This is still trivial. A Pi with 2 NICs and a Linux bridge. Using the 2 ports, effectively put the Pi in between the device you want to spoof and the rest of the network. Now you can see the traffic, the MAC addresses etc.
Port security prevents this. As soon as the switch detects a physical disconnect it disables the port.
You could, with some electrical engineer-level tools and hardware, passively read the traffic to determine the MAC and then splice into the wire without disrupting the physical connection. But it would be very hard to do covertly or quickly.
This is still trivial. A Pi with 2 NICs and a Linux bridge. Using the 2 ports, effectively put the Pi in between the device you want to spoof and the rest of the network. Now you can see the traffic, the MAC addresses etc.
Port security prevents this. As soon as the switch detects a physical disconnect it disables the port.
You could, with some electrical engineer-level tools and hardware, passively read the traffic to determine the MAC and then splice into the wire without disrupting the physical connection. But it would be very hard to do covertly or quickly.