From 295f17bd91d99715e16beafcfd654db6bf3a8d24 Mon Sep 17 00:00:00 2001
From: Yaro Kasear <git@kasear.net>
Date: Thu, 10 Apr 2025 16:14:05 -0500
Subject: [PATCH] Trying to shake out Clients on AP.

---
 kismet_enrich_from_pcap.py | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/kismet_enrich_from_pcap.py b/kismet_enrich_from_pcap.py
index 7c738d9..f90574b 100755
--- a/kismet_enrich_from_pcap.py
+++ b/kismet_enrich_from_pcap.py
@@ -20,29 +20,32 @@ def convert_timestamp_to_epoch(ts_string):
     
 def get_clients_on_ap(capture, ap_bssid):
     clients = set()
+    ap_bssid = ap_bssid.lower()  # Normalize for comparison
 
     for packet in capture:
         try:
             if not hasattr(packet, 'wlan'):
                 continue
 
-            sa = packet.wlan.sa
-            da = getattr(packet.wlan, 'da', None)
-            bssid = getattr(packet.wlan, 'bssid', None)
+            sa = getattr(packet.wlan, 'sa', '').lower()
+            da = getattr(packet.wlan, 'da', '').lower()
+            bssid = getattr(packet.wlan, 'bssid', '').lower()
 
-            # Skip if AP is the sender
-            if sa == ap_bssid:
-                continue
-
-            # Count if the AP is the target or part of the BSSID context
-            if da == ap_bssid or bssid == ap_bssid:
-                clients.add(sa)
+            # Count any frame *to or from* a client, if AP is involved
+            if bssid == ap_bssid or sa == ap_bssid or da == ap_bssid:
+                # If it's the AP sending, add the destination (client)
+                if sa == ap_bssid and da and da != ap_bssid:
+                    clients.add(da)
+                # If it's the client sending, add the source
+                elif sa and sa != ap_bssid:
+                    clients.add(sa)
 
         except AttributeError:
             continue
 
     return len(clients)
 
+
 def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
     
     cap = pyshark.FileCapture(