Host Sweep and TCP port scans

I'm seeing a lot of host sweep and tcp port scans on my firewall logs from internal network to external network addresses. Does anyone know if this is normal behavior of any major application? From what i found, a lot of this scans can be interpreted as false positive because of the way some tabbed browsers behave. How would you interpret this information? Is there any troubleshooting that I could do?
0
Comments
I'd suggest trying to find one particular source to see if you can determine if there is anything concerning there.
As for it being normal behavior, its possible, but generally you shouldn't be getting port scan. however, the port scan could not actually be a port scan. I'd try to narrow in on one machine and take a look that way. If you can find the machine, you could use something like Burp suite and burp down the browser in order to see what its actually calling. Also, you could shark the traffic originating from that IP, or on the box itself.