The ARP protocol is a layer 3 protocol used to translate:
When a device tries to access a network resource, it will first send requests to other devices asking for the MAC address associated with the IP it wants to reach. The caller will keep the IP - MAC association in its cache, the ARP cache, to speed up new connections to the same IP address.
Man in the middle The attack comes when a machine asks the other ones to find the MAC address associated with an IP address.
The pirate will answer to the caller with fake packets saying that the IP address is associated to its own MAC address and in this way, will “short-cut” the real IP - MAC association answer coming from another host.
This attack is referred as ARP poisoning or ARP spoofing and is possible only if the pirate and the victims are inside the same broadcast domain.