I have been monitoring a problem over several day where huge amounts of ICMP Echo Request traffic is being generated, both inside and outside my firewall. The packets all originate from IP=127.0.0.1 (Mac 08:00:2b:00:dc:dc) and all packets are destined for a variation of IP's but the same MAC (08:00:2b:00:01:02). Neither of these Hardware addresses reside on my network and I am thoroughly stumped! Any ideas?
We have been getting the same thing. Then for some reason accident we ran the sniffer software (Ethereal) from a workstation instead of a laptop and we didn't see the traffic. Then we connected the port we were sniffing to an old hub (not a switch) as well as both the laptop and a workstation and ran Ethereal on both the laptop and WS. Only the laptop saw the ICMP traffic from 127.0.0.1 sources. (destination addresses were all over networks but real addresses) Hypotheses anyone? We did eliminate viruses being on the laptop.