From the course: IT Security Foundations: Network Security
Join today to access over 24,000 courses taught by industry experts.
Poisoning the ARP cache
From the course: IT Security Foundations: Network Security
Poisoning the ARP cache
- [Instructor] Address resolution protocol is used on a local network to associate an IP address with a hardware address so a device can deliver data to the correct host. It's also used to test for duplicate IP addresses. Normal ARP traffic is simply a request and a reply. ARP is not routable and there's no IP header because it's already in the correct network. Poisoning the ARP cache is a man-in-the-middle attack that redirects traffic to an attacker's computer. Most systems have an ARP cache, which is a table of IP addresses to MAC address pairings. Let's take a look. I'm at the command prompt, and I'll issue the command arp -a, and here we can see my own local ARP cache. Now that we understand how the ARP cache works, let's discuss how an ARP cache poisoning attack works. With ARP spoofing, a fake or spoofed MAC address is placed on the LAN. This then allows the attacker to redirect traffic to somewhere else in order to steal information by performing a man-in-the-middle attack. To…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.