Cain's ARP-Poisoned Routing feature enables what action?

ARP poisoning on a local network works by practitioners lying about which MAC address corresponds to which IP address. When an attacker can insert forged ARP entries, devices on the subnet start sending traffic to the attacker’s machine instead of to the legitimate target (like the gateway or another host). Cain’s ARP-Poisoned Routing feature automates this effect, enabling the attacker to redirect the flow of traffic on the subnet through their own machine. That position in the data path allows sniffing, modification, or injection of traffic, effectively creating a Man-in-the-Middle. This isn’t about encryption by itself, so traffic isn’t automatically encrypted just by ARP poisoning. It also doesn’t block traffic outright, and it doesn’t manipulate DNS responses—that would be DNS spoofing rather than ARP-based redirection.