soxrok2212
commented
1 year ago This appears to be when an interface also has an IPv6 address. Removing the IPv6 correctly resolves the right IP and the ARP message is constructed correctly.
Perhaps some extra logic is needed to specify IPv4/IPv6, or just ignore v6 altogether for now since it's huge.
When starting a DHCP release attack, arp is first performed. However, cap inspection shows the source address ass 255.255.255.255 instead of the actual IP regardless of what is set in the DHCP fields.
Tested on arm64 little endian (Kali VM on M1 Mac).