Hackers can use ARP Protocol that is running on the network to make their systems seem as your system or another allowed host on your network.
A too much number of ARP (Address Resolution Protocol) requests can be a sign of an ARP poisoning or spoofing attack on your network. Anyone can run a program, such as dsniff tool or Cain & Abel tool, can modify the ARP tables, which are responsible for saving IP addresses to media access control (MAC) address mappings — on network hosts.
That makes the victim machines to think they require to forward traffic to the hacker’s computer rather than to the correct destination machine when communicating on the network. And this is a type of man-in-the-middle (MITM) attacks.
Spoofed ARP responses can be sent to a switch, which returns the switch to broadcast mode and basically turns it into a hub. When this happens, a hacker can sniff every packet going through the switch and capture anything and everything from the network. This security flaw is inherent in how TCP/IP communications are handled.
In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
