> RFC says that the target MAC in the who-has requests has no meaning but > they can be present in the who-has requests. And there was no such packets > in that net -- they appeared recently. So if the terget MAC is normally > ignored, such packets can be used for ARP spoofing (of any kind) only if > we have some strange ARP stacks that are caching the target MAC's from the > ARP requests.
Have you investigated the requestor? Is it the same host over and over again? Kind regards, Jeroen van Meeuwen -- kanarip
