During a routine check, a security analyst notices that several outbound connections to unfamiliar external IP addresses have been made from a server within the company's network. There is no documented business need for these communications. Which tool should the analyst use to capture and analyze the traffic between the server and these IP addresses for further investigation?
WHOIS
tcpdump
Wireshark
Simple Network Management Protocol (SNMP)