Address Resolution Protocol (ARP) is a communication protocol used for resolving IP addresses to MAC addresses. Understanding it in a simple form, let us assume a source computer wants to send some data to a target computer through LAN. But the source only knows the IP address of the target, not the MAC address. So it is unable to send the data. And here is where ARP works!ARP helps here to get the MAC address of the target IP address.
In simpler terms, ARP spoofing is the technique of redirecting the network traffic to the attacker by faking the IP address. In this attack, attackers link their MAC address with the IP address of a legitimate computer or server on the network. With the help of this attack, attackers can intercept, modify or even stop data that is in transit. It can only occur on LANs that utilize the ARP.
Usually, attackers perform this attack by following steps:
The attackers open an ARP spoofing tool and set the tool’s IP address to match the IP subnet of a target. Some of the popular ARP spoofing software are Arpspoof, Cain & Abel, Arpoison, and Ettercap.
The attackers use the ARP spoofing tool to scan for the IP and MAC addresses of hosts in the target’s subnet.
The attackers choose their target and begin sending ARP packets across the LAN that contain the attacker’s MAC address and the target’s IP address.
As other hosts on the LAN cache the spoofed ARP packets, data that those hosts send to the victim will go to the attackers instead.
A practical tutorial for this attack will be posted in the next article soon.