TCP session hijacking

December 2016

TCP session hijacking

"TCP session hijacking" is a technique that involves intercepting a TCP session initiated between two machines in order to hijack it.

In that the authentication check is performed only when opening the session, a pirate who successfully launches this attack is able to take control of the connection throughout the duration of the session.

Source routing

The initial hijacking method used involved using the source routing option of the IP protocol. This option made it possible to specify the path IP packets were to follow, using a series of IP addresses showing the routers to be used.

By exploiting this option, the pirate could indicate a return path for packets to a router under his control.

Blind attack

When source routing is disabled, which is the case nowadays for most equipment, a second method involves sending packets as "blind attacks", without receiving a response, by trying to predict sequence numbers.

Man in the middle

Also, when the pirate is on the same network thread as his two contacts, he can monitor the network and "quiet" one of the participants by crashing his machine or by flooding the network to take his place.

More information


Related :


Secuestro de sesión TCP
Secuestro de sesión TCP
TCP Session Hijacking
TCP Session Hijacking
Vol de session TCP (TCP session hijacking)
Vol de session TCP (TCP session hijacking)
Dirottamento di sessione TCP (TCP session hijacking)
Dirottamento di sessione TCP (TCP session hijacking)
Roubo de sessão TCP (TCP sessão  hijacking)
Roubo de sessão TCP (TCP sessão hijacking)
This document entitled « TCP session hijacking » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.