Since days we have the following entries in the Advanced Thread Protection
We want to find out which host in our network is communicating to IP 220.127.116.11 over a Unix/Linux shell with
tcpdump -nei any port 53 dst 18.104.22.168 -n -s0 -w /var/sec/chroot-httpd/var/webadmin/tcpdump.pcap
Is this a way? Are there any other ways?