I want to check whether we can launch ARP poisoning attack in a subnet without really sitting in that subnet. Can we do it from a subnet which is connected to that subnet using a router?
Hi. I can recommend you to read the source http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part1.html
ARP works at layer 2. That means that your computers have to be on the same physical network segment because of the MAC addresses could not cross layer 3. The router indexes IP to MAC addresses in its arp table based on locally connected devices.