True in a way - but packets usually pass through a switch before the get to the WS. Most switches have ARP caches - which can be poisoned...........

Yeah ARP poisoning would work to an extent, the extent being you could only spoof an address within your network (i.e. one you owned) otherwise the traffic wouldnt be routed back to you and would be lost somewhere. However there is nothing stopping you using machines dotted around the world (one being at the spoofed IP address, or at least at an address where you can catch the data) to relay data back to you. It just gets a bit messy.