Which attack uses ARP spoofing to intercept traffic?

Intercepting traffic between two devices on a local network is accomplished by placing the attacker in the middle of the communication path. ARP spoofing does this by tricking devices on the LAN into associating the attacker’s MAC address with the IP address of another host (often the gateway). As a result, traffic that should go to that host is sent to the attacker, who can simply forward it on or modify it, effectively eavesdropping and potentially altering the communication. This positioning—being able to watch and control the data as it passes between two endpoints—is the essence of a Man-in-the-Middle attack. The other options don’t describe this scenario: DoS would disrupt or prevent traffic rather than intercept it, DNS cache poisoning targets name resolution rather than traffic routing at the LAN layer, and brute-force attacks aim to guess credentials rather than intercept communications.