Performing VLAN Hopping Attack

When to Use

• Testing the effectiveness of VLAN-based network segmentation during authorized penetration tests
• Validating that switch trunk port configurations prevent unauthorized VLAN access
• Assessing whether 802.1Q tagging and native VLAN configurations resist double-tagging attacks
• Demonstrating to network teams why proper switch hardening is critical for isolation between zones
• Verifying that DTP (Dynamic Trunking Protocol) is disabled on all access ports

Do not use on production switches without explicit authorization and change management approval, against critical infrastructure VLANs (SCADA, medical devices) without safety controls, or as a denial-of-service vector.

Prerequisites

• Written authorization specifying in-scope VLANs and switches for testing
• Physical or virtual access to a switch access port on the target network
• Yersinia, Scapy, and frogger VLAN hopping tools installed on Kali Linux
• Understanding of 802.1Q trunking, DTP, and VLAN tagging at the frame level
• Access to switch CLI for verification of configurations (read-only is sufficient)
• Wireshark for capturing and verifying tagged frames