Yersinia is a powerful, open-source tool designed for Layer 2 network attacks, often used by ethical hackers and penetration testers to assess vulnerabilities in network protocols. But in the hands of an attacker, it can be weaponized to disrupt or compromise local area networks (LANs).

🧠 What Is Yersinia?

Yersinia is a network protocol analyzer and attack framework that targets weaknesses in Layer 2 protocols — the data link layer of the OSI model. It supports automated attacks against protocols commonly used in switches, routers, and other network devices.

🔗 Official Kali Linux tool page

🧪 Protocols Targeted by Yersinia

Yersinia can exploit vulnerabilities in:

• STP (Spanning Tree Protocol) – Can cause network instability or force topology changes
• CDP (Cisco Discovery Protocol) – Gathers info about Cisco devices
• DTP (Dynamic Trunking Protocol) – Forces trunking on switch ports
• DHCP – Launches rogue DHCP server attacks
• HSRP (Hot Standby Router Protocol) – Disrupts router failover mechanisms
• 802.1x / 802.1q – Attacks authentication and VLAN tagging
• VTP (VLAN Trunking Protocol) – Alters VLAN configurations
• ISL (Inter-Switch Link) – Targets Cisco-specific trunking

💣 How Yersinia Is Used in Cyber Attacks

Example: STP Attack

1. Attacker launches Yersinia in interactive mode:

   yersinia -I
   

2. Selects STP protocol and sends crafted BPDUs (Bridge Protocol Data Units).
3. Forces switches to reconfigure the network topology.
4. Attacker’s machine becomes the root bridge, allowing traffic interception.

Example: GARP Man-in-the-Middle

• Yersinia sends Gratuitous ARP packets to poison ARP caches.
• Redirects traffic through the attacker’s machine.
• Enables packet sniffing and data theft.

🔗 Detailed attack walkthrough

🛡️ Defensive Measures

⚠️ Ethical Use Only

Yersinia is a legitimate tool for security testing, but unauthorized use can cause serious network disruption and legal consequences. Always use it in controlled environments with permission.