What Is a Man-in-the-Middle Attack?
a Man-in-the-Middle Attack — an attack where the attacker secretly positions themselves between two communicating parties, intercepting and possibly altering traffic that both sides believe is private.
How it works
The attacker relays messages between victim and destination, reading everything and potentially modifying it — while both ends think they're talking directly. Common techniques include ARP spoofing on a LAN (redirecting traffic through the attacker) and rogue Wi-Fi access points. Encryption (HTTPS, VPNs) defeats it by making intercepted data unreadable.
Why it matters
MITM attacks the Confidentiality and Integrity pillars of the CIA triad and is why encryption everywhere matters. On LANs, Dynamic ARP Inspection defends against the ARP-spoofing variant. Recognising MITM techniques is core CyberOps knowledge.
Frequently asked questions
What is a man-in-the-middle attack?
An attack where the attacker secretly intercepts communication between two parties, reading or altering traffic both sides believe is private and direct.
How is a man-in-the-middle attack carried out?
Common methods include ARP spoofing (redirecting LAN traffic through the attacker) and rogue Wi-Fi access points that victims unknowingly connect through.
How do you defend against MITM attacks?
Encryption (HTTPS, VPNs) makes intercepted data unreadable; on LANs, Dynamic ARP Inspection and secure Wi-Fi practices prevent the redirection techniques.
Related articles
Want hands-on training?
Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.