nerdexam
EC-Council

312-50V13 · Question #161

Which type of sniffing technique is generally referred as MiTM attack?

The correct answer is B. ARP Poisoning. ARP poisoning is a network-level attack that manipulates Address Resolution Protocol caches to redirect traffic through an attacker, effectively enabling a Man-in-the-Middle (MiTM) scenario.

Submitted by kavita_s· Mar 6, 2026Sniffing

Question

Which type of sniffing technique is generally referred as MiTM attack?

Exhibit

312-50V13 question #161 exhibit

Options

  • APassword Sniffing
  • BARP Poisoning
  • CMac Flooding
  • DDHCP Sniffing

How the community answered

(19 responses)
  • A
    5% (1)
  • B
    95% (18)

Why each option

ARP poisoning is a network-level attack that manipulates Address Resolution Protocol caches to redirect traffic through an attacker, effectively enabling a Man-in-the-Middle (MiTM) scenario.

APassword Sniffing

Password sniffing is the act of capturing passwords from network traffic, which is a *result* or objective of a sniffing attack, rather than the underlying technique that enables a MiTM attack.

BARP PoisoningCorrect

ARP poisoning involves sending forged ARP messages to a local area network to associate the attacker's MAC address with the IP address of another host, such as the default gateway. This redirection of traffic through the attacker's machine allows them to intercept, read, or modify communications between two legitimate parties without their knowledge, which is the definition of a Man-in-the-Middle (MiTM) attack.

CMac Flooding

MAC flooding overwhelms a switch's CAM table, causing it to broadcast all traffic to all ports (acting as a hub), which facilitates sniffing but is a distinct technique from ARP poisoning and is not itself generally referred to as a MiTM attack.

DDHCP Sniffing

DHCP sniffing involves monitoring or manipulating DHCP traffic for network reconnaissance or configuration changes, but it is not the primary mechanism used to reroute general network traffic through an attacker in a MiTM scenario.

Concept tested: ARP poisoning as MiTM attack

Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swipsnoo.html

Topics

#MiTM attack#ARP poisoning#Network sniffing

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice