It is important to realize that ARP is only used on LANs (Local Area Networks). Originally, all computers were directly connected to The Internet, so all routing was based on IP addresses. Eventually, routers allowed multiple computers on a LAN to connect to The Internet with a single IP address.
In order to allow computers to share an external IP Address while maintaining network discoverability and backwards compatibility, there needs to be a different way to identify hosts behind the router and a way to convert between a host’s two addresses. To meet this need, the MAC Address of a device is used to identify that host on a LAN. MACs are unique to each computer and thus provide a way to uniquely identify all devices on a LAN.
ARP is used to communicate MAC addresses so that all hosts know each other’s MAC/IP pair. After exchanging MAC Addresses, hosts can conform to the standard OSI model for TCP/IP communication on a LAN.
ARP Poisoning takes advantage of the overly trusting ARP system. By sending forged ARP packets, an attacker can cause a victim to send traffic to any nodes on the local network.
Here we will explain in detail how the ARP protocol works, show the protocols inherent weakness, and then examine the different methods for attacking with and defending against ARP based exploits.