suppose I have vlan-10 10.10.10.0/24.
I have a webserver with IP 10.10.10.50.
An attacker is able to compromise physical security and plug his laptop into vlan10 and get IP address 10.10.10.100. The attacker then runs wireshark and starts sniffing on that interface.
The attacker has no access to the cisco switch to span traffic to his machine.
Question, given what I stated above is there anyway the attacker can see traffic from anywhere destined to the webserver? He should only be able to see broadcast and multicast traffic but not unicast.