yaro/wifi_test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor ghost client detection in _count_unlinked_devices to improve clarity and accuracy

Browse source
This commit is contained in:
Yaro Kasear 2025-04-29 12:53:53 -05:00
parent a1cc33e842
commit 6958e22088
1 changed files with 25 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

34
enrichment/indexed_capture.py
View file

@ -247,27 +247,43 @@ class IndexedCapture:
def _count_unlinked_devices(self, packets, ap_channel):
aps = self.channel_to_aps.get(ap_channel, set())
ghost_clients = set()
ghost_candidates = set()
for packet in packets:
try:
if 'radiotap' not in packet or 'wlan' not in packet:
continue
radio = packet.radiotap
wlan = packet.wlan
# Must be on our AP's channel
if hasattr(radio, 'channel') and hasattr(radio.channel, 'freq'):
freq = int(radio.channel.freq)
packet_channel = get_channel_from_freq(freq)
if packet_channel != ap_channel:
continue
else:
continue
sa = getattr(wlan, 'sa', '').lower()
da = getattr(wlan, 'da', '').lower()
bssid = getattr(wlan, 'bssid', '').lower()
# If the packet is *talking to* any known AP, it's **linked**, not ghost
if sa in aps or da in aps or bssid in aps:
continue # Legit traffic, skip
# Otherwise, these are "ghost candidates"
for mac in (sa, da):
if mac and mac != 'ff:ff:ff:ff:ff:ff' and mac not in aps:
ghost_clients.add(mac)
if mac and mac != 'ff:ff:ff:ff:ff:ff':
ghost_candidates.add(mac)
except Exception:
continue
return len(ghost_candidates)
return len(ghost_clients)
def _cisco_avg_clients(self, ssid):
if ssid in self.cisco_ssid_clients: