ARP Poisoning

Network Attacks 🎯 • Network Security 🌐 • Sec+ Glossary 📖 • Security+ 02 • Difficulty: premium

What is ARP Poisoning?

ARP poisoning is a network attack in which false ARP messages are sent on a local network so devices associate the attacker's MAC address with another system's IP address, often the default gateway, allowing traffic to be redirected improperly.

Examples

An attacker on the same local network convinces a victim workstation that the attacker's device is the default gateway, causing the victim's traffic to pass through the attacker.
A malicious system sends forged ARP replies so two devices each believe the attacker is the other party, creating a man-in-the-middle position.

Discover 🔎

Devices on a local network need a quick way to learn where to send traffic. They know IP addresses, but to deliver frames on the local segment they also need the correct MAC address. ARP exists to bridge that gap.

ARP poisoning matters because it attacks that trust directly. If an attacker can convince devices to believe the wrong MAC-to-IP mapping, traffic that should go to a legitimate gateway or host can be sent to the attacker instead. The network still appears to be functioning, but the communication path has quietly changed.

Remember: ARP poisoning does not break IP communication itself. It corrupts the local address mapping that devices rely on to know where traffic should go.

Summary 📝

ARP poisoning is a local network attack that works by corrupting IP-to-MAC address mappings in the ARP cache of victim systems. By making devices trust false address information, an attacker can redirect traffic, intercept communication, alter data, or disrupt connectivity. The attack is important because it shows how weak trust at the local network layer can lead directly to man-in-the-middle and denial-of-service problems.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.