ARP Spoofing

ARP Spoofing

Address Resolution Protocol (ARP) is a communication protocol used for resolving IP address to MAC address. Understanding it in simple form,let us assume a source computer wants to send some data to a target computer through LAN.But the source only knows the IP address of the target,not the MAC address.So it is unable to send the data.And here where ARP works!ARP helps here to get the MAC address of the target IP address.

ARP Spoofing

In simpler terms,ARP spoofing is the technique of redirecting the network traffic to the attacker by faking the IP address.In this attack,attackers links their MAC address with the IP address of a legitimate computer or server on the network.With the help of this attack, attackers can intercept, modify or even stop data which is in transit.It can only occur on LAN that utilize the ARP.

Usually attackers perform this attack by following steps:
  • The attackers open an ARP spoofing tool and sets the tool’s IP address to match the IP subnet of a target. Some of the popular ARP spoofing softwares are Arpspoof, Cain & Abel, Arpoison and Ettercap.
  • The attackers use the ARP spoofing tool to scan for the IP and MAC addresses of hosts in the target’s subnet.
  • The attackers choose its target and begins sending ARP packets across the LAN that contain the attacker’s MAC address and the target’s IP address.
  • As other hosts on the LAN cache the spoofed ARP packets, data that those hosts send to the victim will go to the attackers instead.

Practical tutorial for this attack will be posted in next article soon.

Anonsagar Founder of Tritech and creator of "Anonsagar Cyber " blog that you are currently previewing. Through this blog and youtubechannel, my attempt is to teach basics and those coding techniques to people in short time which took me ages to learn. 6 min read