tcpdump 수행후 이상한 로그가 있어서...

트래픽이 많이 나와 다른 곳으로 서버를 이전했는데

기존의 서버에서 여전히 트래픽이 많이 나오길래

tcpdump를 해보니 아래와 같은(빨간색) 이상한 로그가 있어서요

저게 무슨 로그인가요?

16:00:04.869732 218.38.xx.41.34573 > kns.kornet.net.domain:  11752+ PTR? 103.159
.230.58.in-addr.arpa. (45) (DF)
16:00:04.875285 802.1d config 813a.00:0b:5f:a7:b4:00.8005 root 013a.00:0d:ed:41:
a3:c0 pathcost 4 age 1 max 20 hello 2 fdelay 15
16:00:04.889622 219.241.97.163.3972 > 218.38.xx.41.http: R 3659916327:3659916327
(0) ack 854085499 win 0 (DF)
16:00:05.075271 kns.kornet.net.domain > 218.38.xx.41.34573:  11752 NXDomain* 0/1
/0 (104) (DF)
16:00:05.076015 218.38.xx.41.34573 > kns.kornet.net.domain:  11753+ PTR? 163.97.
241.219.in-addr.arpa. (45) (DF)
16:00:05.085270 kns.kornet.net.domain > 218.38.xx.41.34573:  11753 NXDomain* 0/1
/0 (117) (DF)
16:00:05.726639 arp who-has 218.38.12.59 tell 218.38.12.1
16:00:05.794182 arp who-has 218.38.12.22 tell 218.38.12.1

16:01:50.564811 210.91.82.92.33719 > 218.38.xx.41.http: S 2411496478:2411496478(0) win 64240 (DF)
16:01:50.564873 218.38.xx.41.http > 210.91.82.92.33719: R 0:0(0) ack 2411496479 win 0 (DF)
16:01:50.566156 218.38.xx.41.34573 > kns.kornet.net.domain:  36329+ PTR? 41.12.38.218.in-addr.arpa. (43) (DF)
16:01:50.573550 kns.kornet.net.domain > 218.38.xx.41.34573:  36329 NXDomain 0/1/0 (115) (DF)
16:01:50.573935 218.38.xx.41.34573 > kns.kornet.net.domain:  36330+ PTR? 92.82.91.210.in-addr.arpa. (43) (DF)
16:01:50.575072 kns.kornet.net.domain > 218.38.xx.41.34573:  36330 NXDomain 0/1/0 (101) (DF)
16:01:50.575503 218.38.xx.41.34573 > kns.kornet.net.domain:  36331+ PTR? 1.63.126.168.in-addr.arpa. (43) (DF)
16:01:50.576623 kns.kornet.net.domain > 218.38.xx.41.34573:  36331 1/2/2 (141) (DF)
16:01:50.822125 222.99.112.40.3634 > 218.38.xx.41.http: S 2406225686:2406225686(0) win 64240 (DF)
16:01:50.822148 218.38.xx.41.http > 222.99.112.40.3634: R 0:0(0) ack 2406225687 win 0 (DF)
16:01:50.822383 218.38.xx.41.34573 > kns.kornet.net.domain:  36332+ PTR? 40.112.99.222.in-addr.arpa. (44) (DF)
16:01:50.823520 kns.kornet.net.domain > 218.38.xx.41.34573:  36332 NXDomain 0/1/0 (102) (DF)
16:01:50.853568 211.236.164.30.1916 > 218.38.xx.41.http: S 1119465237:1119465237(0) win 16384 (DF)
16:01:50.853590 218.38.xx.41.http > 211.236.164.30.1916: R 0:0(0) ack 1119465238 win 0 (DF)
16:01:50.853766 218.38.xx.41.34573 > kns.kornet.net.domain:  36333+ PTR? 30.164.236.211.in-addr.arpa. (45) (DF)
16:01:50.874159 kns.kornet.net.domain > 218.38.xx.41.34573:  36333 NXDomain* 0/1/0 (95) (DF)
16:01:50.977481 802.1d config 813a.00:0b:5f:a7:b4:00.8005 root 013a.00:0d:ed:41:a3:c0 pathcost 4 age 1 max 20 hello 2 fdelay 15
16:01:51.259509 222.99.112.40.3634 > 218.38.xx.41.http: S 2406225686:2406225686(0) win 64240 (DF)
16:01:51.259526 218.38.xx.41.http > 222.99.112.40.3634: R 0:0(0) ack 1 win 0 (DF)
16:01:51.343910 211.236.164.30.1916 > 218.38.xx.41.http: S 1119465237:1119465237(0) win 16384 (DF)
16:01:51.343924 218.38.xx.41.http > 211.236.164.30.1916: R 0:0(0) ack 1 win 0 (DF)
16:01:51.679091 CDP v2, ttl=180s DevID 'GI' Addr (1): IPv4 218.38.19.194 PortID 'FastEthernet0/5' CAP 0x28[|cdp]
16:01:51.714776 0:b:5f:a7:b4:5 > 1:0:c:cc:cc:cc snap ui/C len=35
16:01:51.760703 arp who-has 218.38.12.22 tell 218.38.12.1
16:01:51.760965 218.38.xx.41.34573 > kns.kornet.net.domain:  36334+ PTR? 22.12.38.218.in-addr.arpa. (43) (DF)
16:01:52.136536 218.156.225.213.4922 > 218.38.xx.41.http: S 25365306:25365306(0) win 32120
16:01:52.136551 218.38.xx.41.http > 218.156.225.213.4922: R 0:0(0) ack 25365307 win 0 (DF)
16:01:52.620925 218.156.225.213.4922 > 218.38.xx.41.http: S 25365306:25365306(0) win 32120
16:01:52.620936 218.38.xx.41.http > 218.156.225.213.4922: R 0:0(0) ack 1 win 0 (DF)
16:01:52.978026 802.1d config 813a.00:0b:5f:a7:b4:00.8005 root 013a.00:0d:ed:41:a3:c0 pathcost 4 age 1 max 20 hello 2 fdelay 15
16:01:53.121137 218.156.225.213.4922 > 218.38.xx.41.http: S 25365306:25365306(0) win 32120
16:01:53.121147 218.38.xx.41.http > 218.156.225.213.4922: R 0:0(0) ack 1 win 0 (DF)
16:01:53.620749 218.156.225.213.4922 > 218.38.xx.41.http: S 25365306:25365306(0) win 32120
16:01:53.620760 218.38.xx.41.http > 218.156.225.213.4922: R 0:0(0) ack 1 win 0 (DF)