Enhance analyze_pcap function to track SSIDs and BSSIDs, and collect signal strengths for improved analysis

2025-04-16 08:50:16 -05:00 · 2025-04-16 08:50:16 -05:00 · 412d8762a5
commit 412d8762a5
parent 4154578c4e
1 changed files with 42 additions and 0 deletions
--- a/enrich.py
+++ b/enrich.py
@ -4,6 +4,7 @@ import csv
 from datetime import datetime
 import pyshark
 from statistics import mean
+from collections import defaultdict

 # United States regulatory domain channel lookup table

@ -296,6 +297,11 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
    max_ap_signal = 0
    unlinked_devices = 0

+    ssid_clients = defaultdict(set)
+    ssid_signals = defaultdict(list)
+    ssid_to_bssids = defaultdict(set)
+    bssid_to_ssid = {}
+
    try:
        # Filter packets manually by timestamp
        filtered_packets = []
@ -307,6 +313,42 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
            except Exception:
                continue

+        for packet in filtered_packets:
+            try:
+                if 'radiotap' not in packet or 'wlan' not in packet or 'wlan.mgt' not in packet:
+                    continue
+
+                radio = packet.radiotap
+                wlan = packet.wlan
+
+                if not hasattr(radio.channel, 'freq'):
+                    continue
+
+                packet_freq = int(radio.channel.freq)
+                packet_channel = get_channel_from_freq(packet_freq)
+
+                subtype = int(getattr(wlan, 'type_subtype', 0), 16)
+                if subtype not in (5, 8):  # Probe Response or Beacon
+                    continue
+
+                ssid = getattr(packet.wlan.mgt, 'ssid', None).strip()
+                bssid = getattr(wlan, 'bssid', '').lower()
+
+                # For debugging purposes, print the SSID and BSSID
+                print(f"SSID: {ssid}, BSSID: {bssid}")
+
+                if not ssid or not bssid or bssid == 'ff:ff:ff:ff:ff:ff':
+                    continue
+
+                bssid_to_ssid[bssid] = ssid
+                ssid_to_bssids[ssid].add(bssid)
+
+                signal = getattr(radio, 'dbm_antsignal', None)
+                if signal:
+                    ssid_signals[ssid].append(int(signal))
+            except:
+                continue
+
        clients_on_ap = get_clients_on_ap(filtered_packets, ap_bssid)
        clients_on_channel = get_clients_on_channel(filtered_packets, ap_channel, ap_bssid)
        aps_on_channel = get_aps_on_channel(filtered_packets, ap_channel)