but only the connection? kill -9 PID is a bit excessive, IMHO.

  • Ulver May 14, 2009 @ 17:01

    some has view this behaviour?

    cutter some.internet.ip some.service.port some.lan.ip some.user.port
    No matching connections found

    i’m googling about that but only i find that is a reported bug…in some distros
    ( polling over google searches )

    any advice/clue will be usefull

  • vlip Dec 7, 2010 @ 22:20

    PC ~]$ tcpkill -h
    Version: 2.4
    Usage: tcpkill [-i interface] [-1..9] expression

  • vinay Jul 16, 2013 @ 4:53

    Very useful utility,Thanks for posting

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum