This message is in part the result of functionality added in NI 5.9 and recorded in NI 5.9 release notes under New Software Features as "Syslog notification is generated when source MAC and ARP sender MAC addresses are different in the received ARP response packets."
ARP packets have two source MAC addresses. One is the Layer2 802.3 Ethernet outer frame source MAC. The other is the sender MAC address inside the ARP packet. In most situations they are the same. Due to either functions in use, unintentional problems, or hostile actions they can differ.
Functions where frame source MAC and ARP sender MAC differ include proxy ARP and virtualization technologies such as Microsoft NLB multicast mode. In Microsoft NLB multicast mode for example, the ARP frame source MAC is the sending server's real MAC address while the ARP packet sender MAC is a virtual multicast MAC address.
Terms that point to hostile action involving ARP include ARP spoofing, ARP cache poisoning, and ARP cheating.