The attacker sends spoofed CDP packets to impersonate a device on the network. This can allow the attacker to gain information about the network, such as device types, IP addresses, and routing tables.