Address resolution protocol spoofing is a strategy that involves sending a counterfeit ARP or address resolution protocol message to an Ethernet local area network. The main function of ARP spoofing is to redirect traffic from one IP address to the MAC address of the originator of the spoof. The process works by tricking the Ethernet network into picking up on the counterfeit address and routing traffic to terminate with the spoofed address rather than being directed to the genuine IP address.
Once the traffic is routed through the address resolution protocol spoofing process, the originator of the fake address has two options. First, the received data can be evaluated and then passed on to the real destination. In this option, the data is not altered in any manner. This approach is known as passive sniffing.
The second option that results with address resolution protocol spoofing involves receiving the intercepted data and altering it in some manner. The altered data is then forwarded to the intended recipient, who will have no reason to think the data did not come directly from the original sender. This is commonly referred to as a man-in-the-middle attack.
While address resolution protocol spoofing is often utilized for questionable purposes, the process does have some perfectly legitimate applications as well. Many businesses make use of more than one IP address to drive traffic to their web sites. Along with the URL for the main site, they may also create a number of generic URLs and associated IP addresses that will generate passive traffic. In this application, Internet users come across one of these generic addresses, click on the link, and are passed through the default gateway to the main web site via the forwarding function of the ARP process.
When utilized for purposes of capturing data without authorization, address resolution protocol spoofing is sometimes referred to as ARP poisoning or ARP poison routing. These nicknames help to describe the use of the protocol for purposes that are not in the best interests of the sender or the receiver of the original query.