Why does all network traffic go through the attacker after poisoning the network?
If the attacker has successfully used spoofed ARP replies to record false entries in the ARP tables for all internal hosts and the gateway, all traffic sent from internal hosts to the gateway will go to the attacker (Step 4). All traffic from the gateway will also go through the attacker and is now redirected through the computer as part of a MITM attack (Step 5).