> Where this is happening? LAN? Yes, it is LAN. > > The IP who is requesting the arp's is know by you? Yes, it is one of the clients of that LAN. > > What can be happing is a machine that is trying to flood the MAC table > of the local switch and making the switch work like a HUB, then the > attacker can sniffer the network and get the information that they want.
Maybe, but I am concerned with the presence of target MAC in the who-has packets. -- rea BOFH excuse #177: sticktion
