In Yersinia GUI mode, let's choose the DTP protocol screen. If there is DTP in our network, we'll see DTP data in no more than 30 seconds. We can also take a look at the DTP port status from the switch console: our port is Fa0/10 and its status is default.
We need to fill in the bottom fields of the window with default values by pressing [d]. After that, [e] will allow us to modify the Neighbor-ID field and enter the value 666666666666. To finish editing mode, we need to press [return]. Now let's switch to the DTP attack window using [x] and select the enabling trunking attack. The DTP port status will change to TRUNKING and Neighbor address 1 will contain our ID. If, furthermore, we have a look at the VLAN assigned ports as before, we'll see that our port Fa0/10 is no longer in the VLAN list. In the Yersinia's main window we'll see new packets; Yersinia crafted packets are those with Neighbor-ID 666666666666. From now on, we'll be able to carry out attacks against protocols 802.1Q and VTP, and what is more important, we'll be able to behave like just another valid switch, which makes it possible to sniff VLAN traffic (from other VLANs than the one we are connected to).
VLAN assigned ports after the attackThe only valid countermeasure against DTP attacks is disabling auto-trunking via
zipi# sh vlan
VLAN Name Status Ports
---- ----------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/24
100 Office active Fa0/11, Fa0/12, Fa0/13
200 Internet active Fa0/20, Fa0/21, Fa0/22, Fa0/23
the command: switchport mode access. An administrator is then forced to enable
trunking manually (in the switch configuration) to set up every new trunk.