From 3723852e17fa3f8b8b49a0cdecbad8b9ffcdde5b Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 19 Nov 2009 04:51:38 +0000
Subject: [PATCH] Use the same trick of peeking inside the ARP packet for the
 destination MAC in the doArp function as is done for ARP ping scan in
 scan_engine.cc. This makes us capable of reading ARP responses that are sent
 to the broadcast address.

---
 tcpip.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcpip.cc b/tcpip.cc
index 8211c7197..bdb8c42c0 100644
--- a/tcpip.cc
+++ b/tcpip.cc
@@ -2702,7 +2702,7 @@ static bool doArp(const char *dev, const u8 *srcmac,
   /* Start listening */
   pd = my_pcap_open_live(dev, 50, 1, 25);
   set_pcap_filter(dev, pd,
-                  "arp and ether dst host %02X:%02X:%02X:%02X:%02X:%02X",
+                  "arp and arp[18:4] = 0x%02X%02X%02X%02X and arp[22:2] = 0x%02X%02X",
                   srcmac[0], srcmac[1], srcmac[2], srcmac[3], srcmac[4],
                   srcmac[5]);