Hello!
I'm very curious about following situation.
There is a computer1 and computer2 connected to switch. The computer1 has MAC 00-00-00-00-00-01 and IP 192.0.0.1 (dhcp). The computer2 has MAC 00-00-00-00-00-02 and IP 192.0.0.2 (dhcp).

When I change MAC of computer1 to MAC of computer2:
1. In lan with dhcp, the IP of computer1 will change to IP of computer2?
2. Computer1 will be able to sniff packets destinated for computer2 without any "inconveniences"?

Howdy,

Briefly, depending on the switch you are using (some of them use static ARP cache), there are several possible attacks to sniff all the network traffic.

For example, you can flood the switch with ARP requests and make it to broadcast all the network traffic to the full subnet. You an also impersonate another MAC or make a man in the middle attack.

Have a look at this: "an introduction to ARP spoofing", by Sean Whalen.

The answers to your question depend on the switch. Some of them require, or can be configured to, the admin to manually confirm/change the ARP cache, some others don't.

Anyway, ARP-based attacks are not a worry nowadays, given all the traffic is encrypted.

Cheers,

[EDIT: i hope admins are not upset if i reply this totally off-topic question]

Of course not Havok, no one minds OT questions, whatever forum they happen to have been posted in, but like 'you' guys we just want to avoid the stupid ones. Note that while stupid Questions are generally discouraged, stupid Replys are perfectly OK

Regards,
Kayaker