I want to write a small program for ARP poisoning but I do not know where in the network the attacker has to be.
I have a network consisting of a victim, an attacker and a switch. If the attacker and the victim are both connected to the switch, the answer from the switch will arrive faster than the attack from the attacker. Therefore, I guess the attacker needs to be between the victim and the switch. All packets are inspected, ARP requests are filtered out and a "wrong" answer is sent back.
However, in such a case, what kind of network settings are necessary on the attackers device?
Example network: Switch = 192.168.1.1 Attacker = 192.168.1.2 Victim = 192.168.1.3
Switch <—— >Attacker <——> Victim
So the attacker needs to have 192.168.1.3 on its "left" and 192.168.1.1 on its "right" side? What kind of routing is necessary to make it work?