
- The Hacker Who Laughs ๐ธ๐ธ๐๐๐ธ๐ธ
Today we are going to be talking about ARP poisoning and how to poison a network. A lot of this is going to be heavy networking based, so do mind your fundamentals. Iโll explain some stuff along the way. As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pentest on anyoneโs network unless it is your own, or you have permission to do so.
In order to walk you through how to perform the technique, lets go over a few things first like: ARP, pingsweep, and spoofing. ARP, address resolution protocol, is what NSlookup is, but for MAC addresses. ARP translates the corresponding MAC address back to the IP of the system it pertained to. Pingsweeping is the process of pinging a series of IP addresses via a network range to check for ICMP responses. No response typically indicates a system is not up, a response indicates the system is up. There are a variety of different scan types, each with unique return results. Spoofing is the concept of masquerading as another entity, whether it be a machine, such as a spoofed MAC address, or a person for social engineering exploits, such as a spoofed ID badge for example. Now that we have the basics covered out of the way, lets begin!
What is ARP Poisoning?
How does ARP poisoning work? Essentially you are masquerading your IP and MAC address on the internal network as another system in order to receive any network traffic data intended for it. When you communicate on the network, whether it be internally (the local network) or externally (a web server), the default gateway, your router, handles the communication for you and routes it on your behalf. When you receive a response it also handles and forwards that information to you as well. If you masquerade as another system on the network, itโs essentially going to send you a copy of the return information from the victim as well. In the process, since you are also on that same system on the network, youโll also be able to see any outgoing network traffic from the victim itself and receive a copy of that as well. This means that if any of those communications are insecure, such as HTTP for example, youโll be able to see any and all data in plain text format. If the victim sent over any POST HTTP request data for example, you will be able to see any credentials they sent over to authenticate to a web server. This methodology is what is also known as a form of a man in the middle attack exploit. A Man in the Middle attack is when you intercept a communication for one or more parties involved and either steal or forward that data, manipulating it, as if you were the original sender, unsuspected to said parties involved.
What is Subnetting?
You might be asking yourself what is a subnet? Subnets are essentially networks that have been fragmented into smaller sub networks, hence subnetting. Each subnet is assigned a unique โsubnet maskโ, the โ/24โ that you see here, that allows you to identify each subnet. Each subnet has itโs own pool of IP addresses that can be assigned to members of that particular subnet. This allows for segmentation practices that prevent stuff like single point of failures, which are essentially monolithic based infrastructures that nest everything into one place. For network security purposes, when you do this you make it HARD for attackers to find everything, decreasing your attack surface, securing your systems greatly. With subnetting itโs also possible to control which subnets can talk to each other, which is the main reason we begin a main hunt for them via the route and traceroute commands.
Exploit Guide

POSITIVE BONUS ๐ธ๐ธ๐๐ธ๐ธ
If you like to see the more advanced version of this article that talks about methods that can be used to mitigate, as well as any videos included, SUBSCRIBE TO MY PATREON CYBER SECURITY TIER!
If you enjoyed this article, check out some of my other work as well. I post articles 2 to 3 times a week covering hacking tutorials.
- The Hacker Who Laughs ๐ธ๐ธ๐๐ธ๐ธ