DAI logical Steps in finding inappropriate messages

• If an ARP reply lists a source ip address that was not DHCP assigned to a device off that port, DAI filters the ARP reply.
• DAI also uses a list of statically defined IP/MAC address combinations for comparision.
• For a recievied ARP reply, 
• DAI compares the source MAC address in the ethernet header to the source MAC address in ARP message.
• These MACs should be equal in normal ARP replies.
• If they are not, DAI filters the ARP message.
• Like in above step DAI compares the destination Ethernet MAC and the target MAC listed in the ARP body.
• DAI checks for unexpected IP addresses listed in the ARP message, such as 0.0.0.0, 255.255.255.25, multicasts, & so on.