One of the most famous man in the middle attacks involves exploiting a weakness in the ARP (Address Resolution Protocol), the goal of which is to help find the IP address of a machine by knowing the physical address (MAC address) of its network card.
The goal of the attack is to intercept two machines on the network and send each one a false ARP packet stating that the other machine's ARP address (MAC address) has changed, the ARP address provided being that of the attacker.
The two target machines will then update their dynamic table called the ARP Cache. We talk about ARP cache poisoning (sometimes ARP spoofing or ARP redirect) to refer to this type of attack.
As such, every time one of the two machines wishes to communicate with the remote machine, the packets will be sent to the attacker, who will transparently send them to the receiving machine.