Server Spoofing
Similar to ARP spoofing and all other spoofing attacks. In here attacker pretend to be a valid DHCP server. What attacker does is he reply for the hosts DHCP request before real DHCP server does. In the reply attacker defines a IP address to the host and false default gateway(could be attacker’s IP address). This will point all hosts traffic which are received DHCP reply from attacker, to attacker’s device allowing attacker to sniff the traffic without knowing the hosts.