I've been fighting with this for a while, and I can't figure this out. I've got wireshark running on my laptop, and I'm noticing a ton of different mac addresses running IPX SAP and RIP. These mac addresses don't exist in the switch. The subnets that are affected are:
I change my mask to be 255.0.0.0 and my system is in the 10.2.0.0 subnet. I scanned all of the subnets using nmap so I can get the mac address back on them. After collecting these, I searched for the mac addresses that I'm getting in wireshark. There's about 50 - 100 different ones, but they all refer to printers (Ricoh, Lexmark, HP, IBM, Oki, etc.) I have wireshark open, search the text file that I created with nmap, and nothing. There's no match between nmap's findings and wireshark's report.
I'm at a total loss as to go about troubleshooting this. BTW, I've checked ALL of my switches ARP table, mac table, and I've checked my core routers mac and arp tables. The addresses don't exist. I don't believe this is attack of any sorts either, just an anomaly that I'm having a hard time pinpointing.