I had never run into this issue before but recently there were some difficulties accessing and providing services on one of our IPs. I tried logging into this server and noticed that it was taking forever to get logged in, strange, maybe the box is overloaded? But no, after checking all performance statistics I could think of there was nothing. I was stumped and figured it had to be something network-related so I started by pinging the device and I was able to ping it no problem, routing, that was fine too. So I went looking up logs. Starting with /var/log/messages I immediately noticed the culprit.
Mar 21 22:54:32 [hostname] kernel: [2271940.733176] ll header: ff:ff:ff:ff:ff:ff:00:02:99:0f:d4:2a:08:00 Mar 21 22:55:03 [hostname] kernel: [2271971.764263] martian source 255.255.255.255 from 10.128.0.237, on dev eth1 Mar 21 22:55:03 [hostname] kernel: [2271971.764268] ll header: ff:ff:ff:ff:ff:ff:00:02:99:0f:d4:2a:08:00 Mar 21 22:55:34 [hostname] kernel: [2272003.164375] martian source 255.255.255.255 from 10.128.0.237, on dev eth1 Mar 21 22:55:34 [hostname] kernel: [2272003.164380] ll header: ff:ff:ff:ff:ff:ff:00:02:99:0f:d4:2a:08:00
I eventually got the mac tracked down to a specific switchport. I disabled the switchport and the messages went away. Very strange.
Later it was found out that the device on that particular switchport was given a duplicate IP to the server that I was using. That's why I was seeing broadcasts that seemed like they were from myself and broadcasts that also seemed to come from my own address.