Macof – Ultimate Flooding Tool | Tutorial[2020]

macof
macof

The Macof is a member of the Dsniff suit toolset.

It is used to flood the switch on a local network with MAC addresses.

You might be familiar with the DOS attack.

It works on same principle.

If you are unaware of a switch. Don’t worry…

Let me explain like you are five.

The Switches are building blocks of a network.

They are used to connect multiple devices to a single network.

This enables each connected device to share information with each other.

Most of the networks are connected via Switch. Thus it is very easy to sniff the data for an attacker.

MacOf is a tool that can flood a switch with a lot of mac addresses.

It is a MAC address table overflow utility.

Flooding a switch with mac addresses is called Mac Flooding.

Macof Tool Options:

Below are the options offered by the Macof tool.

$ macof [-i interface] [-s src] [-d dst] [-e tha] [-x sport] [-y dport] [-n times]

Details of every option:

-i interface Specify the interface to send on.

-s src Specify source IP address.

-d dst Specify destination IP address.

-e Specify target hardware address.

-x sport Specify TCP source port.

-y dport Specify TCP destination port.

-n times Specify the number of packets to send.


Editor’s Choice:


How to install Macof?

If the tool is not installed in your linux.

Don’t worry. Installing Macof is very simple.

Macof is freely available for all linux distros.

You can install it by using the commands below:

install -m 755 -D -t /usr/local/bin ./macof.py
mkdir -p /usr/local/share/man/man1
gzip -c ./macof.py.1 >/usr/local/share/man/man1/macof.py.1.gz

Also, don’t forget to update your linux, before you install the tool.

You can update your Linux before installing, use:

sudo apt-get update

Macof – Ultimate Flooding Tool | Tutorial[2020]:

#1 Simple Flooding:

As I explained before.

Using Macof can easily flood a switch with a lot of mac addresses.

Due to which the legit mac addresses find no place in the CAM table.

This enables us to monitor all the traffic.

$ macof -i eth1 -n 10

macof
Live Execution

#2 Targeted Flooding:

You can even define the attack device.

$ macof -i eth1 -d 192.168.1.1

Macof
Live Execution.

This tool is very handy for pen-testers.

Some switches don’t allow to spoof arp packets.

This tool can be used in such situations to check if the switch is overloaded.

Precautions Before Using Macof:

Here are the list of countermeasures required before using Macof.

You must keep these points in mind.

  • Port Security: Limits the no of MAC addresses connecting to a single port on the Switch.
  • Implementation of 802.1X: Allows packet filtering rules issued by a centralized AAA server based on the dynamic learning of clients.
  • MAC Filtering: Limits the no of MAC addresses to a certain extent.

Video Tutorial of Macof:

Video Tutorial

Conclusion:

Macof is an amazing tool for pentesters.

You can surely try it.

But remember not to do any illegal stuff with this tool.

Don’t be over-excited.

This article mentions everything regarding this tool.

We hope you have liked our efforts.

If you face any issue regarding this tool, make sure to comment down below. Team CSHAWK will get in touch with you as soon as possible.

Love from Team CSHAWK.

FAQ (Frequently Asked Questions):

What is Macof in Linux?

MacOf is a tool that can flood a switch with a lot of mac addresses.
It is a MAC address table overflow utility.

How to install Macof in Kali?

You can install it by using the commands below:
install -m 755 -D -t /usr/local/bin ./macof.py
mkdir -p /usr/local/share/man/man1
gzip -c ./macof.py.1 >/usr/local/share/man/man1/macof.py.1.gz