yaro/wifi_test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor ghost client detection in _count_unlinked_devices to improve clarity and accuracy

Browse source
This commit is contained in:
Yaro Kasear 2025-04-29 12:53:53 -05:00
parent a1cc33e842
commit 6958e22088
1 changed files with 25 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

24
enrichment/indexed_capture.py
View file

@ -247,7 +247,7 @@ class IndexedCapture:
def _count_unlinked_devices(self, packets, ap_channel): def _count_unlinked_devices(self, packets, ap_channel):
aps = self.channel_to_aps.get(ap_channel, set()) aps = self.channel_to_aps.get(ap_channel, set())
ghost_clients = set() ghost_candidates = set()
for packet in packets: for packet in packets:
try: try:
@ -257,17 +257,33 @@ class IndexedCapture:
radio = packet.radiotap radio = packet.radiotap
wlan = packet.wlan wlan = packet.wlan
# Must be on our AP's channel
if hasattr(radio, 'channel') and hasattr(radio.channel, 'freq'):
freq = int(radio.channel.freq)
packet_channel = get_channel_from_freq(freq)
if packet_channel != ap_channel:
continue
else:
continue
sa = getattr(wlan, 'sa', '').lower() sa = getattr(wlan, 'sa', '').lower()
da = getattr(wlan, 'da', '').lower() da = getattr(wlan, 'da', '').lower()
bssid = getattr(wlan, 'bssid', '').lower()
# If the packet is *talking to* any known AP, it's **linked**, not ghost
if sa in aps or da in aps or bssid in aps:
continue # Legit traffic, skip
# Otherwise, these are "ghost candidates"
for mac in (sa, da): for mac in (sa, da):
if mac and mac != 'ff:ff:ff:ff:ff:ff' and mac not in aps: if mac and mac != 'ff:ff:ff:ff:ff:ff':
ghost_clients.add(mac) ghost_candidates.add(mac)
except Exception: except Exception:
continue continue
return len(ghost_clients) return len(ghost_candidates)
def _cisco_avg_clients(self, ssid): def _cisco_avg_clients(self, ssid):
if ssid in self.cisco_ssid_clients: if ssid in self.cisco_ssid_clients: