Greeting's

I have two question's about Man-In-The-Middle (MITM) attacks.

1. Lets say I type hotmail.com in the address bar of my internet browser. Then I log-on to hotmail. Now right here at the type is it possible for amyone to watch and listen to the authentication request. What I mean is some what like sniffing but I want to know if this is possible without creating something that alerts me. (AFAIK there is something know as ARP storms but I do not know how they occur).

2. I have successfully logged into hotmail and I am reading my mail at this point is it possible to read the mails to and send me wrong data (something other that what's the content of the mail). I also know that it is possible to inject commands in a present connection but this creats again, ARP storms (I have not a clue how they occur, I mean for what reasone).

One more thing that I dont understand is how MITM can act as hotmail server (I above situation's) because would I know it from the active connections shown by lets say Netstat or Fport due the Mismatch of IP of Hotmail and the IP of MITM.