Due to this flaw in its design, it can in no way verify that the ARP reply was sent from the correct device. By default, Wireshark is set to capture the traffic in the promiscuous mode however, you don’t need to sniff in the promiscuous mode when a switch goes into a hub mode since the traffic is already promiscuous.īut in ARP Poisoning, the ARP protocol would always trust that the reply is coming from the right device. Once the cam table has been flooded, we can open Wireshark and start capturing the traffic. This tool is already installed in all Kali Linux versions. All we need to do is execute “ macof” command from our terminal. Macof fills the cam table in less than a minute or so, since it sends a huge number of MAC entries approx 155,000 per minute, to be specific. This attack does not work on every switch lots of newer switches have built-in protection against an attack.
All the attacker needs to do now is run a sniffer to capture all the traffic. Once the switch overloads, it goes into hub mode, meaning that it will forward the traffic to every single computer on the network.
The idea behind a MAC flooding attack is to send a huge amount of ARP replies to a switch, thereby overloading the cam table of the switch.
0 kommentar(er)
