diff --git a/enrich.py b/enrich.py
index 470a303..6fff254 100755
--- a/enrich.py
+++ b/enrich.py
@@ -318,8 +318,6 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
             except Exception:
                 continue
 
-        ssid_encryption_status = {}
-
         for packet in filtered_packets:
             try:
                 if 'radiotap' not in packet or 'wlan' not in packet:
@@ -335,28 +333,20 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
                 packet_channel = get_channel_from_freq(packet_freq)
 
                 subtype = int(getattr(wlan, 'type_subtype', 0), 16)
-                if subtype not in (5, 8):  # Beacon or Probe Response
+                if subtype not in (5, 8):  # Probe Response or Beacon
                     continue
                 
+                # Grab management layer once
                 try:
                     mgt = packet.get_multiple_layers('wlan.mgt')[0]
                     tags = mgt._all_fields.get('wlan.tagged.all', {}).get('wlan.tag', [])
-                except Exception:
+                except Exception as e:
                     continue
                 
                 ssid = None
                 hidden_ssid = False
-                is_open = True  # Assume open until proven encrypted
+                is_open = True
 
-                capabilities = getattr(wlan, 'capabilities', None)
-                if capabilities:
-                    try:
-                        cap_int = int(capabilities, 16)
-                        if (cap_int & 0x0010):  # Privacy bit set = not open
-                            is_open = False
-                    except ValueError:
-                        pass
-                    
                 for tag in tags:
                     tag_number = tag.get('wlan.tag.number')
 
@@ -379,6 +369,10 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
                                 cisco_ssid_clients[ssid].append(num_clients)
                         except (TypeError, ValueError):
                             pass
+
+                    if tag_number in {'48', '221'}:
+                        is_open = False
+                        
                 if ssid:
                     ssid_hidden_status[ssid] = hidden_ssid
                     ssid_packet_counts[ssid] += 1
@@ -390,17 +384,14 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
                             cisco_reported_clients.append(num_clients)
                         except (TypeError, ValueError):
                             pass
+                        
                 if not ssid:
                     continue
                 
-                ssid_hidden_status[ssid] = hidden_ssid
-                ssid_encryption_status[ssid] = is_open
-                ssid_packet_counts[ssid] += 1
-
                 bssid = getattr(wlan, 'bssid', '').lower()
                 if not bssid or bssid == 'ff:ff:ff:ff:ff:ff':
                     continue
-                
+
                 bssid_to_ssid[bssid] = ssid
                 ssid_to_bssids[ssid].add(bssid)
 
@@ -408,10 +399,9 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
                 if signal:
                     ssid_signals[ssid].append(int(signal))
 
-            except Exception:
+            except Exception as e:
                 continue
 
-
         our_ssid = bssid_to_ssid.get(ap_bssid, None)
 
         clients_on_ap = get_clients_on_ap(filtered_packets, ap_bssid)
@@ -433,7 +423,7 @@ def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
             ssid_summary.append({
                 'SSID': ssid,
                 'Hidden': ssid == '',
-                'Open': ssid_encryption_status.get(ssid, True),
+                'Open': is_open,
                 'BSSID_Count': len(bssids),
                 'BSSIDs': ";".join(sorted(bssids)),
                 'Avg_Signal': mean(signals) if signals else 0,