ARP Poisoning (ARP Spoofing)
Address Resolution Protocol (ARP) is a stateless protocol used for resolving IP addresses to machine MAC addresses. All network devices that need to communicate on the network broadcast ARP queries in the system to find out other machines’ MAC addresses. ARP Poisoning is also known as ARP Spoofing.
Here is how ARP works:
When one machine needs to communicate with another, it looks up its ARP table.
If the MAC address is not found in the table, the ARP_request is broadcasted over the network.
All machines on the network will compare this IP address to MAC address.
If one of the machines in the network identifies this address, then it will respond to the ARP_request with its IP and MAC address.
The requesting computer will store the address pair in its ARP table and communication will take place.
What is ARP Spoofing?
ARP packets can be forged to send data to the attacker’s machine.
ARP spoofing constructs a large number of forged ARP request and reply packets to overload the switch.
The switch is set in forwarding mode and after the ARP table is flooded with spoofed ARP responses, the attackers can sniff all network packets.
Attackers flood a target computer ARP cache with forged entries, which is also known as poisoning. ARP poisoning uses Man-in-the-Middle access to poison the network.
What is MITM?
The Man-in-the-Middle attack (abbreviated MITM, MitM, MIM, MiM, MITMA) implies an active attack where the adversary impersonates the user by creating a connection between the victims and sends messages between them. In this case, the victims think that they are communicating with each other, but in reality, the malicious actor controls the communication.