📚 Data Link Layer Protocols
📚 Overview
This is a protocol of TCP/IP suite, Data Link Layer. The first layer after physical layer is a data link layer and the protocol in use here is Ethernet II. Other protocols of this layer (not TCP/IP): . Network devices, protocols and attacks of the Data Link layer use a frame as a unit of information. The devices of this layer know nothing about IP addresses or TCP/UDP ports. They wouldn’t know what to do with them since the protocols’ headers only contain MAC addresses. MAC addresses is all they know and care about.
📚 Ethernet
ARP Protocol
This is not a protocol of a data link layer of TCP/IP stack. It’s not on any layer per se. However, I’m putting this paragraph here because ARP is needed for filling in Ethernet header details.
Attacks
CAM (Content Addressable Memory) - switch keeps a record of all MACs of connected devices and their assigned virtual ports on that switch in a table:
| MAC | Switch port |
|---|---|
1111:1111:0000:2222 |
12 |
Flooding with 1 MAC
Send lots of ARP reply to constantly update 1 entry (race condition). Whenever the MAC in CAM table is substututed with the attacker’s MAC, the responses will be redirected to the attacker. As soon as the victim sends a new request to some server through the switch, its MAC overwrites the attacker’s. So it looks like a battle for 1 “seat”.