Add SSID summary generation and export to analyze_pcap function for enhanced metrics reporting

2025-04-17 10:29:11 -05:00 · 2025-04-17 10:29:11 -05:00 · 58abd38c3c
commit 58abd38c3c
parent 246dfb7aee
1 changed files with 37 additions and 3 deletions
--- a/enrich.py
+++ b/enrich.py
@ -392,13 +392,30 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
        max_ssid_signal = max(ssid_signals[our_ssid]) if our_ssid in ssid_signals else 0
        num_channels_ssid = len(ssid_to_bssids[our_ssid]) if our_ssid in ssid_to_bssids else 0

+        # Generate SSID summary sidecar
+        ssid_summary = []
+        for ssid, bssids in ssid_to_bssids.items():
+            signals = ssid_signals.get(ssid, [])
+            ssid_summary.append({
+                'SSID': ssid,
+                'BSSID_Count': len(bssids),
+                'Avg_Signal': mean(signals) if signals else 0,
+                'Max_Signal': max(signals) if signals else 0,
+                'Min_Signal': min(signals) if signals else 0,
+                'Clients_Seen': len(ssid_clients.get(ssid, [])),
+                'CiscoAvgClients': round(mean(cisco_reported_clients), 2) if cisco_reported_clients else 0,
+                'CiscoMaxClients': max(cisco_reported_clients) if cisco_reported_clients else 0
+            })
+
+
    finally:
        cap.close()

    return (clients_on_ap, clients_on_channel, aps_on_channel, 
            avg_ap_signal, max_ap_signal, unlinked_devices, 
            cisco_avg_reported_clients, cisco_max_reported_clients, num_bssids,
-            average_signal, max_ssid_signal, num_channels_ssid)
+            average_signal, max_ssid_signal, num_channels_ssid,
+            ssid_summary)

 def main():
    args = parse_args()
@ -443,7 +460,11 @@ def main():
                writer.writerow(row)
                continue

-            clients_ap, clients_chan, aps_chan, avg_signal, strongest_signal, unlinked, cisco_avg_reported_clients, cisco_max_reported_clients, num_bssids, average_signal, max_ssid_signal = analyze_pcap(args.pcapng, tstart, tend, ap_bssid, ap_channel)
+            clients_ap, clients_chan, aps_chan, \
+            avg_signal, strongest_signal, unlinked, \
+            cisco_avg_reported_clients, cisco_max_reported_clients, num_bssids, \
+            average_signal, max_ssid_signal, num_channels_ssid, \
+            ssid_summary = analyze_pcap(args.pcapng, tstart, tend, ap_bssid, ap_channel)

            row.update({
                'ClientsOnAP': clients_ap,
@ -457,11 +478,24 @@ def main():
                'NumberofBSSIDs': num_bssids,
                'AvgSSIDSignal': average_signal,
                'MaxSSIDSignal': max_ssid_signal,
-                'NumberofChannelsOnSSID': num_bssids
+                'NumberofChannelsOnSSID': num_channels_ssid
            })

            writer.writerow(row)

+        # Dump SSID metrics sidecar
+        if ssid_summary:
+            ssid_outfile = args.output.replace('.csv+rf.csv', '-ssid-metrics.csv')
+            with open(ssid_outfile, 'w', newline='', encoding='utf-8') as f:
+                fieldnames = [
+                    'SSID', 'BSSID_Count', 'Avg_Signal', 'Max_Signal', 
+                    'Min_Signal', 'Clients_Seen', 'CiscoAvgClients', 'CiscoMaxClients'
+                ]
+                ssid_writer = csv.DictWriter(f, fieldnames=fieldnames)
+                ssid_writer.writeheader()
+                for row in ssid_summary:
+                    ssid_writer.writerow(row)
+
    print(f"[+] Enrichment complete: {args.output}")

 if __name__ == "__main__":