Add SSID summary generation and export to analyze_pcap function for enhanced metrics reporting

2025-04-17 10:29:11 -05:00 · 2025-04-17 10:29:11 -05:00 · 58abd38c3c
commit 58abd38c3c
parent 246dfb7aee
1 changed files with 37 additions and 3 deletions
--- a/enrich.py
+++ b/enrich.py
@ -392,13 +392,30 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
        max_ssid_signal = max(ssid_signals[our_ssid]) if our_ssid in ssid_signals else 0
        num_channels_ssid = len(ssid_to_bssids[our_ssid]) if our_ssid in ssid_to_bssids else 0
        # Generate SSID summary sidecar
        ssid_summary = []
        for ssid, bssids in ssid_to_bssids.items():
            signals = ssid_signals.get(ssid, [])
            ssid_summary.append({
                'SSID': ssid,
                'BSSID_Count': len(bssids),
                'Avg_Signal': mean(signals) if signals else 0,
                'Max_Signal': max(signals) if signals else 0,
                'Min_Signal': min(signals) if signals else 0,
                'Clients_Seen': len(ssid_clients.get(ssid, [])),
                'CiscoAvgClients': round(mean(cisco_reported_clients), 2) if cisco_reported_clients else 0,
                'CiscoMaxClients': max(cisco_reported_clients) if cisco_reported_clients else 0
            })
    finally:
        cap.close()
    return (clients_on_ap, clients_on_channel, aps_on_channel, 
            avg_ap_signal, max_ap_signal, unlinked_devices, 
            cisco_avg_reported_clients, cisco_max_reported_clients, num_bssids,
-            average_signal, max_ssid_signal, num_channels_ssid)
+            average_signal, max_ssid_signal, num_channels_ssid,
            ssid_summary)
 def main():
    args = parse_args()
@ -443,7 +460,11 @@ def main():
                writer.writerow(row)
                continue
-            clients_ap, clients_chan, aps_chan, avg_signal, strongest_signal, unlinked, cisco_avg_reported_clients, cisco_max_reported_clients, num_bssids, average_signal, max_ssid_signal = analyze_pcap(args.pcapng, tstart, tend, ap_bssid, ap_channel)
+            clients_ap, clients_chan, aps_chan, \
            avg_signal, strongest_signal, unlinked, \
            cisco_avg_reported_clients, cisco_max_reported_clients, num_bssids, \
            average_signal, max_ssid_signal, num_channels_ssid, \
            ssid_summary = analyze_pcap(args.pcapng, tstart, tend, ap_bssid, ap_channel)
            row.update({
                'ClientsOnAP': clients_ap,
@ -457,11 +478,24 @@ def main():
                'NumberofBSSIDs': num_bssids,
                'AvgSSIDSignal': average_signal,
                'MaxSSIDSignal': max_ssid_signal,
-                'NumberofChannelsOnSSID': num_bssids
+                'NumberofChannelsOnSSID': num_channels_ssid
            })
            writer.writerow(row)
        # Dump SSID metrics sidecar
        if ssid_summary:
            ssid_outfile = args.output.replace('.csv+rf.csv', '-ssid-metrics.csv')
            with open(ssid_outfile, 'w', newline='', encoding='utf-8') as f:
                fieldnames = [
                    'SSID', 'BSSID_Count', 'Avg_Signal', 'Max_Signal', 
                    'Min_Signal', 'Clients_Seen', 'CiscoAvgClients', 'CiscoMaxClients'
                ]
                ssid_writer = csv.DictWriter(f, fieldnames=fieldnames)
                ssid_writer.writeheader()
                for row in ssid_summary:
                    ssid_writer.writerow(row)
    print(f"[+] Enrichment complete: {args.output}")
 if __name__ == "__main__":