performing-arp-spoofing-attack-simulation
Installation
SKILL.md
Performing ARP Spoofing Attack Simulation
When to Use
- Testing whether network switches and infrastructure properly implement Dynamic ARP Inspection (DAI)
- Demonstrating man-in-the-middle attack risks to stakeholders during authorized security assessments
- Validating that network monitoring tools (IDS/IPS, SIEM) detect ARP cache poisoning attempts
- Assessing the effectiveness of port security, 802.1X, and VLAN segmentation controls
- Training SOC analysts to recognize ARP spoofing indicators in network traffic
Do not use on production networks without explicit written authorization and a rollback plan, against networks carrying critical or life-safety traffic, or as a denial-of-service attack vector.
Prerequisites
- Written authorization specifying in-scope network segments for ARP spoofing simulation
- Kali Linux or similar penetration testing distribution with arpspoof, Ettercap, and Scapy installed
- Direct Layer 2 access to the target network segment (same VLAN as target hosts)
- IP forwarding knowledge and ability to enable/disable packet forwarding on the attacker machine
- Wireshark or tcpdump for capturing traffic to verify interception
- Isolated lab environment or approved production test window