From ddc27d9313f0b6affc94d801915c4309c6d62be3 Mon Sep 17 00:00:00 2001 From: Yaro Kasear Date: Mon, 21 Apr 2025 15:32:29 -0500 Subject: [PATCH] Enhance analyze_pcap function to track SSID encryption status and improve handling of hidden SSIDs --- enrich.py | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/enrich.py b/enrich.py index 0708bde..470a303 100755 --- a/enrich.py +++ b/enrich.py @@ -318,6 +318,8 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): except Exception: continue + ssid_encryption_status = {} + for packet in filtered_packets: try: if 'radiotap' not in packet or 'wlan' not in packet: @@ -333,30 +335,28 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): packet_channel = get_channel_from_freq(packet_freq) subtype = int(getattr(wlan, 'type_subtype', 0), 16) - if subtype not in (5, 8): # Probe Response or Beacon + if subtype not in (5, 8): # Beacon or Probe Response continue - # Grab management layer once try: mgt = packet.get_multiple_layers('wlan.mgt')[0] tags = mgt._all_fields.get('wlan.tagged.all', {}).get('wlan.tag', []) - except Exception as e: + except Exception: continue ssid = None hidden_ssid = False + is_open = True # Assume open until proven encrypted - is_open = True capabilities = getattr(wlan, 'capabilities', None) - if capabilities: try: cap_int = int(capabilities, 16) - if cap_int & 0x0010 == 0: + if (cap_int & 0x0010): # Privacy bit set = not open is_open = False except ValueError: pass - + for tag in tags: tag_number = tag.get('wlan.tag.number') @@ -379,7 +379,6 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): cisco_ssid_clients[ssid].append(num_clients) except (TypeError, ValueError): pass - if ssid: ssid_hidden_status[ssid] = hidden_ssid ssid_packet_counts[ssid] += 1 @@ -391,14 +390,17 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): cisco_reported_clients.append(num_clients) except (TypeError, ValueError): pass - if not ssid: continue + ssid_hidden_status[ssid] = hidden_ssid + ssid_encryption_status[ssid] = is_open + ssid_packet_counts[ssid] += 1 + bssid = getattr(wlan, 'bssid', '').lower() if not bssid or bssid == 'ff:ff:ff:ff:ff:ff': continue - + bssid_to_ssid[bssid] = ssid ssid_to_bssids[ssid].add(bssid) @@ -406,9 +408,10 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): if signal: ssid_signals[ssid].append(int(signal)) - except Exception as e: + except Exception: continue + our_ssid = bssid_to_ssid.get(ap_bssid, None) clients_on_ap = get_clients_on_ap(filtered_packets, ap_bssid) @@ -430,7 +433,7 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): ssid_summary.append({ 'SSID': ssid, 'Hidden': ssid == '', - 'Open': is_open, + 'Open': ssid_encryption_status.get(ssid, True), 'BSSID_Count': len(bssids), 'BSSIDs': ";".join(sorted(bssids)), 'Avg_Signal': mean(signals) if signals else 0,