D-Link DES-3828 Product Manual - Page 447

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual H/W Protocol H/W Protocol Operation Sender type type address address length length H/W address ARP reply 00-20-5C-01-11-11 Table - 3 (ARP Payload) Sender protocol address 10.10.10.1 Target H/W address 00-20-5C-01-22-22 Target protocol address 10.10.10.2 When PC B replies the query, the "Destination Address" in the Ethernet frame will be changed to PC A's MAC address. The "Source Address" will be changed to PC B's MAC address (see Table-4). Destination address 00-20-5C-01-11-11 Source address 00-20-5C-01-22-22 Table - 4 (Ethernet frame format) Ether-type ARP FCS The switch will also examine the "Source Address" of Ethernet frame and find that the address is not in the Forwarding Table. The switch will learn PC B's MAC and update its Forwarding Table. Forwarding Table Port1 00-20-5C-01-11-11 Port2 00-20-5C-01-22-22 How ARP spoofing attacks a network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service - DoS attack). The principle of ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet network. Generally, the aim is to associate the attacker's or random MAC addresses with the IP address of another node (such as the default gateway). Any traffic meant for that IP address would be mistakenly re-directed to the node specified by the attacker. IP spoofing attacks are caused by Gratuitous ARPs that occur when a host sends an ARP request to resolve its own IP address. Figure-4 shows a hacker within a LAN to initiate ARP spoofing attack. 443