Looking at some unusual ICMP traffic that was being reported by our MARS box.  The MARS is primarily reporting on VPN clients so I set up a capture on the inside interface of one of the ASAs and pinged an address from my PC.

On the PC (192.168.1.145) I see

C:\>ping 192.168.3.5

Pinging 192.168.3.5 with 32 bytes of data:

Reply from 192.168.9.1: TTL expired in transit.
Reply from 192.168.9.1: TTL expired in transit.
Reply from 192.168.9.1: TTL expired in transit.
Reply from 192.168.9.1: TTL expired in transit.

Ping statistics for 192.168.3.5:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

On my capture on the ASAA I get 1010 of these

1384: 21:15:21.207859 192.168.1.145 > 192.168.3.5: icmp: echo request
1385: 21:15:21.208042 192.168.1.145 > 192.168.3.5: icmp: echo request
1386: 21:15:21.208073 192.168.1.145 > 192.168.3.5: icmp: echo request
1387: 21:15:21.208180 192.168.1.145 > 192.168.3.5: icmp: echo request
1388: 21:15:21.208225 192.168.1.145 > 192.168.3.5: icmp: echo request
1389: 21:15:21.208286 192.168.1.145 > 192.168.3.5: icmp: echo request
1390: 21:15:21.208317 192.168.1.145 > 192.168.3.5: icmp: echo request
1391: 21:15:21.208378 192.168.1.145 > 192.168.3.5: icmp: echo request
1392: 21:15:21.208409 192.168.1.145 > 192.168.3.5: icmp: echo request

The basic path is 192.168.1.145 connects to a Cat3560 which connects to a Cat 6513 running 12.2(17r)S4- The ASA connects to a Cat 3560 which connect to a Cat 6513 running 12.2(18)SXF16 and the two Cat 6513 are connected with a 10gig connection.  The 192.168.9.1 address is the default gateway for the ASA which resides on the Cat 6513 that the ASA's Cat 3560 connects to.  The default gateway for the PC is on the Cat 6513 that the PC's Cat 3560 connects to.

So the question is what generated the 1010 pings for the 4 that were sent?  Wireshark on the PC shows only the four pings.