![What is mac address flooding](https://kumkoniak.com/54.jpg)
Picture 3 – When the switch learns about all MAC addresses on his different ports switch acts like switch – mac address table completeīut this is where the attacker is coming into play. This is the main goal of switch functionality, to have separate collision domain for each port on the switch. The switch then learns that the MAC address for PC B is located on port 2 and writes that information into the MAC address table. From now on any frame sent by host A (or any other host) to host B is forwarded to port 2 of the switch and not broadcast out every port. PC B receives the frame and sends a reply to PC A. Picture 2 – Switch learns mac address from source MAC address in the layer 2 headers from frames – switch is populating his mac table This means that not only PC B receives the frame, PC C also receives the frame from host A to host B, but because the destination MAC address of that frame is host B, host C drops that frame.
![what is mac address flooding what is mac address flooding](https://1.bp.blogspot.com/-W96QvaZSs5Q/VVSfkuhslTI/AAAAAAAAcf8/Nf-x3iT6j98/s1600/switch2.png)
If the switch does not have the destination MAC in the MAC address table, the switch then copies the frame and sends it out every switch port like a broadcast.
![what is mac address flooding what is mac address flooding](https://linuxhint.com/wp-content/uploads/2021/07/image1-38.png)
The switch receives the frames and looks up the destination MAC address in its MAC address table. Picture 1 – Switch acts as hub with empty mac address tableĬomputer A sends traffic to computer B. If the MAC address does not exist, the switch acts like a hub and forwards the frame out every other port on the switch while learning the MAC for next time. In this case the switch forwards the frame to the MAC address port designated in the MAC address table. If the switch has already learned the MAC address of the computer connected to his particular port then an entry exists for the MAC address. When frames arrive on switch ports, the source MAC addresses are learned from Layer 2 packet header and recorded in the MAC address table.
![what is mac address flooding what is mac address flooding](https://geek-university.com/wp-content/uploads/2015/10/how_switches_forward_frames.jpg)
Cisco Catalyst switch models use a MAC address table for Layer 2 switching. When switch receives a frame, he looks in the MAC address table (sometimes called CAM table) for the destination MAC address. To understand the mechanism of a MAC address table overflow attack we must recall how does a switch work in the first place. MAC flooding attacks are sometimes called MAC address table overflow attacks. MAC address table in the switch has the MAC addresses available on a given physical port of a switch and the associated VLAN parameters for each. MAC address flooding attack is very common security attack.
![What is mac address flooding](https://kumkoniak.com/54.jpg)