Dear All,

   Today we looked through a part of the "L2 Security Bootcamp"
(a local copy of these Cisco slides is in the course directory,
http://www.cs.dartmouth.edu/~sergey/netreads/). 

   A newer paper about the state of attacks:
https://ronnybull.com/assets/docs/bullrl-defcon24.pdf

Also, this whitepaper about MITM-ing switches from Cisco shows
the steps: 
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_603839.html

   A more detailed explanation and tools for L2 attacks are at
http://yersinia.net/ ; read the papers linked at the bottom of 
http://www.yersinia.net/doc.htm .

   Here's some good discussion on tricks to detect that some other
computer on the LAN has its Ethernet interface in promiscuous mode:
http://security.stackexchange.com/questions/3630/how-to-find-out-that-a-nic-is-in-promiscuous-mode-on-a-lan
Suggestion: try these methods, and then come up with countermeasures
so that they fail work! :) Test it out.

   Finally, install a virtual machine (say, in VirtualBox; on Debian
and Ubintu, you can get it as a package), and experiment with bridging
and routing. Install a Linux disribution inside a VM, put the VirtualBox
in bridging mode with your physical ethernet interface, and make your
host machine route through your guest machine as its default gateway.
The use IPtables and NFQUEUE in your guest machine to filter and 
rewrite traffic from your host OS!

    Happy hacking,

--Sergey