An ARP spoofing experiment where the attacker puts himself in between two nodes and then modifies their traffic. There are two classes of experiments that need to be combined:
    a. an experiment where ARP poisoning happens between two nodes by the attacker
    b. an experiment where an attacker changes traffic passing through it


== Example 3: ARP poisoning with MITM attack ==

This example used two metadescriptions. The first was ARP poisoning which is a flavor of cache poisoning, and the other is MITM attack. This example is written in [CurrentlyProposedLanguage].


=== ARP poisoning metadescription ===

  This is a special case of cache poisoning where the target is ARP cache.

 * '''Logical topology:''' 

    '''Objects:'''

      Attacker extends Node
  
      IP extends IPAddress

      fakePA extends MACAddress

      Cache extends Object

      Cache := {ARPRecord[] records}

    '''Cardinality:'''

      |Attacker|,,1,,

      |IP|,,1,,

      |fakePA|,,1,,

      |Cache|,,1,,

    '''Relationships:'''
      
      not collocated(Cache, Attacker)


 * '''Timeline of events: '''

  '''Definitions:'''

    Attacker a, IP ip, fakePA fpa, Cache c

      e1 := {type = ARPREPLY, origin = a, destination = c, content = (ip = fpa)}

      s1 := {c.records += (ip = fpa)}

  '''Timeline:'''

      e1 -> s1
 


 * '''Invariants:''' Nothing in addition to the topology and timeline above.

=== MITM attack metadescription ===

 * '''Logical topology:''' 

    '''Objects:'''

      Attacker, Node1, Node2 extends Node

    '''Cardinality:'''

      |Attacker|,,1,,
  
      |Node1|,,1,,

      |Node2|,,1,,

    '''Relationships:'''


 * '''Timeline of events: '''

  '''Definitions:''

    Attacker a, Node1 n1, Node2 n2

      e1 := {type = MSG, origin = n1, destination = a, content = x}

      e2 := {type = MSG, origin = a, destination = n2, content = modify(x)}

      e3 := {type = MSG, origin = n2, destination = a, content = y}

      e4 := {type = MSG, origin = a, destination = n1, content = modify(y)}

  '''Timeline:'''

      e1 -> e2 and e3 -> e4 

 * '''Invariants:'''    Nothing in addition to the topology and timeline above.

=== Experiment design ===

Now I'm a user who wants to design an experiment. I need to combine two metadescriptions (ARP poisoning and MITM attack) and somehow tie them down to generator choices. To combine I'll do something like this:

  ARPPoisoning arp1, ARPPoisoning arp2, MITMAttack mitm

    arp1.FakePA = mac(mitm.Attacker)

    arp1.IP = ip(mitm.Node2)

    collocated(arp1.Cache, mitm.Node1)	

    arp2.fakePA = mac(mitm.Attacker)

    arp2.IP = ip(mitm.Node1)

    collocated(arp2.Cache, mitm.Node2)	

    (arp1 and arp2) -> mitm