Adding pcap analysis since kismet logs seem unreliable.
This commit is contained in:
Yaro Kasear
parent
18f928a81e
commit
fff377afd0
2 changed files with 71 additions and 0 deletions
68
kismet_enrich_from_pcap.py
Normal file
68
kismet_enrich_from_pcap.py
Normal file
|
|
@ -0,0 +1,68 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
import argparse
|
||||||
|
import csv
|
||||||
|
from datetime import datetime
|
||||||
|
import pyshark
|
||||||
|
|
||||||
|
def parse_args():
|
||||||
|
parser = argparse.ArgumentParser()
|
||||||
|
parser.add_argument('--csv', required=True, help='Input speedtest CSV')
|
||||||
|
parser.add_argument('--pcapng', required=True, help='Kismet-generated .pcapng file')
|
||||||
|
parser.add_argument('--output', required=True, help='Output enriched CSV')
|
||||||
|
return parser.parse_args()
|
||||||
|
|
||||||
|
def convert_timestamp_to_epoch(ts_string):
|
||||||
|
try:
|
||||||
|
return int(datetime.fromisoformat(ts_string.replace("Z", "+00:00")).timestamp())
|
||||||
|
except Exception as e:
|
||||||
|
print(f"[!] Failed to parse timestamp: {ts_string}")
|
||||||
|
return None
|
||||||
|
|
||||||
|
def analyze_pcap(pcapng_path, start_ts, end_ts):
|
||||||
|
# Placeholder: Logic will be added for:
|
||||||
|
# - ClientsOnAP
|
||||||
|
# - ClientsOnChannel
|
||||||
|
# - APsOnChannel
|
||||||
|
# - CongestionScore
|
||||||
|
# - AvgAPSignal
|
||||||
|
# - StrongestAPSignal
|
||||||
|
# - UnlinkedDevices
|
||||||
|
return 0, 0, 0, None, None, None, 0
|
||||||
|
|
||||||
|
def main():
|
||||||
|
args = parse_args()
|
||||||
|
with open(args.csv, newline='') as infile, open(args.output, 'w', newline='', encoding='utf-8') as outfile:
|
||||||
|
reader = csv.DictReader(infile)
|
||||||
|
fieldnames = reader.fieldnames + [
|
||||||
|
'ClientsOnAP', 'ClientsOnChannel', 'APsOnChannel', 'CongestionScore',
|
||||||
|
'AvgAPSignal', 'StrongestAPSignal', 'UnlinkedDevices'
|
||||||
|
]
|
||||||
|
writer = csv.DictWriter(outfile, fieldnames=fieldnames)
|
||||||
|
writer.writeheader()
|
||||||
|
|
||||||
|
for row in reader:
|
||||||
|
tstart = convert_timestamp_to_epoch(row.get("StartTimestamp"))
|
||||||
|
tend = convert_timestamp_to_epoch(row.get("EndTimestamp"))
|
||||||
|
|
||||||
|
if not tstart or not tend:
|
||||||
|
writer.writerow(row)
|
||||||
|
continue
|
||||||
|
|
||||||
|
clients_ap, clients_chan, aps_chan, congestion, avg_signal, strongest_signal, unlinked = analyze_pcap(args.pcapng, tstart, tend)
|
||||||
|
|
||||||
|
row.update({
|
||||||
|
'ClientsOnAP': clients_ap,
|
||||||
|
'ClientsOnChannel': clients_chan,
|
||||||
|
'APsOnChannel': aps_chan,
|
||||||
|
'CongestionScore': congestion,
|
||||||
|
'AvgAPSignal': avg_signal,
|
||||||
|
'StrongestAPSignal': strongest_signal,
|
||||||
|
'UnlinkedDevices': unlinked
|
||||||
|
})
|
||||||
|
|
||||||
|
writer.writerow(row)
|
||||||
|
|
||||||
|
print(f"[+] Enrichment complete: {args.output}")
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
|
|
@ -11,9 +11,12 @@ TEST_FILE="/home/yaro/${BOOT_ID}-speedtest.csv"
|
||||||
PING_COUNT=25
|
PING_COUNT=25
|
||||||
PING_TARGET=1.1.1.1
|
PING_TARGET=1.1.1.1
|
||||||
KISMET_LOG_DIR="/home/yaro/kismet_logs"
|
KISMET_LOG_DIR="/home/yaro/kismet_logs"
|
||||||
|
LEAD_TIME=90s
|
||||||
|
|
||||||
ENRICHED_FILE="${TEST_FILE%}+rf.csv"
|
ENRICHED_FILE="${TEST_FILE%}+rf.csv"
|
||||||
|
|
||||||
|
sleep $LEAD_TIME
|
||||||
|
|
||||||
# Function to get current TX failed count
|
# Function to get current TX failed count
|
||||||
get_tx_failed() {
|
get_tx_failed() {
|
||||||
iw dev $INTERFACE station dump | awk '/tx failed/ {print $3}'
|
iw dev $INTERFACE station dump | awk '/tx failed/ {print $3}'
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue