I'm still concerned about making two dns queries for every tcp handshake. Possibly put unbound between sniffle and authoritative DNS? More info here. It should be pretty straightforward to make a local only caching DNS server, bind it to localhost and query that instead of the ISP.
Make the command line flag actually do something. In this case, replace the IP addresses in the output with DNS names.