From ec2bbc43a4c403c9c751693dc93bff567c37b68e Mon Sep 17 00:00:00 2001
From: Yaro Kasear <git@kasear.net>
Date: Fri, 11 Apr 2025 09:33:51 -0500
Subject: [PATCH] Let's start using pcaps.

---
 kismet_enrich_from_pcap.py | 24 ++++++++++++++++++++++++
 runtest.sh                 | 10 +++++++---
 2 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/kismet_enrich_from_pcap.py b/kismet_enrich_from_pcap.py
index 55e2439..1109f7a 100755
--- a/kismet_enrich_from_pcap.py
+++ b/kismet_enrich_from_pcap.py
@@ -45,6 +45,30 @@ def get_clients_on_ap(capture, ap_bssid):
 
     return len(clients)
 
+def get_clients_on_channel(capture, ap_channel, ap_bssid):
+    clients = set()
+    ap_bssid = ap_bssid.lower()  # Normalize for comparison
+    ap_channel = str(ap_channel)  # Ensure channel is a string for comparison
+
+    for packet in capture:
+        try:
+            if not hasattr(packet, 'wlan'): 
+                continue
+
+            channel = getattr(packet.wlan, 'channel', None)
+            sa = getattr(packet.wlan, 'sa', '').lower()
+            da = getattr(packet.wlan, 'da', '').lower()
+            bssid = getattr(packet.wlan, 'bssid', '').lower()
+
+            # Check if the packet is on the specified channel and not from the AP
+            if channel == ap_channel and (sa != ap_bssid and da != ap_bssid):
+                clients.add(sa)
+                clients.add(da)
+
+        except AttributeError:
+            continue
+
+    return len(clients)
 
 def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
     
diff --git a/runtest.sh b/runtest.sh
index 9a6e651..36ab2d3 100755
--- a/runtest.sh
+++ b/runtest.sh
@@ -20,8 +20,12 @@ sudo -v
 while true; do sudo -n true; sleep 60; done 2>/dev/null &
 SUDO_KEEPALIVE_PID=$!
 
+echo "Starting kismet..."
+
 sudo systemctl start kismet
 
+echo "Saturating the capture..."
+
 sleep $LEAD_TIME
 
 # Function to get current TX failed count
@@ -100,14 +104,14 @@ done
 
 echo "Enriching the data..."
 
-KISMET_LOG=$(find ~/kismet_logs -type f -name "*.kismet" -printf "%T@ %p\n" | sort -n | tail -1 | cut -d' ' -f2-)
+KISMET_LOG=$(find ~/kismet_logs -type f -name "*.pcapng" -printf "%T@ %p\n" | sort -n | tail -1 | cut -d' ' -f2-)
 
 if [ -z "$KISMET_LOG" ] || [ ! -f "$KISMET_LOG" ]; then
-  echo "[!] Kismet log file not found."
+  echo "[!] Packet capture not found."
   exit 1
 fi
 
-python3 $SCRIPT_DIRECTORY/kismet_enrich_csv.py --csv $TEST_FILE --kismet "$KISMET_LOG" --output "$ENRICHED_FILE"
+python3 $SCRIPT_DIRECTORY/kismet_enrich_from_pcap.py --csv $TEST_FILE --pcapng "$KISMET_LOG" --output "$ENRICHED_FILE"
 
 # Final email with attachment
 echo "The test with UID ${BOOT_ID} is complete. Please collect the probe. Data is attached." | \