I have a wireshark pcapng file with some network scan results. I want to the following fields: source ip, destination ip, source hostname, destination hostname and protocol.
When I open the file with Wireshark, I can get the hostnames by going to Edit->Preferences->Name Resolution-> Resolve Network IP addresses. Then I can export results as csv.
However, I want to write code to do that because I will need to export results from hundreds of files. I'm using pyshark/tshark to get the results.
I specify -Nn in parameters so that name resolution is enabled in the underlying tshark command. (see documentation: https://tshark.dev/packetcraft/add_context/name_resolution/)
However, when I get the results this way, the hostname is the same as IP address, instead of example.com.
Everything works fine when I export data manually from wireshark, but it doesn't when I try to do this with code. I am 100% sure that I pull correct fields from the packet data (ip.src_host field in this case).
Did anyone experience similar issue?