In an STP manipulation attack, what action might an attacker perform to capture traffic?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

In an STP manipulation attack, what action might an attacker perform to capture traffic?

Explanation:
The concept here is using STP manipulation to redirect traffic to a place you control for monitoring. If an attacker can impersonate the root bridge (spoofing the root), they can influence how traffic is forwarded through the switch network. By configuring a SPAN (Switch Port Analyzer) session on that spoofed root bridge, they create a mirrored copy of the traffic flowing through the switch and send it to their own computer. This lets them capture and inspect the traffic without disrupting the actual data paths. The other options don’t achieve traffic capture in this context: blocking traffic on the root bridge would cause a denial of service rather than provide visibility; DNS spoofing targets name resolution, not STP topology; disabling STP removes loop protection and can cause network issues but doesn’t inherently enable traffic capture. So, the action of creating a SPAN entry on the spoofed root bridge to redirect traffic to the attacker’s computer is the mechanism that enables traffic capture.

The concept here is using STP manipulation to redirect traffic to a place you control for monitoring. If an attacker can impersonate the root bridge (spoofing the root), they can influence how traffic is forwarded through the switch network. By configuring a SPAN (Switch Port Analyzer) session on that spoofed root bridge, they create a mirrored copy of the traffic flowing through the switch and send it to their own computer. This lets them capture and inspect the traffic without disrupting the actual data paths.

The other options don’t achieve traffic capture in this context: blocking traffic on the root bridge would cause a denial of service rather than provide visibility; DNS spoofing targets name resolution, not STP topology; disabling STP removes loop protection and can cause network issues but doesn’t inherently enable traffic capture. So, the action of creating a SPAN entry on the spoofed root bridge to redirect traffic to the attacker’s computer is the mechanism that enables traffic capture.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy