Address Resolution Protocol (ARP) is a protocol that maps logical network (layer 3) addresses or IP addresses to datalink (layer 2) addresses or physical MAC addresses. Moreover, a host makes an ARP request in order to map the IP address of the destination to its corresponding MAC address. Furthermore, all the hosts on the subnet will receive and process the ARP request but only the host that matches the IP address in the request will send an ARP reply. Additionally, host may broadcast gratuitous ARP messages in which case a receiving host updates its ARP table with the new physical (MAC address)-to-logical (IP address) binding.
However, an attacker can abuse theese gratuitous ARP message in order to broadcast a spoofed IP address in which case the receiving hosts will definitely register the new mapping. The attacker may then use the ARP Spoofing to redirect traffic to itself.
ARP Poisoning is achieved when an attacker sends its MAC address to each of potentially communicating hosts (poisons) in such a way that both think that they have their respected addresses. Once the victim’s ARP cache has been successfully poisoned, each send packets to the attacker when they supposedly communicating with each other. Moreover, this puts the attacker in the middle of the communications path between the two hosts. Hence, the attacker will effectively mount a man-in-the-middle (MITM) attack.