I’m trying to understand all facets of MAC address spoofing by testing it on real world implementations. I have Kali set up in VMWare using bridged mode on Windows over LAN. I used Ettercap’s port-stealing feature to port-steal my smartphone (Samsung Galaxy S10).
I expected the switch in my router to be tricked into thinking that my Kali VM is my phone so that the switch forwards all traffic intended to go to my phone to my Kali VM. Instead, Wireshark displays an endless train of ARP requests from all of the devices in my network. Here is an extract:
Every single ARP packet looks like this:
Why does this happen and what is the purpose of this ARP request?