ARP (Address Resolution Protocol) associates hardware addresses with IP addresses. This association may change over time. Each network node keeps an ARP cache of corresponding IP and hardware addresses. Cache entries expire after a few minutes. A node trying to find the hardware address for an IP address that is not in its cache broadcasts an ARP request that also contains its own IP and hardware address. The node with the requested IP address replies with its hardware address. All other nodes may ignore the request.
a) How can ARP spoofing be performed?
b) What defenses (mechanisms and tools/utilities) can be used against spoofing?