ARP spoofing refers to what?

ARP spoofing is about poisoning the address resolution protocol cache on devices within a local network by sending falsified ARP messages. Since ARP maps IP addresses to MAC addresses and these mappings aren’t authenticated, an attacker can associate their own MAC with a legitimate IP (often the gateway or another host). When other devices update their ARP tables with this incorrect mapping, their traffic destined for that IP is sent to the attacker’s machine, enabling interception, sniffing, or modification of the data in transit. This is a local-network threat and relies on the unverified ARP updates circulating between machines. Not about DNS tampering, which would affect name-to-IP mapping at the DNS level, or about simply flooding the network with ARP requests, which describes an ARP flood or ARP storm rather than spoofing. Disabling ARP on devices would disrupt normal network operation rather than perform the spoofing technique.