What attack involves connecting a rogue switch to change the operation of STP and sniff traffic?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

What attack involves connecting a rogue switch to change the operation of STP and sniff traffic?

Explanation:
This is about manipulating how the network learns its topology using Spanning Tree Protocol. In a switched network, STP runs to prevent loops by electing a root bridge and then calculating the best paths to that root. Devices exchange BPDU frames to decide which switch should be the root and which ports should forward traffic. A rogue switch connected to the network can start sending BPDUs with a superior Bridge ID (for example, a lower priority or a different MAC that makes it appear more authoritative). If neighboring switches accept this, the rogue device can become the root bridge or force some links to forward through it. As a result, traffic from other devices gets redirected through the attacker’s switch, allowing the attacker to sniff passing frames and potentially intercept or manipulate data. That specific exploitation of STP’s root-election mechanism to redirect traffic is what makes this a Spanning Tree Protocol attack. (Other options describe related concepts but don’t target STP in this way to intercept traffic: one refers to the protocol itself without the attack aspect, another to spoofing a switch identity in a different context, and another to VLAN hopping, which exploits VLAN configurations rather than STP topology changes. )

This is about manipulating how the network learns its topology using Spanning Tree Protocol. In a switched network, STP runs to prevent loops by electing a root bridge and then calculating the best paths to that root. Devices exchange BPDU frames to decide which switch should be the root and which ports should forward traffic. A rogue switch connected to the network can start sending BPDUs with a superior Bridge ID (for example, a lower priority or a different MAC that makes it appear more authoritative). If neighboring switches accept this, the rogue device can become the root bridge or force some links to forward through it. As a result, traffic from other devices gets redirected through the attacker’s switch, allowing the attacker to sniff passing frames and potentially intercept or manipulate data. That specific exploitation of STP’s root-election mechanism to redirect traffic is what makes this a Spanning Tree Protocol attack.

(Other options describe related concepts but don’t target STP in this way to intercept traffic: one refers to the protocol itself without the attack aspect, another to spoofing a switch identity in a different context, and another to VLAN hopping, which exploits VLAN configurations rather than STP topology changes. )

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy