At present, our society requires fast and accurate information in various fields, and shares information collected and processed through various devices existing around us. However, in the process of collecting, establishing and providing this information, the number of cases of illegal access to important information about person, country or company sharply increases. These cases of illegal access cause enormous damage to person, country or company. Illegal access to information may occur diversely, and in case an attack occurs, the situation is that a sniffing attack, which regular users cannot perceive, aggravates material/psychological damage to the corresponding company or person who gets damaged. Besides, with regard to a session hijacking attack making an illegal access attempt to actively steal information after attackers themselves pretending to be true sender/receiver in the process of sniffing, the situation is that damage gets worse. Nowadays, in the environment where each individual person has various devices that enables networking, the number of these attack techniques continue to increase. This paper analyzes whether RST signal is generated, which is needed for session reconnection and traffic information between users so as to make it possible to take countermeasures against sniffing and session hijacking attack. In the process of session hijacking, a regular user session is temporarily interrupted by generating RST signal inevitably. And this paper analyses whether this RST signal is generated. Besides, traffic information is analyzed because, in case a sniffing attack using ARP redirect or ICMP redirect occurs, the previous path changes, which may show deviation from traffic information in the ordinary path. This paper designed a model for countermeasures enabling proper and stable service against sniffing and session hijacking and it was made possible to be applied to the detection of attack that may occur diversely in the future on the basis of these data for analysis.