Hi Steven,
One approach is to use packet debugging:
debug ip packet
or
debug ip packet x
where x may be an access-list number.
With the access-list you will get the debug messages only for traffic that is allowed by the access-list.
This way you will be able to see the source and destination addresses of the packets.
If you get some useful results out of this but still need to gather more info, then please post the output and we can help you to further refine your search.
Cheers:
Istvan