详细讨论了ＡＲＰ协议的安全缺陷，讨论了基于ＡＲＰ改向的中间人攻击方式．工作于网络数据链路层的交换设备使得一个节点的主机不能窃听到其它节点主机之间的数据通信从而提高整个数据网络的安全保密性．但基于ＡＲＰ改向的中间人攻击方式可使攻击者窃听到交换设备其它主机的数据，并且由于交换设备的存在，牺牲主机反而不能发现受到攻击．指出了采用静态ＭＡＣ地址方法或采用第三层交换技术的安全改进措施可提高交换设备和网络的安全性． The security flaw of ARP protocol is discussed in detail, and the man-in-the-middle attack mode based on ARP redirection is discussed. The switching equipment working at the network data link layer makes it impossible for a host of one node to eavesdrop on data communication between hosts of other nodes so as to improve the security of the entire data network. However, the man-in-the-middle attack mode based on ARP redirection can allow an attacker to eavesdrop on the data of other hosts in the switching device, and sacrificing the host can not find the attack due to the existence of the switching device. It is pointed out that the security improvement measures adopting the static MAC address method or adopting the layer 3 switching technology can improve the security of the switching equipment and the network.