diff --git a/enrich.py b/enrich.py index b5d70e3..062d100 100755 --- a/enrich.py +++ b/enrich.py @@ -332,45 +332,30 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): if subtype not in (5, 8): # Probe Response or Beacon continue - try: mgt = packet.get_multiple_layers('wlan.mgt')[0] + tags = mgt._all_fields.get('wlan.tagged.all', {}).get('wlan.tag', []) ssid = None - - for tag in mgt.get_field('tag'): + + for tag in tags: if tag.get('wlan.tag.number') == '0' and 'wlan.ssid' in tag: raw_ssid = tag['wlan.ssid'] ssid_bytes = bytes.fromhex(raw_ssid.replace(':', '')) ssid = ssid_bytes.decode('utf-8', errors='replace') - break - + elif tag.get('wlan.tag.number') == '133': + try: + num_clients = int(tag.get('wlan.cisco.ccx1.clients')) + cisco_reported_clients.append(num_clients) + except (TypeError, ValueError): + pass # Garbage? We ignore it. + if not ssid: print("[DEBUG] No SSID found in tags.") continue except Exception as e: - print(f"[DEBUG] Error parsing SSID: {e}") + print(f"[DEBUG] Error parsing SSID or Cisco client count: {e}") continue - try: - mgt = packet.get_multiple_layers('wlan.mgt')[0] - if hasattr(mgt, 'get_field'): - tags = mgt._all_fields.get('wlan.tagged.all', {}).get('wlan.tag', []) - if not tags: - print("[DEBUG] wlan.mgt present, but no tags parsed.") - - if tags and isinstance(tags, list): - for tag in tags: - if tag.get('wlan.tag.number') == '133': - try: - num_clients = int(tag.get('wlan.cisco.ccx1.clients')) - except (TypeError, ValueError): - num_clients = 0 - - cisco_reported_clients.append(num_clients) - break - except Exception as e: - print(f"[DEBUG] Could not parse Cisco client count: {e}") - cisco_reported_clients = None bssid = getattr(wlan, 'bssid', '').lower()