¨Used in switched environment where
MAC flooding
does not work
¨defeats
switches via spoofed ARP messages
¨Attacker’s machine initially
configured with “IP forwarding” to forward incoming network traffic
to a default router
¨Dsniff’s arpspoof program activated
to send fake ARP replies to the victim’s machine to poison its ARP
table
¨Attacker can now sniff all traffic
on the LAN
¨