bad traffic loopback traffic

["Everist, Benjamin S. (NASWI)" <EveristB () naswi navy mil>]

hello all,

I'm getting a lot of bad traffic loopback traffic alerts (sid=528) from
127.0.0.1:1024 to 255.255.255.255:67.  
tcpdump -e -i lo0 -n records no packets, even when new alerts are being
generated.  
tcpdump -e -i xl0 -n host 127.0.0.1 gets this:

11:59:32.949764 0:60:1d:0:6:a0 ff:ff:ff:ff:ff:ff 0800 586: 127.0.0.1.1024 >
255.255.255.255.67:  (request) xid:0x641b767c secs:32768 [|bootp]

and a whole lot more like it (like 2500+ alerts on snort today, and this has
been going on for the life of this machine, about a week).  I'm confused.
What's going on here?  I'm not running a dhcp client or server, and for that
matter, lo0 is silent unless i deliberately use it (I left tcpdump on for a
half hour, the only thing it logged was when I pinged localhost).  Where is
this traffic coming from and is it valid (and if so, why is it so
persistant?).

your thoughts are appreciated.


Benjamin

Other/ More Info:
Snort is started with -i xl0
I am currently on a switch waiting to move to a hub