diff --git a/enrich.py b/enrich.py index 062d100..58073e8 100755 --- a/enrich.py +++ b/enrich.py @@ -318,52 +318,59 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): try: if 'radiotap' not in packet or 'wlan' not in packet: continue - + radio = packet.radiotap wlan = packet.wlan if not hasattr(radio.channel, 'freq'): continue - + packet_freq = int(radio.channel.freq) packet_channel = get_channel_from_freq(packet_freq) subtype = int(getattr(wlan, 'type_subtype', 0), 16) if subtype not in (5, 8): # Probe Response or Beacon continue - + + # Grab management layer once try: mgt = packet.get_multiple_layers('wlan.mgt')[0] tags = mgt._all_fields.get('wlan.tagged.all', {}).get('wlan.tag', []) - ssid = None + except Exception as e: + print(f"[DEBUG] Error accessing wlan.mgt tags: {e}") + continue - for tag in tags: - if tag.get('wlan.tag.number') == '0' and 'wlan.ssid' in tag: + ssid = None + for tag in tags: + tag_number = tag.get('wlan.tag.number') + + # SSID + if tag_number == '0' and 'wlan.ssid' in tag: + try: raw_ssid = tag['wlan.ssid'] ssid_bytes = bytes.fromhex(raw_ssid.replace(':', '')) ssid = ssid_bytes.decode('utf-8', errors='replace') - elif tag.get('wlan.tag.number') == '133': - try: - num_clients = int(tag.get('wlan.cisco.ccx1.clients')) - cisco_reported_clients.append(num_clients) - except (TypeError, ValueError): - pass # Garbage? We ignore it. - - if not ssid: - print("[DEBUG] No SSID found in tags.") - continue - except Exception as e: - print(f"[DEBUG] Error parsing SSID or Cisco client count: {e}") + except Exception as e: + print(f"[DEBUG] Error decoding SSID: {e}") + ssid = None + + # Cisco Client Count + if tag_number == '133': + try: + num_clients = int(tag.get('wlan.cisco.ccx1.clients')) + cisco_reported_clients.append(num_clients) + except (TypeError, ValueError): + pass + + if not ssid: + print("[DEBUG] No SSID found in tags.") continue - - + bssid = getattr(wlan, 'bssid', '').lower() - - # For debugging purposes, print the SSID and BSSID - print(f"SSID: {ssid}, BSSID: {bssid}") - - if not ssid or not bssid or bssid == 'ff:ff:ff:ff:ff:ff': + if not bssid or bssid == 'ff:ff:ff:ff:ff:ff': continue + + print(f"SSID: {ssid}, BSSID: {bssid}") bssid_to_ssid[bssid] = ssid ssid_to_bssids[ssid].add(bssid) @@ -371,7 +378,9 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): signal = getattr(radio, 'dbm_antsignal', None) if signal: ssid_signals[ssid].append(int(signal)) - except: + + except Exception as e: + print(f"[DEBUG] General packet parse error: {e}") continue print(f"[DEBUG] SSID to BSSIDs: {ssid_to_bssids}")