What attack focuses on altering a switch's ARP table?

ARP poisoning is an attack where an attacker sends falsified Address Resolution Protocol (ARP) messages over a local network. This process alters the ARP tables of nearby devices, which link IP addresses to MAC addresses. When an attacker successfully poisons the ARP table, they can redirect network traffic intended for one device to themselves instead, enabling them to intercept, modify, or even block communications completely.

This type of attack takes advantage of the fact that ARP does not provide a way to verify the authenticity of ARP replies. As a result, any device on the network can send unsolicited ARP responses. Upon receiving these messages, other devices update their ARP tables with the false information, leading to compromised network traffic.

In contrast, switch spoofing involves an attack aimed at manipulating a switch's behavior for the purpose of connecting to a VLAN, and double tagging pertains to VLAN hopping, which allows attackers to send packets to different VLANs by adding multiple VLAN tags. DHCP snooping is a security feature that helps prevent rogue DHCP servers from supplying invalid IP addresses. Each of these concepts relates to network security, but ARP poisoning specifically focuses on modifying the ARP table of switches and devices, making it the correct choice for the question.