yaro/wifi_test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor Cisco client data extraction in management frame processing to improve clarity and add debug output for client reports

Browse source
This commit is contained in:
Yaro Kasear 2025-04-29 14:33:45 -05:00
parent 5ba7e701d5
commit e81b0fefd4
1 changed files with 26 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

36
enrichment/indexed_capture.py
View file

@ -79,11 +79,16 @@ class IndexedCapture:
ssid = None ssid = None
hidden_ssid = False hidden_ssid = False
num_clients = None
privacy_bit = mgt._all_fields.get('wlan_mgt.fixed.capabilities.privacy') privacy_bit = mgt._all_fields.get('wlan_mgt.fixed.capabilities.privacy')
is_open = (str(privacy_bit) != '1') is_open = (str(privacy_bit) != '1')
# First: extract SSID and Cisco client info independently
for tag in tags: for tag in tags:
if tag.get('wlan.tag.number') == '0': tag_number = tag.get('wlan.tag.number')
if tag_number == '0':
raw_ssid = tag.get('wlan.ssid', '') raw_ssid = tag.get('wlan.ssid', '')
if not raw_ssid: if not raw_ssid:
hidden_ssid = True hidden_ssid = True
@ -95,40 +100,43 @@ class IndexedCapture:
except Exception: except Exception:
ssid = None ssid = None
if tag.get('wlan.tag.number') == '133': if tag_number == '133':
try: try:
num_clients = int(tag.get('wlan.cisco.ccx1.clients')) num_clients = int(tag.get('wlan.cisco.ccx1.clients'))
timestamp = float(packet.frame_info.time_epoch)
if ssid:
self.cisco_ssid_clients[ssid].append((timestamp, num_clients))
self.cisco_reported_clients.append(num_clients)
except (TypeError, ValueError): except (TypeError, ValueError):
pass num_clients = None
if not ssid:
return
# Now that we have them parsed, update structures
if ssid:
self.ssid_hidden_status[ssid] = hidden_ssid self.ssid_hidden_status[ssid] = hidden_ssid
self.ssid_encryption_status.setdefault(ssid, is_open) self.ssid_encryption_status.setdefault(ssid, is_open)
self.ssid_packet_counts[ssid] += 1 self.ssid_packet_counts[ssid] += 1
if num_clients is not None:
timestamp = float(packet.frame_info.time_epoch)
self.cisco_ssid_clients[ssid].append((timestamp, num_clients))
self.cisco_reported_clients.append(num_clients)
print(f"[DEBUG] Indexed {len(self.cisco_reported_clients)} Cisco client reports for SSID {ssid}.")
bssid = getattr(wlan, 'bssid', '').lower() bssid = getattr(wlan, 'bssid', '').lower()
if not bssid or bssid == 'ff:ff:ff:ff:ff:ff': if not bssid or bssid == 'ff:ff:ff:ff:ff:ff':
return return
if ssid:
self.bssid_to_ssid[bssid] = ssid self.bssid_to_ssid[bssid] = ssid
self.ssid_to_bssids[ssid].add(bssid) self.ssid_to_bssids[ssid].add(bssid)
signal = getattr(radio, 'dbm_antsignal', None) signal = getattr(radio, 'dbm_antsignal', None)
if signal: if signal:
self.ssid_signals[ssid].append(int(signal)) signal = int(signal)
if ssid:
self.ssid_signals[ssid].append(signal)
self.packet_signals_by_channel[channel].append(signal)
self.channel_to_aps[channel].add(bssid) self.channel_to_aps[channel].add(bssid)
if signal:
self.packet_signals_by_channel[channel].append(int(signal))
except Exception as e: except Exception as e:
pass pass # (silently drop malformed packets)
def get_packets_in_time_range(self, start_ts, end_ts): def get_packets_in_time_range(self, start_ts, end_ts):
# This is fast because packet timestamps were recorded at load # This is fast because packet timestamps were recorded at load