GIAC Penetration Tester (GPEN) — Question 29

Which of the following attacks allows an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether?

Answer options

• A. Man-in-the-middle
• B. ARP spoofing
• C. Port scanning
• D. Session hijacking

Correct answer: B

Explanation

ARP spoofing is the correct answer because it allows attackers to associate their MAC address with the IP address of another device on the network, enabling them to intercept or modify traffic. Man-in-the-middle attacks are broader and can involve different methods, while port scanning is used for identifying open ports rather than intercepting data. Session hijacking involves taking over an active session but does not specifically involve sniffing data frames on a LAN.