What is ARP poisoning?

Jack Arokiason J
May 25, 2021 · 3 min read

Address resolution protocols (ARP):

Address Resolution Protocol is a communication protocol used for discovering physical addresses associated with a given network address. Typically, ARP is a network layer to data link layer mapping process, which is used to discover MAC addresses for a given Internet Protocol Address.
In order to send the data to the destination, having an IP address is necessary but not sufficient; we also need the physical address of the destination machine. ARP is used to get the physical address (MAC address) of the destination machine.


Before sending the IP packet, the MAC address of the destination must be known. If not so, then the sender broadcasts the ARP-discovery packet requesting the MAC address of the intended destination. Since ARP-discovery is broadcast, every host inside that network will get this message but the packet will be discarded by everyone except that intended receiver host whose IP is associated. Now, this receiver will send a unicast packet with its MAC address (ARP-reply) to the sender of the ARP-discovery packet. After the original sender receives the ARP reply, it updates ARP-cache and starts sending a unicast message to the destination.

ARP Spoofing —

ARP Stands for Address Resolution Protocol. This protocol is used for resolving IP addresses to machine MAC addresses. All the devices which want to communicate in the network, broadcast ARP-queries in the system to find out the MAC addresses of other machines. ARP Spoofing is also known as ARP Poisoning. In this, ARP poisoning, ARP packets are forced to send data to the attacker’s machine. ARP Spoofing constructs a huge number of forced ARP requests and replies packets to overload the switch. The intention of the attacker all the network packets and switch set in forwarding mode.

ARP spoofing -It allows us to redirect the flow of packets in a computer network. Example of a typical Network as follows.

A Typical Computer Network

Step-2 :
But when a hacker becomes Man-In-The-Middle by ARP Spoofing then all the requests and responses start flowing through the hacker’s system as shown below –

computer network after ARP spoofing

Step-3 :
By doing this a hacker spoof’s the router by pretending to be the victim, and similarly, he spoofs the victim by pretending to be the router.

Thanks for Reading !!!!


Features for everyone!