Address Resolution Protocol (ARP) poisoning attempts to contaminate a network with improper gateway mappings. As explained in Chapter 2, ARP essentially maps IP addresses to specific MAC addresses, thereby allowing switches to know the most efficient path for the data being sent. Interestingly enough, ARP traffic doesn’t have any prerequisites for its sending or receiving process; ARP broadcasts are free to roam the network at will. The attacker takes advantage of this open traffic concept by feeding these incorrect ARP mappings to the gateway itself or to the hosts of the network. Either way, the attacker is attempting to become the hub of all network traffic. Some tools you can use to ARP-poison a host are Ettercap, Cain & Abel and and arpspoof.