we already know that the purpose of ARP requests in the network is to give the device an appropriate mapping of MAC address to IP address.

So, How does an ARP attack works?

ARP attack is done through ARP spoofing, where it is done by modifying the ARP tables which are small databases linking to the MAC hardware addresses towards the IP addresses in target to the machines by exploiting the fundamental weaknesses as the way for the network drivers to handle the ARP traffic.

Through the LAN, the packets are being exchanged using the physical MAC addresses as the base network identifier rather than the IP addresses.

After the attacker’s MAC address is injected into a poisoned ARP table, any traffic sent to that IP address, that will be routed to the attacker’s hardware instead of the real owner’s IP.

By modifying the MAC address associated with the IP address in the target computer’s ARP table, an attacker can trick them into sending data that will be routed to the targeted IP address to the MAC address of the hacker’s machine.

The attacker can then read and even modify the data before forwarding it on to the destination.
Using this method, a transparent “Man In The Middle (MITM) attack” can be carried out with no apparent symptoms to the victim.

arp-spoof