Cybersecurity

What Is ARP Spoofing?

ARP Spoofing — an attack that sends forged ARP messages on a LAN to associate the attacker's MAC with another device's IP — redirecting that device's traffic through the attacker.

How it works

Because ARP has no authentication, an attacker can broadcast fake ARP replies claiming "the gateway's IP is at MY MAC address". Victims update their ARP caches and start sending traffic meant for the gateway to the attacker instead — enabling interception (a man-in-the-middle attack) or denial of service.

Why it matters

ARP spoofing is a classic LAN attack and the mechanism behind many MITM attacks. The defence, Dynamic ARP Inspection (validating ARP against the DHCP snooping table), is exactly why those switch security features exist — connecting attack and defence is core CyberOps understanding. See how ARP works.

Frequently asked questions

What is ARP spoofing?

An attack sending forged ARP replies to link the attacker's MAC with another device's IP, redirecting that device's traffic through the attacker.

Why is ARP vulnerable to spoofing?

ARP has no authentication — devices accept ARP replies without verifying them, so forged replies readily poison ARP caches.

How is ARP spoofing prevented?

Dynamic ARP Inspection (DAI) on switches validates ARP messages against the DHCP snooping binding table, dropping forged ones.

VS
Vipul Sir — Lead Instructor, Attila Technologies20+ years in Cisco networking. Teaching CCNA, CCNP, CCIE & CyberOps in Ahmedabad since 2004.

Want hands-on training?

Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.

Start your networking career with Attila Technologies

Hands-on Cisco training, real lab devices and placement support in Ahmedabad.