I have a wireshark pcapng file with some network scan results. I want to the following fields: source ip, destination ip, source hostname, destination hostname and protocol.
When I open the file with Wireshark, I can get the hostnames by going to Edit->Preferences->Name Resolution-> Resolve Network IP addresses. Then I can export results as csv.
However, I want to write code to do that because I will need to export results from hundreds of files. I'm using pyshark to get the results:
import pyshark
capture = pyshark.FileCapture(<filepath>, custom_parameters={"-N", "n"})
result = []
for packet in capture
packet_data = [packet.ip.src, packet.ip.dst, packet.ip.src_host, packet.ip.dst_host, packet.transport_layer]
result.append(packet_data)
I specify -Nn in custom parameters so that name resolution is enabled in the underlying tshark command. (see documentation: https://tshark.dev/packetcraft/add_context/name_resolution/)
However, when I get the results this way, the hostname is the same as IP address, instead of example.com.
Everything works fine when I export data manually from wireshark, but it doesn't when I try to do this with code. I am 100% sure that I pull correct fields from the packet data.
Did anyone experience similar issue?