ARP poisoning can enable a man-in-the-middle attack by intercepting traffic between two devices.

ARP poisoning, or ARP spoofing, works by manipulating the address resolution protocol so that the IP-to-MAC mappings stored in devices on a local network become deceptive. When two devices communicate on a LAN, they rely on ARP to learn which MAC address corresponds to a given IP. An attacker can flood the network with forged ARP replies (or requests), making devices cache the attacker’s MAC address as the owner of a legitimate IP. As a result, traffic that was meant for the real device is sent to the attacker. If the attacker then forwards that traffic to the true destination, they sit in the middle, able to eavesdrop, modify, or drop packets—i.e., a man-in-the-middle attack. So the statement is true because ARP poisoning directly enables interception of traffic between two devices on the same local network when the attacker positions themselves in the path.