tshark conversation statistic not resolving hostnames

Question

Executing the -z conv,ip command does not display the hostnames (like in wireshark). This happens on Fedora 17 and Windows 7. I execute the command, and after a bit of traffic was monitored, I stop tshark with Ctrl-C. After this the conversation table is printed.

Linux:

command: tshark -i 1 -N n -f "tcp or udp" -z conv,ip
OS: Fedora 17 x86
tshark version: 1.6.12
Solutions tried:
Ommiting -N
Using -N C

Windows:

command: tshark -i 2 -f "tcp or udp" -z conv,ip
OS: Windows 7 x64
tshark version: 1.8.4
Solutions tried:
Ommiting -N
Using -N C
Using -N n causes tshark error out: (tshark.exe:9692): CaptureChild-WARNING **: signal_pipe_capquit_to_child: 4 header: error Invalid argument

How do I make tshark -z conv,ip display resolve hostnames?

Accepted Answer

Having tshark showing resolved hostnames in the conversation statistic does not appear possible.

An alternative is to execute the following commands:

tshark -i 1 -N n -e ip.host -E separator=, -f "tcp or udp" -l > tshark_buffer

sort -u tshark_buffer -o tshark_buffer

Where the first command dumps packet information into a file named tshark_buffer, and the second command eliminates duplicate entries. The packet information is stored in the form host1,host2 on each line. However, the duplicate elimination will not catch entries with the hosts reversed (i.e. host2,host1).