Why is it not MAC spoofing?

I'm in the middle of doing some practice questions for my upcoming Security+ 301 exam and I came across this question:

Which of the following would allow traffic to be redirected through a malicious machine by sending false hardware address updates to a switch?
A.
ARP poisoning

B.
MAC spoofing

The Answer is ARP poisoning but I don't seem to understand why it isn't MAC spoofing??
Can anyone shed some light on this please?
Thanks!

Find more posts tagged with

SAVE $250 on Your CompTIA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CompTIA Boot Camps

Comments

Everyone

Because ARP spoofing/poisoning happens in Layer 3, MAC Spoofing happens in Layer 2.

MAC Spoofing won't allow traffic to be redirected.

lsud00d

Correct Everyone, ARP is the layer 3/2 transfer, from IP to MAC (and reverse as well).

CK121

Thanks to you both! That has certainly cleared things up!

Forsaken_GA

To go a little more in depth, what they're basically asking for is how you execute a man in the middle attack.

So if you spoof the MAC address of the router, you're going to have duplicate MAC's on the segment. That doesn't help you with redirection, it'll result in dropped traffic most of the time and will usually bring someone to investigate what's going on.

However, if you poison the ARP caches by issuing some gratuitous arp replies with the gateways IP, but your MITM box's MAC address, hosts will start directing their traffic to you instead, allow you to sniff and capture it, before you forward it on to the true gateway.

Easy way to remember it is that MAC spoofing is for impersonation, arp poisoning is for interception

lsud00d

Forsaken_GA wrote: »

Easy way to remember it is that MAC spoofing is for impersonation, arp poisoning is for interception

Great explanation Forsaken, I will remember this

CK121

Seconded!! That is a easy and concise way to remember it. Thanks Forsaken_GA!!