Network Switches
Network switches are designed to send packets to the right host using a Content Addressable Memory table (CAM table).
This table simply contains the MAC addresses and port to which the packets should be sent.
MAC Flooding
If an attacker would flood the CAM table with tons of entries, the switch would not be able to add more entries to the table, which would cause it to enter into a a failopen mode.
When switches enter into a failopen mode, they broadcast all packets to all machines on the network, since it can no longer use it’s CAM table.
This attack can be performed with Ettercap, or using:
Enable IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forwardStart the MAC flooding attack:
sudo macof -i $INTERFACENow, you should be able to sniff the traffic using Wireshark or Tcpdump.
Note that some switches have anti-MAC Flooding protections.