Understanding the different types of network threats is critical to knowing what to look for when an attack occurs. Address Resolution Protocol (ARP) is used on TCP/IP networks to link IP addresses to physical (MAC) addresses. If you were to put a packet sniffer on your server's connection to your network you would see a fair amount of ARP traffic.

I found a good post on the Hackaday blog on the basics of ARP and why it's so insecure. Here's the paragraph from his post:

Security Now! 29 Ethernet Insecurity 52:14 covers how ARP works and why it is so insecure. This is something that everyone should know, but it may be easier to understand if you read Steve gibson's accompanying article. He mentions in the podcast an old story about a security researcher's comments that a lot of hotels still use hubs instead of switches; I found the story on Schneier. I think Irongeek's article was my first introduction to the subject of ARP spoofing.

Worth checking out!