Certified Ethical Hacker (CEH v12) — Question 223

In a large organization, a network security analyst discovered a series of packet captures that seem unusual. The network operates on a switched Ethernet environment. The security team suspects that an attacker might be using a sniffer tool. Which technique could the attacker be using to successfully carry out this attack, considering the switched nature of the network?

Answer options

• A. The attacker might be compromising physical security to plug into the network directly.
• B. The attacker might be implementing MAC flooding to overwhelm the switch's memory.
• C. The attacker is probably using a Trojan horse with in-built sniffing capability.
• D. The attacker might be using passive sniffing, as it provides significant stealth advantages.

Correct answer: B

Explanation

The correct answer is B, as MAC flooding can cause a switch to fail by filling its MAC address table, allowing the attacker to capture traffic meant for other devices. Option A is incorrect because compromising physical security is not the only method an attacker might use. Option C is not relevant because a Trojan horse does not specifically pertain to the switched Ethernet environment. Option D is misleading, as passive sniffing typically requires direct access to the data link layer, which is less effective in a switched network without MAC flooding.