<![CDATA[ARP (Address Resolution Protocol) is a protocol for addressing IP to the corresponding MAC Address in a local area network. Under normal circumstances a host on a local network will send ARP request packets that are broadcasted to obtain the MAC address of the destination host. When the host receives an ARP request addressed to it, the receiving host will send a unicast ARP reply packet to the sending host. Unfortunately, ARP does not provide an authentication mechanism for ARP replies intended for hosts that sent the packets. This enables every host on the network to fake ARP messages to poison the ARP cache of other hosts. ARP is vulnerable to attacks because it is a stateless protocol where ARP will accept and trust unsolicited replies so that spoof replies can be made to ARP requests. These spoofed replies can cause an ARP cache poisoning attack. ARP cache poisoning is an attack where an attacker sends a modified ARP packet to the local network. The modified packet causes the attacker's MAC address to be paired with the gateway's MAC address without the victim's knowledge that the entire traffic will pass through the attacker instead. In this study, handling of ARP cache poisoning attacks are done by analyzing the ARP packet traffic. ARP packages will be analyzed using wireshark and after a packet is considered to be a spoofed packet, prevention must be done. The types of treatment used in this study are Static ARP Entry and Persistent Arping. In this study, each type of treatment will be tested by measuring packet loss to the gateway when the ARP cache poisoning attack is in progress. The results between the two types of handling are an average of 0% packet loss when communicating to the gateway while an ARP cache poisoning attack is in progress using Static ARP Entry and an average of 53% packet loss while using Persistent Arping.]]>
