A penetration tester can capture and analyze all network traffic passing through a switch by simply connecting to any of its ports without additional configurations.
This statement is false because switches are designed to send packets only to the designated port based on the MAC address, starkly contrasting with hubs, which sends packets to all ports. To capture all network traffic, a penetration tester would need to perform a specific attack, such as ARP spoofing, to trick the switch into sending them traffic intended for another host, or otherwise configure the port for mirroring (also known as port spanning).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is ARP spoofing?
Open an interactive chat with Bash
What does port mirroring mean?
Open an interactive chat with Bash
How do switches differ from hubs in traffic management?