Dear all,

I am trying to understand hijacking a tcp session.

I use hunt 1.5 for debian in my own lab of 3 pcs connected using a hub and I cannot list any active session even though....

1. I have managed to arpspoof the 2 pcs with the mac address of my attacking pc even though the hunt screen was telling my that the arpspoofing failed. I confirm from tcpdump that I am actually seeing arp reply for my 2 pcs having the same mac address of my attacking pc.

2. Assuming that the arpspoof is successful. Then why i am not able to list any active session between the 2 pcs ? I have tried to initate a telnet connection from one pc but the hunt program is still not showing any active connection.

3. I am sure u gurus out there, may have played with hunt before and can some kind soul tell me what did i do wrong or maybe even whipped out a tutorial on this...

regards,birdee

I spent 20 minutes playing with this and reading the man pages, its not the most clear utilitiy is it? Have you had any luck?

I setup a simple spoof with 1 connection between my 1st machine and my 2nd machine (running telnet service)
then when i tried to watch this connection is said no connections active.

isnt there a better way to watch connections?

Hi,

Thanks for yr reply. I have no idea why hunt is showing no active connection. I did a little sniffing(TCPDUMP) and I can see my own telnet traffic.Since TCPDUMP can pick up the telnet traffic,then why is hunt no able to see this active connection..

Anyone ???

r/birdee