ARP is used to resolve ip to mac address Or mapping a logical address to 48 bit hexadecimal number ARP request is a broadcast ARP reply is a unicast When a client sends a ARP request as a broadcast An attacker will send a crafted ARP reply which contains the spoofed MAC address This will cause the requester to think that it is bound to ip address in question So requester will add the bogus entry to its ARP cache and begin forwarding the packets to spoofed MAC address This is called ARP Poisoning