When a switch is initially turned on, it doesn’t know which devices it’s going to be supporting. A switch tracks MAC addresses in a content addressable memory (CAM) table. As it receives packets from various MAC addresses, it adds the addresses to its CAM table and associates each one with a physical port on the switch. This process allows data to be sent directly to the port where the intended recipient is located instead of sending all data across the entire network like a hub. Although one port can have multiple MAC addresses associated with it, the CAM table is only so big. The switch can be overloaded with Ethernet frames that look like they are all coming from different MAC addresses. Once the table overflows, the switch will start to broadcast all incoming data to all ports, essentially turning into a hub. Since the PenTester is connected to one of the ports, they can start to capture all traffic as it is broadcast across the network. #attack