Also referred to as ARP poison routing (APR)
or ARP cache poisoning
, a method of attacking an Ethernet LAN
by updating the target computer’s ARP cache
with both a forged ARP request and reply packets
in an effort to change the Layer 2 Ethernet MAC address
(i.e., the address of the network card) to one that the attacker can monitor. Because the ARP replies have been forged, the target computer sends frames
that were meant for the original destination to the attacker’s computer first so the frames can be read. A successful APR attempt is invisible to the user.