def get_hostname_ip_from_pkt(self, pkt):
scapy_pkt = Ether(pkt)
if(len(scapy_pkt.layers()) < 4 or type(scapy_pkt[3]) != scapy.layers.dns.DNS):
# Not a DNS packet
return [("", "")]
else:
src = scapy_pkt[1].src
for dns in dns_servers:
if dns == src:
# if ipv6 we ignore for now
if scapy_pkt[3][1].getfieldval('qtype') == 28:
return [("", "")]
# DNS packet
try:
dns_answers = scapy_pkt[3]
count = dns_answers.ancount
host_ip_pairs = []
if count == 0:
return [("", "")]
for index in range(0, count):
host_ip_pairs.append((scapy_pkt[3][1].getfieldval('qname').decode('ascii'),
dns_answers.an[index].rdata))
return host_ip_pairs
except:
return [("", "")] # invalid website.
# else this is not dns reply
return [("", "")]
