MAC address anomaly in tcpdump captures