A Media Access Control (MAC) flooding attack results in traffic being sent out every port on a switch, regardless of the intended destination of the traffic. Switches and bridges store any learned MAC addresses in a MAC address table. When the MAC address table becomes full, no more MAC addresses can be learned. If a switch receives traffic destined for a MAC address that is not in its MAC address table, the switch floods the traffic out every port except the port that originated the traffic. Consequently, in a MAC flooding attack, an attacker attempts to fill the MAC address table so that any further traffic will be sent to all hosts on the network, causing excessive unicast flooding. As a result, the attacker can access any traffic that is sent to the switch.

In a Dynamic Host Configuration Protocol (DHCP) spoofing attack, a rogue DHCP server is attached to the network in an attempt to intercept DHCP requests. The rogue DHCP server can then respond to the DHCP requests with its own IP address as the default gateway address so that all traffic is routed through the rogue DHCP server. As a result, a host that has obtained an IP address from a rogue DHCP server could become the victim of a man-in-the-middle attack in which a malicious individual eavesdrops on a network conversation between two hosts.

In an Address Resolution Protocol (ARP) poisoning attack, which is also known as an ARP spoofing attack, the attacker intercepts an ARP request packet and replies with its own MAC address, rather than the address of the intended recipient. Subsequently, the attacker is able to intercept any traffic intended for the original recipient.

In a virtual LAN (VLAN) hopping attack, an attacker attempts to inject packets into otherVLANs by accessing the VLAN trunk and double-tagging 802.1Q frames. A successful VLAN hopping attack enables an attacker to send traffic to other VLANs without using a router.

In a Spanning Tree Protocol (STP) attack, an attacker listens for STP frames to determine the port ID of the interface that is transmitting the STP frames. The attacker can then send bridge protocol data units (BPDUs) in an attempt to become the root bridge for the network.