I recently did a host scan with ettercap (just looking around) and found that all of the IP addresses (which were all different) had the same MAC address. I did a little research and came up with a proxy arp possibly being the cause of this. The way I understand it is that every single computer (including the one I was on) can only see one mac address, which I think is the arp proxy. From reading I understand that all computers will send data to that arp proxy and then the proxy will identify where it must go based on it's arp tables which it keeps track of. If this is the way it all works then wouldn't Man in the Middle attacks not work since all you can see is the arp proxy, or is there away around this. Can someone clarify this for me, I never heard of an arp proxy before, neither do I know that this is what is happening in my case, it just seemed like it would make the most sense. It seems kind of funny seeing all these different IP addresses all with the same MAC address.
I found this on this site: Verkot: Model answer 5, st-98
"Hosts which are using proxy ARP are not concious about the fact that they have been subnetted. Response from any machine is as valid as response from server w hich handles routing.
Whole idea of proxy ARP is spoofing. (Comer: figure 10.2 page 142): "In essence, R lies about IP-to-physical address bindings."
Proxy ARP is based on trust - every request and reply is considered legitimate.
It is also impossible to implement warning which alerts when two IP addresses map to the same physical address. "
Can someone explain to me how ettercap would relate to this and also if two IP addresses have the same physical address, would both computers receive the packets? It would really help me if someone explained how ARP poisoning would work in a situation with Proxy ARP...it seems like there would be a conflict (I can't even get real MAC addresses)