[linuxlizard]

An old hub (not switch) does exactly that: all traffic forwarded down each port and I can see what everyone was doing. Even with a switch, a misbehaving device can cause all sorts of havoc on an Ethernet network. 802.1X is supposed to provide port security but isn't used often. Anyone could plug into a wall port and get access to a corporate network.

[pclmulqdq]

A hub and an accessible wall port are not common parts of Ethernet networks today. The former hasn't generally been used since the 90's (putting it generously) and the latter is usually locked up. GP referred to a cable tap, which is just not going to give you access on an Ethernet network that you will find in any building today.

Old, old Ethernet specs used to include multi-drop buses and a "hub" model. That hasn't been true for a very long time.

[j16sdiz]

Except there is a trick: In a switch, a port can only associate with limited number of hardware addresses. If you spam it with generated hw address, some switches put that port into open mode, some switch shutdown that port, the other just misbehaves. Almost none of them keep a LRU list correctly

[pclmulqdq]

I think you're missing the point. Electrically, you can't "spam" anything on a tapped cable. It will just go down at the physical layer when you try to transmit unless you cut it and insert yourself between its endpoints (as a switch, essentially).