‘Hunt, TCP Hijacking tool’


‘Hunt’s home page can be found at: http://lin.fsid.cvut.cz/~kra/index.html. ‘


‘Hunt, Hijacking software has the following functionality features:

1) Connection management
* Setting what connections you are interested in.
* Detecting an ongoing connection (not only SYN started).
* Normal active hijacking with the detection of the ACK storm.
* ARP spoofed/Normal hijacking with the detection of successful ARP spoof.
* Synchronization of the true client with the server after hijacking (so that the connection don’t have to be reset).
* Resetting connection.
* Watching connection.

2) Daemons
* Reset daemon for automatic connection resetting.
* ARP spoof/relayer daemon for ARP spoofing of hosts with the ability to relay all packets from spoofed hosts.
* MAC discovery daemon for collecting MAC addresses.
* Sniff daemon for logging TCP traffic with the ability to search for a particular string.

3) Host Resolving
* Deferred host resolving through dedicated DNS helper servers.

4) packet engine
* Extensible packet engine for watching TCP, UDP, ICMP and ARP traffic.
* Collecting TCP connections with sequence numbers and the ACK storm detection.

5) misc.
* Determining which hosts are up.

The tool was written by: Pavel Krauz.’

Categories: Tools