How Arp Spoofing Attacks A Network - D-Link DWS-3160-24TC Reference Manual

DWS-3160 Series Gigabit Ethernet Unified Switch Web UI Reference Guide
The switch will also examine the "Source Address" of the Ethernet frame and find that the address is not in the
Forwarding Table. The switch will learn PC B's MAC and update its Forwarding Table.

How ARP Spoofing Attacks a Network

ARP spoofing, also known as
ARP poisoning, is a method to
attack an Ethernet network
which may allow an attacker to
sniff data frames on a LAN,
modify the traffic, or stop the
traffic altogether (known as a
Denial of Service – DoS attack).
The principle of ARP spoofing is
to send the fake, or spoofed
ARP messages to an Ethernet
network. Generally, the aim is to
associate the attacker's or
random MAC address with the
IP address of another node
(such as the default gateway).
Any traffic meant for that IP
address would be mistakenly re-
directed to the node specified by
the attacker.
IP spoofing attack is caused by Gratuitous ARP that occurs when a host sends an ARP request to resolve its own
IP address. Figure-4 shows a hacker within a LAN to initiate ARP spoofing attack.
In the Gratuitous ARP packet, the "Sender protocol address" and "Target protocol address" are filled with the
same source IP address itself. The "Sender H/W Address" and "Target H/W address" are filled with the same
source MAC address itself. The destination MAC address is the Ethernet broadcast address (FF-FF-FF-FF-FF-
FF). All nodes within the network will immediately update their own ARP table in accordance with the sender's
MAC and IP address. The format of Gratuitous ARP is shown in the following table.
Figure 4
470