I suspect, though I have no evidence to prove this, that this flag will slow down live capture considerably, because every matched packet will cause two DNS queries, which means four DNS queries for every tcp connection. It might be best to only use this on pcap files where we won't drop packets waiting for one to be processed.
All that being said, the reverse dns flag works now.
I suspect, though I have no evidence to prove this, that this flag will slow down live capture considerably, because every matched packet will cause two DNS queries, which means four DNS queries for every tcp connection. It might be best to only use this on pcap files where we won't drop packets waiting for one to be processed.
All that being said, the reverse dns flag works now.