From 24d9783bb9f167199d2424f6e5fd85fe688bc1e0 Mon Sep 17 00:00:00 2001
From: Yaro Kasear <git@kasear.net>
Date: Mon, 28 Apr 2025 16:08:05 -0500
Subject: [PATCH] Fix display filter typo and add error handling for packet
 filtering in analyze_pcap function

---
 enrich.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/enrich.py b/enrich.py
index 58f1750..39a50f6 100755
--- a/enrich.py
+++ b/enrich.py
@@ -30,7 +30,7 @@ def parse_args():
 
 def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
     display_filter = (
-        "(wlan.fx.type_subtype == 8 || wlan.fx.type_subtype == 5 || wlan.fc.type == 2) && "
+        "(wlan.fc.type_subtype == 8 || wlan.fc.type_subtype == 5 || wlan.fc.type == 2) && "
         "(wlan.bssid || wlan.sa || wlan.da)"
     )
     cap = pyshark.FileCapture(
@@ -61,7 +61,11 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
     ssid_packet_counts = defaultdict(int)
 
     try:
-        filtered_packets = filter_by_time(cap, start_ts, end_ts)
+        try:
+            filtered_packets = filter_by_time(cap, start_ts, end_ts)
+        except Exception as e:
+            print(f"[!] Error filtering packets: {e}")
+            filtered_packets = []
 
         (
             bssid_to_ssid,