ESET Online Help

Search English
Select the topic

ARP Cache Poisoning

The Address Resolution Protocol (ARP) translates between addresses at the data link layer (MAC addresses) and the network layer (IP addresses). An ARP Cache Poisoning Attack enables attackers to intercept communication between network devices by corrupting the network's ARP tables (MAC-to-IP device mappings).

The attacker sends a false ARP reply message to the default network gateway, informing that the MAC address is associated with another target's IP address. When the default gateway receives this message and broadcasts the changes to all other devices on the network, all of the target's traffic to any other network device goes through the attacker's computer. This action enables the attacker to inspect or modify the traffic before forwarding it to the intended destination.