Gather clients on AP.

2025-04-10 15:46:04 -05:00 · 2025-04-10 15:46:04 -05:00 · 4028d92e61
commit 4028d92e61
parent 07ca7ddcfd
1 changed files with 43 additions and 6 deletions
--- a/kismet_enrich_from_pcap.py
+++ b/kismet_enrich_from_pcap.py
@ -17,17 +17,54 @@ def convert_timestamp_to_epoch(ts_string):
    except Exception as e:
        print(f"[!] Failed to parse timestamp: {ts_string}")
        return None
+    
+def get_clients_on_ap(capture, ap_bssid):
+    clients = set()
+
+    for packet in capture:
+        try:
+            if not hasattr(packet, 'wlan'):
+                continue
+
+            sa = packet.wlan.sa
+            da = getattr(packet.wlan, 'da', None)
+            bssid = getattr(packet.wlan, 'bssid', None)
+
+            # Skip if AP is the sender
+            if sa == ap_bssid:
+                continue
+
+            # Count if the AP is the target or part of the BSSID context
+            if da == ap_bssid or bssid == ap_bssid:
+                clients.add(sa)
+
+        except AttributeError:
+            continue
+
+    return len(clients)
+
+def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
+    
+    cap = pyshark.FileCapture(
+        pcapng_path,
+        display_filter=f'time >= {start_ts} && time <= {end_ts}',
+        use_json=True,
+        include_raw=False
+    )
+
+    clients_on_ap = get_clients_on_ap(cap, ap_bssid.lower())

-def analyze_pcap(pcapng_path, start_ts, end_ts):
    # Placeholder: Logic will be added for:
-    # - ClientsOnAP
    # - ClientsOnChannel
    # - APsOnChannel
    # - CongestionScore
    # - AvgAPSignal
    # - StrongestAPSignal
    # - UnlinkedDevices
-    return 0, 0, 0, None, None, None, 0
+
+    cap.close()
+
+    return clients_on_ap, 0, 0, None, None, None, 0

 def main():
    args = parse_args()
@ -51,8 +88,6 @@ def main():
    finally:
        cap.close()

-    return
-
    with open(args.csv, newline='') as infile, open(args.output, 'w', newline='', encoding='utf-8') as outfile:
        reader = csv.DictReader(infile)
        fieldnames = reader.fieldnames + [
@ -65,12 +100,14 @@ def main():
        for row in reader:
            tstart = convert_timestamp_to_epoch(row.get("StartTimestamp"))
            tend = convert_timestamp_to_epoch(row.get("EndTimestamp"))
+            ap_bssid = row.get("BSSID", "").strip().lower()
+            ap_channel = row.get("Channel")

            if not tstart or not tend:
                writer.writerow(row)
                continue

-            clients_ap, clients_chan, aps_chan, congestion, avg_signal, strongest_signal, unlinked = analyze_pcap(args.pcapng, tstart, tend)
+            clients_ap, clients_chan, aps_chan, congestion, avg_signal, strongest_signal, unlinked = analyze_pcap(args.pcapng, tstart, tend, ap_bssid, ap_channel)

            row.update({
                'ClientsOnAP': clients_ap,