From 78a6b225fcdf2f584a0c55059ef170991662ebc0 Mon Sep 17 00:00:00 2001
From: Yaro Kasear <git@kasear.net>
Date: Wed, 16 Apr 2025 10:46:51 -0500
Subject: [PATCH] Refactor SSID extraction in analyze_pcap to handle tags and
 improve error handling

---
 enrich.py | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/enrich.py b/enrich.py
index c34e713..30d188c 100755
--- a/enrich.py
+++ b/enrich.py
@@ -334,13 +334,20 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
 
                 try:
                     mgt = packet.get_multiple_layers('wlan.mgt')[0]
-                    print(mgt._all_fields)
-                    ssid = mgt.get_field('ssid')
-                    if ssid is None:
-                        print("[DEBUG] SSID is None (explicitly)")
+                    ssid = None
+
+                    for tag in mgt.get_field('tag'):
+                        if tag.get('wlan.tag.number') == '0' and 'wlan.ssid' in tag:
+                            raw_ssid = tag['wlan.ssid']
+                            ssid_bytes = bytes.fromhex(raw_ssid.replace(':', ''))
+                            ssid = ssid_bytes.decode('utf-8', errors='replace')
+                            break
+
+                    if not ssid:
+                        print("[DEBUG] No SSID found in tags.")
                         continue
-                except (IndexError, AttributeError):
-                    print("Debug: No SSID found in packet, or I am terrible at parsing")
+                except Exception as e:
+                    print(f"[DEBUG] Error parsing SSID: {e}")
                     continue
 
                 bssid = getattr(wlan, 'bssid', '').lower()