I'm still concerned about making two dns queries for every tcp handshake. Possibly put unbound between sniffle and authoritative DNS? More info here. It should be pretty straightforward to make a local only caching DNS server, bind it to localhost and query that instead of the ISP.
mmirabent
commented
8 years ago
Make the command line flag actually do something. In this case, replace the IP addresses in the output with DNS names.