When successful, they're stored temporarily in a configuration setting on other network devices. In an ARP-spoofing attack, a program like Ettercap will send spoofed messages attempting to get nearby devices to associate the hacker's MAC address with the IP address of the target.
It lets the rest of the network know where to send traffic - but it can be easily spoofed to change the way traffic is routed. Usually, this happens via an address resolution protocol (ARP) message indicating which device's MAC address goes with which IP address. On a regular network, messages are routed over Ethernet or Wi-Fi by associating the MAC address of a connected device with the IP address used to identify it by the router. One of the most popular tools for performing this attack is Ettercap, which comes preinstalled on Kali Linux.
In an ARP-spoofing attack, messages meant for the target are sent to the attacker instead, allowing the attacker to spy on, deny service to, or man-in-the-middle a target. ARP spoofing is an attack against an Ethernet or Wi-Fi network to get between the router and the target user.
