Enhance analyze_pcap function to track SSID encryption status and improve handling of hidden SSIDs

enrich.py

@@ -318,6 +318,8 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
             except Exception:
                 continue
 
+        ssid_encryption_status = {}
+
         for packet in filtered_packets:
             try:
                 if 'radiotap' not in packet or 'wlan' not in packet:
@@ -333,19 +335,27 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
                 packet_channel = get_channel_from_freq(packet_freq)
 
                 subtype = int(getattr(wlan, 'type_subtype', 0), 16)
-                if subtype not in (5, 8):  # Probe Response or Beacon
+                if subtype not in (5, 8):  # Beacon or Probe Response
                     continue
                 
-                # Grab management layer once
                 try:
                     mgt = packet.get_multiple_layers('wlan.mgt')[0]
                     tags = mgt._all_fields.get('wlan.tagged.all', {}).get('wlan.tag', [])
-                except Exception as e:
+                except Exception:
                     continue
                 
                 ssid = None
                 hidden_ssid = False
-                is_open = True
+                is_open = True  # Assume open until proven encrypted
+
+                capabilities = getattr(wlan, 'capabilities', None)
+                if capabilities:
+                    try:
+                        cap_int = int(capabilities, 16)
+                        if (cap_int & 0x0010):  # Privacy bit set = not open
+                            is_open = False
+                    except ValueError:
+                        pass
                     
                 for tag in tags:
                     tag_number = tag.get('wlan.tag.number')
@@ -369,10 +379,6 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
                                 cisco_ssid_clients[ssid].append(num_clients)
                         except (TypeError, ValueError):
                             pass
-
-                    if tag_number in {'48', '221'}:
-                        is_open = False
-                        
                 if ssid:
                     ssid_hidden_status[ssid] = hidden_ssid
                     ssid_packet_counts[ssid] += 1
@@ -384,10 +390,13 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
                             cisco_reported_clients.append(num_clients)
                         except (TypeError, ValueError):
                             pass
-                        
                 if not ssid:
                     continue
                 
+                ssid_hidden_status[ssid] = hidden_ssid
+                ssid_encryption_status[ssid] = is_open
+                ssid_packet_counts[ssid] += 1
+
                 bssid = getattr(wlan, 'bssid', '').lower()
                 if not bssid or bssid == 'ff:ff:ff:ff:ff:ff':
                     continue
@@ -399,9 +408,10 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
                 if signal:
                     ssid_signals[ssid].append(int(signal))
 
-            except Exception as e:
+            except Exception:
                 continue
 
+
         our_ssid = bssid_to_ssid.get(ap_bssid, None)
 
         clients_on_ap = get_clients_on_ap(filtered_packets, ap_bssid)
@@ -423,7 +433,7 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
             ssid_summary.append({
                 'SSID': ssid,
                 'Hidden': ssid == '',
-                'Open': is_open,
+                'Open': ssid_encryption_status.get(ssid, True),
                 'BSSID_Count': len(bssids),
                 'BSSIDs': ";".join(sorted(bssids)),
                 'Avg_Signal': mean(signals) if signals else 0,