In trying to figure out why our network traffic seems to be up, I've installed NTOP on one pc and put it off of a hub to monitor the traffic. One of several things that NTOP reports on is duplicate MAC addresses. Several of our pc's have been red flagged as high risk because NTOP found duplicate MAC addresses which might indicate spoofing.
If indeed something/someone is spoofing, how to I track this down? How do I find out if it's really a MAC address being spoofed and then find the duplicate?