Skip to content

What is ARP Protocol And ARP Spoofing

ARP is a very important protocol for computer and computer networking. it helps two devices in the network to communicate with each other. ARP stands for Address Resolution Protocol. ARP Protocol is used to map the IP address with its MAC address. Every device in the network has its own IP address and MAC address to get recognize into the network and can communicate with the other device in the network. A device needs an IP address to communicate with other devices but for a local network, whether it is a Wireless network like your WIFI or wired network like a switch it required a MAC address to communicate with other devices in the network This is what ARP protocol does. It creates an ARP table in every device

How ARP Protocol work

ARP Protocol broadcast the message to every device connected to the network like Who has this IP address in the network and device with that particular IP address reply and others ignore the message and device reply like yes this is my IP address and my Mac address is xx:xx:xx:xx:xx:xx and once the ARP Protocol gets the IP and Mac address of the device it saves it into the ARP table you can see the ARP table from your terminal or cmd with this command
arp -a

What is ARP Spoofing

ARP Protocol is not that secure to protect the communication between two devices and allow hackers to intercept between the communication of two devices can perform other attacks. The hacker should be on the same network to perform the ARP spoofing attack. ARP spoofing is a Man in the middle attack.

Read also: Top 5 free lab for hacking practice 

Now here router and laptop device is not asking for the IP address of any device but the attacker is sending a message to the user that his IP is which is the router IP address and user computer will accept the request and change it from the ARP table and become the router for the laptop device, same with router attacker send a message to router and telling that his IP is and router will accept his message again will change his ARP table in this scenario attacker don’t have any IP address he is just sending the fake message now router will think that the attacker is the user and user will think that the attacker is the router, because of that when the user tries to visit a site his request is supposed to send to the router but it will be sent to the attacker and attacker will send it to the router because of security issue with ARP protocol that it just accept the request without checking that is it true and legitimate or not.

Read: How to perform Man in the middle attack

The previous tutorial on man in the middle attack with mitmf tool also uses the same technique for man in the middle attack. you can check it out now I am using the different tool called arpspoof for ARP spoofing.

Now to perform the ARP spoofing attack you need a Kali Linux machine installed and open the terminal and use the following command

arpspoof -i eth0 -t
Now -i is for the interface which is eth0 (ethernet) you can also use wlan0 if you are connected to a wireless network and -t is for the target which is in this scenario from the image above and is router IP address with this command it will send the request to the user and tell him that he is the router.

When all is done open another terminal window and type the following command 

arpspoof -i eth0 -t
This is the same command but this time it is for the router and telling him that you are the user, Now we are all set when you hit enter the attack will start you can check it from the victim computer and check the ARP table with arp -a and you will find out that the which is router IP address and his mac address is changed with attacker mac address, but there is still one problem with this attack we have done everything when victim want to visit a website his request will be sent to us and our machine has to send it to the router but to send the packet to the router you need to do port forward to do that open another terminal and type the following command

echo 1 > /proc/sys/net/ipv4/ip_forward
Now all the packet will flaw with your computer you can intercept with all the packet with any packet sniffer like Wireshark

Click here to join us on Telegram for the latest updatesand share it if you like the post.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.