Spoofing vs. Hijacking
you should know that spoofing and hijacking are two distinctly different acts.
Spoofing is when an attacking party pretends to be something or someone else, such as a user or computer. The attacker does not take over any session.
In hijacking, the attacker takes over an existing active session. In this process, the attacker waits for an authorized party to establish a connection to a resource or service and then takes over the session.
The process of session hijacking looks like this:
Step 1: Sniffing This step is no different than the process. You must be able to sniff the traffic on the network between the two points that have the session you wish to take over.
Step 2: Monitoring At this point your goal is to observe the flow of traffic between the two points with an eye toward predicting the sequence numbers of the packets.
Step 3: Session Desynchronization This step involves breaking the session between the two parties.
Step 4: Session ID Prediction At this point, you predict the session ID itself to take over the session.
Step 5: Command Injection At this final stage as the attacker you are free to start injecting commands into the session targeting the remaining party (most likely a server or other valuable resource).