From 33f2dc30cf4672dd367b281329a8a386f4c01a4b Mon Sep 17 00:00:00 2001
From: onura <onuralanbel@gmail.com>
Date: Sun, 28 Jan 2018 01:26:01 +0300
Subject: [PATCH] fix: Arp spoofing poisons other devices although
 arg.spoof.targets is set to a single IP. Although a target IP is set for arp
 spoofing, other devices get poisoned. When I analyze the traffic, I can see
 that bettercap-ng keeps broadcasting ARP replies.I mean target Mac is
 specified in ARP but not ethernet. This also cause a lot of GARP replies to
 be sent by colliding endpoint (probably gateway). This pr fixed the issue by
 sending unicast ARP replies as specified at RFC826.

---
 packets/arp.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/packets/arp.go b/packets/arp.go
index 3ddbd888..ffc61ab3 100644
--- a/packets/arp.go
+++ b/packets/arp.go
@@ -1,14 +1,15 @@
 package packets
 
 import (
-	"github.com/google/gopacket/layers"
 	"net"
+
+	"github.com/google/gopacket/layers"
 )
 
 func NewARPTo(from net.IP, from_hw net.HardwareAddr, to net.IP, to_hw net.HardwareAddr, req uint16) (layers.Ethernet, layers.ARP) {
 	eth := layers.Ethernet{
 		SrcMAC:       from_hw,
-		DstMAC:       net.HardwareAddr{0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+		DstMAC:       to_hw,
 		EthernetType: layers.EthernetTypeARP,
 	}
 	arp := layers.ARP{