In this Haktip Darren shows how to detecting ARP Cache Poison Attacks in Windows and Linux using XARP
The basics of the Man in the middle attack are this:
Monkey-in-the-middle tells router heâ€™s you.
Monkey-in-the-middle tells you heâ€™s the router.
Monkey-in-the-middle likes mountain dew.
This is achieved using ARP packets, which are how nodes identify themselves on IP networks.