ARP Spoofing, also known as ARP poisoning is a technique used by crackers in order to sniff frames on a switched LAN or stop the traffic on the LAN.

The principle of ARP spoofing is to send fake ARP replies to the LAN. The frame contains a different MAC address than the one belonging to the machine sending. This confuses network devices, such as switches, and as a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (denial-of-service).

Using IPv6, IPsec and static ARP records are methods to defend against ARP spoofing attacks.

See Also

• Ethernet
• Ettercap

External links

• dsniff
• ettercap
• ARPToxin
• XArp