試験SY0-601-JPN トピック3 問題322 スレッド

ARP poisoning is a type of attack that modifies the ARP cache on a network device. The ARP cache is a table that stores the IP addresses and MAC addresses of other devices on the network. When a device needs to send a packet to another device, it looks up the MAC address of the destination device in its ARP cache. If the MAC address is not in the cache, the device sends an ARP request to the destination device. The destination device responds to the ARP request with its MAC address.
In ARP poisoning, the attacker sends spoofed ARP messages to the victim device. The spoofed ARP messages contain the attacker's MAC address as the source MAC address and the victim's IP address as the destination IP address. When the victim device receives the spoofed ARP messages, it updates its ARP cache to associate the attacker's MAC address with the victim's IP address.
Now, when the victim device needs to send a packet to another device, it will use the attacker's MAC address as the destination MAC address. The attacker can then intercept the packet and read or modify its contents.
In the given scenario, the network analyst found that the ARP cache on the internal host was poisoned. The attacker's MAC address was associated with the victim's IP address. This means that the attacker was able to intercept network traffic from the victim device.