• The data link layer uses the ARP (address Resolution Protocol ) to translate the IP address to the MAC address
  • The client begins by first sending a broadcast ARP message for a given IP address
  • The switch broadcast the ARP message to all posts except for the source post.
  • When the unintended destination IP address gets the ARP, it replies write it MAC address & all others hosts on the switch will drop.
  • Gratitutions ARP is another flavor of the traditional ARP. It is used by hosts , announces their IP address to the local Network
  • There is no authentication in the ownership of IP & MAC address so an attacher can spoof an ARP packet to announce an IP & the legit user can be kicked out f the Network causing a denial of source.
  • Further this attach can allow switched environment to start delivering traffic to the hosts because the CAM table has been altered with IP & MAC bindings.
  • Examples of popular ARP spoofing S/W are Arpspoof, Cain & Abel, Arpoisen & Ettercap

Comparison with IP spoofing

• IP spoofing is filling in the IP address field on the packet with an address that isn't the senders IP address ie one cant receive response to the packet.

• in an ARP spoofing attach, it involves transmitting faked ARP packets , sends a fake ARP response with your MAC address, before the intended recipient can respond. Now the computer that made the request thinks that the IP address belongs to you & it will send all traffic that was intended for that recipient on to you instead.