While analyzing switch port mirroring logs, you notice host 52:54:00:ab:cd:ef repeatedly sending unsolicited ARP reply packets that state "192.168.50.1 is-at 52:54:00:ab:cd:ef," even though the legitimate default gateway has MAC 00:25:90:12:34:56. Shortly afterward, several workstations begin routing their traffic through the rogue host. Which sniffing-related spoofing technique is the attacker using to redirect the traffic?
MAC flooding to overflow the switch's CAM table
DHCP spoofing to issue fraudulent default-gateway information
DNS cache poisoning to redirect hostname lookups
ARP poisoning (ARP spoofing) to perform a man-in-the-middle attack
The attacker is performing ARP poisoning (also called ARP spoofing). By crafting fake ARP reply frames that bind the gateway's IP address to the attacker's MAC address, the attacker poisons the victims' ARP caches. Traffic destined for the gateway is then sent to the attacker, allowing passive sniffing or an active man-in-the-middle position.
MAC flooding targets a switch's CAM table to force the device into hub-like behavior but does not forge gateway mappings. DHCP spoofing uses rogue DHCP offers to supply malicious network configuration values, and DNS spoofing tampers with name resolution responses rather than Layer-2 address resolution. None of those alternatives explain unsolicited ARP replies claiming the gateway's IP-to-MAC association.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is ARP poisoning, and how does it work?
Open an interactive chat with Bash
What is the difference between ARP poisoning and MAC flooding?
Open an interactive chat with Bash
How does ARP poisoning facilitate a man-in-the-middle attack?
Open an interactive chat with Bash
What is ARP poisoning and how does it work?
Open an interactive chat with Bash
How does ARP poisoning differ from MAC flooding?
Open an interactive chat with Bash
What is the difference between ARP poisoning and DNS spoofing?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .