What is Address Resolution Protocol Spoofing?

Article Details
  • Written By: Malcolm Tatum
  • Edited By: Bronwyn Harris
  • Last Modified Date: 18 November 2018
  • Copyright Protected:
    Conjecture Corporation
  • Print this Article
Free Widgets for your Site/Blog
In 2018, the percentage of the global population that uses the Internet surpassed 50% for the first time.  more...

December 15 ,  1791 :  The US Bill of Rights was ratified.  more...

Address resolution protocol spoofing is a strategy that involves sending a counterfeit ARP or address resolution protocol message to an Ethernet local area network. The main function of ARP spoofing is to redirect traffic from one IP address to the MAC address of the originator of the spoof. The process works by tricking the Ethernet network into picking up on the counterfeit address and routing traffic to terminate with the spoofed address rather than being directed to the genuine IP address.

Once the traffic is routed through the address resolution protocol spoofing process, the originator of the fake address has two options. First, the received data can be evaluated and then passed on to the real destination. In this option, the data is not altered in any manner. This approach is known as passive sniffing.

The second option that results with address resolution protocol spoofing involves receiving the intercepted data and altering it in some manner. The altered data is then forwarded to the intended recipient, who will have no reason to think the data did not come directly from the original sender. This is commonly referred to as a man-in-the-middle attack.


While address resolution protocol spoofing is often utilized for questionable purposes, the process does have some perfectly legitimate applications as well. Many businesses make use of more than one IP address to drive traffic to their web sites. Along with the URL for the main site, they may also create a number of generic URLs and associated IP addresses that will generate passive traffic. In this application, Internet users come across one of these generic addresses, click on the link, and are passed through the default gateway to the main web site via the forwarding function of the ARP process.

When utilized for purposes of capturing data without authorization, address resolution protocol spoofing is sometimes referred to as ARP poisoning or ARP poison routing. These nicknames help to describe the use of the protocol for purposes that are not in the best interests of the sender or the receiver of the original query.


You might also Like


Discuss this Article

Post your comments

Post Anonymously


forgot password?