• caglararli@hotmail.com
  • 05386281520

Why are 2 IP addresses mapped to a single MAC address not an evidence of ARP spoofing? (confusion with slide eg)

Çağlar Arlı      -    5 Views

Why are 2 IP addresses mapped to a single MAC address not an evidence of ARP spoofing? (confusion with slide eg)

I am going through the slides at:

https://www.slideshare.net/slideshow/packet-sniffing-85873158/85873158

i.e. we have 3 machines:

A’s ARP cache shows:

  • B’s IP address is associated with Z’s MAC address
  • Z’s IP address is associated with Z’s MAC address

B’s ARP cache shows:

  • A’s IP address is associated with Z’s MAC address
  • Z’s IP address is associated with Z’s MAC address

Z’s ARP cache shows:

  • A’s IP address is associated with Z’s MAC address
  • B’s IP address is associated with Z’s MAC address

The slide 15 says that attacker Z has access to all of A’s and B’s message.

But the following article at: An ARP table keeps multiple MAC addresses for an IP address or a single one?

Its says that the above situation i.e. 2 IP addresses mapped to a single MAC address is not an evidence of ARP spoofing.

However, it says that: 2 MAC addresses mapped for same IP is an evidence of ARP spoofing.

This looks contrary. If B’s IP address is mapped to Z’s MAC address after the attack, then B’s IP address is mapped to B’s own MAC address before the attack. Hence slideshare’s example also okays the argument I.e. 2 MAC addresses mapped for same IP is an evidence of ARP spoofing.

Please guide me if the example provided in the slide an evidence of ARP spoofing?