Why exactly arp spoofing slows the network significantly?

[Coldblackice]

Why does it slow the network flow to a crawl?

I wager it's in lieu of a typical desktop NIC not being up to par for the duties of handling/directing network traffic like a dedicated router would. Is this the case?

How could this be remedied (while still arp spoofing and capturing traffic)?

I'm looking for a permanent solution on my home network, perhaps using a dedicated NIC and/or VM. Or perhaps even through a router -- I have a few spare DDWRT'ed routers on hand.

I'm wondering if perhaps more resources could be dedicated toward the spoofing NIC (or on the software end with Wireshark, for example), or perhaps the equivalent of giving it a higher priority class (processing/memory/IO) to help the flow of traffic move swiftly along like a dedicated router would be able to (or as close as possible).

 

[Pinski]

Why are you arp spoofing in the first place?

It'd be a lot easier to just setup some span ports and duplicate the traffic to capture the traffic you want.

 

[Liger88]

Well if you understand the nature of a switch and what ARP does then you'd easily see how it could slow a network down to a crawl. The very nature of ARP spoofing is to force a switch to no longer be a switch and react like a hub. We all know how well hubs do with traffic lol.

 

[Lain542]

In addition to what Liger88 said, arp traffic also causes each computer to take the time and computational power to look at each arp packet and decide to drop it or respond. This is called a broadcast storm.