I have a server connected to a procurve 4208. I noticed last week that there were 2 mac addresses coming off of that single port intervace. The server itself has 2 NICS but one is disabled, so I am just using the one. What's interesting is that the MAC Address of the "ghost" is one character from the MAC address of the live interface. Additionally, it is requesting and getting DHCP from my DHCP server. Well I needed to put an end to that quickly so I enacted port security on the port on the switch to only allow the single correct MAC data through. With the "ghost" locked out it is no longer pulling DHCP and is no longer pingable on the network. However, I can ping the bogus IP Address on the server itself. I did an ipconfig /all and route print on the server and didn't see anything that stood out. I also cleared the arp, flushed dns, searched for unwanted services and ran a virus scan and came up short. Does anyone have a clue what i am looking for?