Back to course

ARP Spoofing Basics (Conceptual)

Cyber Security Mastery: From Zero to Hero

Faking Identity on the Local Network

ARP (Address Resolution Protocol) maps IP addresses to MAC addresses on a local subnet. It is inherently stateless and trusts any ARP reply it receives, making it highly vulnerable.

The ARP Spoofing Attack

  1. The Attacker (A) sends a forged ARP reply to the Target (T) saying: 'The Router's IP address belongs to my (A's) MAC address.'
  2. The Attacker (A) simultaneously sends a forged ARP reply to the Router (R) saying: 'The Target's IP address belongs to my (A's) MAC address.'
  3. Result: All traffic from the Target intended for the internet goes to the Attacker (A). All traffic from the internet intended for the Target also goes to the Attacker (A).

Tool Note: Tools like arpspoof or ettercap (Kali tools) automate this process.

Defense: Static ARP entries and dynamic ARP inspection on switches.