def get_hostname_ip_from_pkt(self, pkt): scapy_pkt = Ether(pkt) if(len(scapy_pkt.layers()) < 4 or type(scapy_pkt[3]) != scapy.layers.dns.DNS): # Not a DNS packet return [("", "")] else: src = scapy_pkt[1].src for dns in dns_servers: if dns == src: # if ipv6 we ignore for now if scapy_pkt[3][1].getfieldval('qtype') == 28: return [("", "")] # DNS packet try: dns_answers = scapy_pkt[3] count = dns_answers.ancount host_ip_pairs = [] if count == 0: return [("", "")] for index in range(0, count): host_ip_pairs.append((scapy_pkt[3][1].getfieldval('qname').decode('ascii'), dns_answers.an[index].rdata)) return host_ip_pairs except: return [("", "")] # invalid website. # else this is not dns reply return [("", "")]