I am having trouble trying wrap my mind around the arp poisoning issue I am have, with one particular server. I am constantly get an alert from my firewall analyzer, and when I check the log it says.
Received ARP request collision from 192.0.0.0/001e.c948.3700 on interface dmz with existing ARP entry 192.0.0.0/0015.5d64.4714.
I have checked my switch and I cannot find the last mac address in my mac address table. My question is does this look like an attack or do I need to adjust my alert report some .