From 0129ddeaa253ca74dba2746fd757b6dd32c41b43 Mon Sep 17 00:00:00 2001
From: Yaro Kasear <git@kasear.net>
Date: Mon, 21 Apr 2025 15:23:34 -0500
Subject: [PATCH] Enhance analyze_pcap function to determine open status based
 on WLAN capabilities

---
 enrich.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/enrich.py b/enrich.py
index 6fff254..0708bde 100755
--- a/enrich.py
+++ b/enrich.py
@@ -345,7 +345,17 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
                 
                 ssid = None
                 hidden_ssid = False
+
                 is_open = True
+                capabilities = getattr(wlan, 'capabilities', None)
+
+                if capabilities:
+                    try:
+                        cap_int = int(capabilities, 16)
+                        if cap_int & 0x0010 == 0:
+                            is_open = False
+                    except ValueError:
+                        pass
 
                 for tag in tags:
                     tag_number = tag.get('wlan.tag.number')
@@ -369,9 +379,6 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
                                 cisco_ssid_clients[ssid].append(num_clients)
                         except (TypeError, ValueError):
                             pass
-
-                    if tag_number in {'48', '221'}:
-                        is_open = False
                         
                 if ssid:
                     ssid_hidden_status[ssid] = hidden_ssid