What is it?
ARP poisoning is a technique in which a host in a LAN can “poison” the ARP table of another host causing it to send packets to the wrong destination. The attacker can modify the traffic in the network such a way that it will redirect all traffic to go through it. ARP Spoofing will allow an attacker to sniff data frames
How it works?
The attacker intercept the connection between the client and the server. He “enters” into the connection without makeing itself notable and he pretends to be the server for the client and the client for the server. It “convinces everyone” to send the packages to him making them believe that he is the destination.
For example using Wireshark you sniff all the packages and who knows what you will find out? I used this ARP poisoning in order to find some cookies which helped me in a nice demonstration.