how to hijack a tcp connection|hacking tcp sessions

Hijacking a tcp connection requires just a little bit knowledge about IP spoofing and ACK numbers. IP spoofing is a simple technique in which the attacker/hacker replaces the IP address of the sender i.e sends some data by confusing the receiver.ACK or SEQ numbers are used by the web servers to distinguished between different sessions and to check that whether the user’s session is still active or not.In fact hijacking a tcp connection is not a difficult task;here is the simple description so that you can understand the basic steps.

So the tcp connection-session can be hijacked in the following simple steps –

step1 : Try to learn more and more about that victim-Z and the web server-F before proceeding to the next step.If you are monitoring the connection in a wireless network then you can also use wire-shark or other advanced network traffic monitor tools.(You can also use a Linux based operating system “Linux-back track-4” specially designed for hackers and penetration testing,because it contains all the required tools by default.)


step2 : The web server-F sends an echo back to the victim-Z and the victim acknowledges the data packet.


step3 : Now you can send the spoofed packet to the web server-F.


Step4 : Then the web server-F responds to you and you can start verifying ACK/SEQ numbers and the web server believes that the session is going on with the victim-Z.Now you have hijacked the session of the victim-Z.


Step5 : So you can continue the use of that session and web server will returned the requested information by checking the ACK number..and the connection will be continue until the FIN flag is changed to terminate.

Leave a comment

Your email address will not be published. Required fields are marked *