Attacking the Spanning tree protocol (STP)

I'm studying the attacks against the Spanning tree protocol. The idea of the attack I'm studying is to become the MITM. In my research I found two programs in Backtrack 4 capable of doing this attack:

Ettercap using the stp_mangler plugin
#ettercap -TqP stp_mangler

Yersinia
#yersinia -I

Setup:
I use two Cisco switches, both using the default factory settings. Two hosts running windows xp each connected to a switch. I generate some traffic to sniff between the hosts. I run Backtrack 4 on a third computer with two network adapters. Each network adapter is connected to a switch.

H------S------S------H
\ /
B

Man page yersinia yersinia(8): FrameWork for layer 2 attacks - Linux man page

When I start the attack with Yersinia STP attack 6, yersinia terminates. (this attack needs two network adapters)

When I start the attack with Yersinia STP attack 4, I see with wireshark that STP packets are send. But I don't get to see traffic of the hosts.

When I start the attack with ettercap stp_mangler plugin, I see with wireshark that STP packets are send. But I don't get to see traffic of the hosts.

Searching google and this forum I couldn't find any examples or informations about this attack.

Dose some one have experience with this kind of attack and information about it?

Thanks :)

By searching some more I found this tread:

http://www.backtrack-linux.org/forum...sion/18471.htm

Thorin suggests here some papers about STP claiming root attack. Thanks Thorin.:)

In the blackhat paper they add a "Hub" to the setup. By doing this both programs worked like a charm. The hub comes between both switches and the attacker.

this really kinda goes in the beginnner section upstairs, but check this informative layer 2 presentation from defcon 16
https://media.defcon.org/dc-16/video...r2_Attacks.m4v

You might find something of value in here:
SAFE LAYER 2 SECURITY IN-DEPTH— VERSION 2