From 1d2fafb4e3fd5c903866edef385ed1ece264e8dc Mon Sep 17 00:00:00 2001 From: Yaro Kasear Date: Mon, 21 Apr 2025 12:52:18 -0500 Subject: [PATCH 1/2] Add packet count to analyze_pcap output and CSV reporting --- enrich.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/enrich.py b/enrich.py index 9ffd2a5..9a6d8af 100755 --- a/enrich.py +++ b/enrich.py @@ -434,13 +434,14 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): }) finally: + packet_count = len(filtered_packets) cap.close() return (clients_on_ap, clients_on_channel, aps_on_channel, avg_ap_signal, max_ap_signal, unlinked_devices, cisco_avg_reported_clients, cisco_max_reported_clients, num_bssids, average_signal, max_ssid_signal, num_channels_ssid, - ssid_summary) + ssid_summary, packet_count) def main(): args = parse_args() @@ -470,7 +471,7 @@ def main(): 'ClientsOnAP', 'ClientsOnChannel', 'APsOnChannel', 'AvgAPSignal', 'StrongestAPSignal', 'UnlinkedDevices', 'CiscoAvgReportedClients', 'CiscoMaxReportedClients', 'NumberofBSSIDsOnSSID', - 'AvgSSIDSignal', 'MaxSSIDSignal', 'NumberofChannelsOnSSID' + 'AvgSSIDSignal', 'MaxSSIDSignal', 'NumberofChannelsOnSSID', 'PacketCount' ] writer = csv.DictWriter(outfile, fieldnames=fieldnames) writer.writeheader() @@ -489,7 +490,7 @@ def main(): avg_signal, strongest_signal, unlinked, \ cisco_avg_reported_clients, cisco_max_reported_clients, num_bssids, \ average_signal, max_ssid_signal, num_channels_ssid, \ - ssid_summary = analyze_pcap(args.pcapng, tstart, tend, ap_bssid, ap_channel) + ssid_summary, packet_count = analyze_pcap(args.pcapng, tstart, tend, ap_bssid, ap_channel) row.update({ 'ClientsOnAP': clients_ap, @@ -503,7 +504,8 @@ def main(): 'NumberofBSSIDsOnSSID': num_bssids, 'AvgSSIDSignal': average_signal, 'MaxSSIDSignal': max_ssid_signal, - 'NumberofChannelsOnSSID': num_channels_ssid + 'NumberofChannelsOnSSID': num_channels_ssid, + 'PacketCount': packet_count }) writer.writerow(row) From e3c3647a7eafed1ace1a9936227b8c9042dea396 Mon Sep 17 00:00:00 2001 From: Yaro Kasear Date: Mon, 21 Apr 2025 12:55:33 -0500 Subject: [PATCH 2/2] Add packet count tracking to SSID metrics in analyze_pcap function --- enrich.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/enrich.py b/enrich.py index 9a6d8af..6fff254 100755 --- a/enrich.py +++ b/enrich.py @@ -305,6 +305,7 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): ssid_to_bssids = defaultdict(set) bssid_to_ssid = {} cisco_reported_clients = [] + ssid_packet_counts = defaultdict(int) try: # Filter packets manually by timestamp @@ -374,7 +375,7 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): if ssid: ssid_hidden_status[ssid] = hidden_ssid - + ssid_packet_counts[ssid] += 1 # Cisco Client Count if tag_number == '133': @@ -430,7 +431,8 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel): 'Min_Signal': min(signals) if signals else 0, 'Clients_Seen': len(ssid_clients.get(ssid, [])), 'CiscoAvgClients': round(mean(cisco_reported_clients), 2) if cisco_reported_clients else 0, - 'CiscoMaxClients': max(cisco_reported_clients) if cisco_reported_clients else 0 + 'CiscoMaxClients': max(cisco_reported_clients) if cisco_reported_clients else 0, + 'PacketCount': ssid_packet_counts[ssid] }) finally: @@ -516,7 +518,7 @@ def main(): with open(ssid_outfile, 'w', newline='', encoding='utf-8') as f: fieldnames = [ 'SSID', 'Hidden', 'Open', 'BSSID_Count', 'BSSIDs', 'Avg_Signal', 'Max_Signal', - 'Min_Signal', 'Clients_Seen', 'CiscoAvgClients', 'CiscoMaxClients' + 'Min_Signal', 'Clients_Seen', 'CiscoAvgClients', 'CiscoMaxClients', 'PacketCount' ] ssid_writer = csv.DictWriter(f, fieldnames=fieldnames) ssid_writer.writeheader()