Spanning Tree Protocol (STP) manipulation attacks involve an attacker injecting BPDUs (Bridge Protocol Data Units) to force a switch to recognize the attacker’s system as the root bridge. Once this is achieved, the attacker can:

Redirect traffic through their own machine

Create a SPAN (Switched Port Analyzer) session to mirror traffic

Intercept, sniff, or modify data passing through the network

This is typically the next logical step in an STP attack to facilitate a Man-in-the-Middle (MITM) position.

Reference – CEH v13 Official Study Guide:

Module 8: Sniffing

Quote:

“An attacker who becomes the root bridge using STP manipulation can redirect traffic and use SPAN ports to mirror traffic to their system for analysis or manipulation.”

Incorrect Options:

B. OSPF is a Layer 3 routing protocol, not relevant here.

C. DoS is not the goal of this specific attack.

D. Attacking all switches is inefficient and unnecessary once root access is gained.

===========