Network Unprotected (ARP Spoofing Vulnerable)

Interactive Network Topology

Fa0/1 (Trunk) Fa0/2 Fa0/3 Fa0/4 Fa0/2 Fa0/3 Fa0/4 Switch0 (2960) Switch1 (2960) PC0 (VLAN 10) 192.168.1.1 PC1 (VLAN 20 / Attacker) 192.168.1.2 Server1 (DHCP VLAN 10) 192.168.1.6 PC2 (VLAN 10) 192.168.1.3 PC3 (VLAN 20) 192.168.1.4 Server0 (DHCP VLAN 20) 192.168.1.5 VLAN 10 VLAN 20

Device Inspection: Select a device

Click on any PC, Switch, or Server in the network topology diagram above to inspect its live ARP cache table, DHCP snooping binding table, or network interface status.
Step 1 of 5

Step 1: Understand ARP Spoofing Vulnerability

Address Resolution Protocol (ARP) binds IP addresses to MAC addresses on a local network. However, standard ARP does not verify responses. This allows attackers on the local subnet to spoof ARP replies, linking their own MAC address to another device's IP (e.g. the Server or Gateway), thereby routing other users' traffic through them.

Goal: Test what happens without protection. Click the "Simulate ARP Spoofing" button in the topology header to launch a spoofing attack from PC1.

Tasks for this Step:

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2013 by Cisco Systems, Inc.
 
Press RETURN to get started.
 
Switch0>
💡 CLI Tips: Use ? for help, Tab to autocomplete, and Up/Down arrows for command history. Key configurations require entering enable and conf t first!

DHCP Snooping Binding Database

MAC Address IP Address Lease (s) VLAN Interface
No active DHCP bindings. Enable DHCP Snooping to build database.

Live Console Syslog Messages

[SYSTEM] Logging service started. Waiting for network events...