NetSentinel v2.1.12

Security & Verification

Every release is signed and checksummed. Verify before running.

Check	Result
VirusTotal scan	aHR0cHM6Ly9n…
SHA256 checksums	SHA256SUMS.txt

Verify the SHA256 checksum (Windows):

$expected = (Get-Content SHA256SUMS.txt | Select-String 'NetSentinel-Setup').ToString().Split(' ')[0]
$actual   = (Get-FileHash 'NetSentinel-Setup-2.1.12.exe' -Algorithm SHA256).Hash.ToLower()
if ($expected -eq $actual) { '✅ OK' } else { '❌ MISMATCH' }

Verify the cosign signature (Windows installer):

cosign verify-blob \
  --bundle NetSentinel-Setup-2.1.12.exe.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-Setup-2.1.12.exe

Verify the cosign signature (MSIX):

cosign verify-blob \
  --bundle NetSentinel-2.1.12.msix.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-2.1.12.msix

---

NetSentinel v2.1.12

v2.1.12

Added

• ui/perf_audit.py — warn_if_nav_slow() nav timing warnings and profile_page_init() cProfile wrapper for page-init instrumentation (S10-1)
• ui/widgets/feedback_dialog.py — local in-app feedback dialog; writes timestamped entries to feedback.log with no network calls; accessible via Ctrl+K "Give Feedback" (S10-7)
• STATUS_ICON_OK/WARN/CRIT/UNKNOWN shape constants in ui/styles.py; applied in service heartbeat, uptime, and monitor verdict displays so status is not conveyed by colour alone (S10-2)
• Focus rings (QPushButton:focus CSS) on activity-rail buttons and flyout items for keyboard navigation (S10-3)
• tests/test_status_icons.py, tests/test_keyboard_nav.py, tests/test_empty_state_audit.py, tests/test_loading_state_audit.py, tests/test_theme_consistency.py, tests/test_feedback_dialog.py, tests/test_perf_audit.py — UX Sprint 10 audit test suite (S10-4 through S10-6)

Fixed

• Stripped UTF-8 BOM from ui/nav/rail.py that caused silent SyntaxError in ast.parse-based test checks
• test_no_duplicate_methods.py now correctly exempts @pyqtProperty getter/setter pairs from the duplicate-method check

---

Recommended install

winget install NetSentinel.NetSentinel

Or download manually:

Platform	File	Notes
Windows	NetSentinel-Setup-*.exe	Installer — adds to Start Menu + PATH. Use winget (above) instead if possible.
Windows	NetSentinel-svc.exe	Background Windows service (not in winget).
macOS	NetSentinel-macOS.zip	GUI — unzip, right-click → Open.
macOS	NetSentinel-cli-macOS	Headless CLI.
Linux	NetSentinel	GUI — chmod +x NetSentinel && sudo ./NetSentinel
Linux	NetSentinel-cli-linux	Headless CLI.

What it does

One tool that replaces a drawer full of network utilities:

• Rogue device fingerprinting with curated OUI registry (Google, TP-Link, Apple, Amazon, Samsung, LG, PlayStation, Nintendo, Xbox, Roku, Netgear, Asus)
• STP/BPDU rogue Root Bridge detection
• Broadcast & multicast storm analysis
• IoT Behavioral Baseline — learns normal device traffic, alerts on deviations
• Root Cause Correlator — distinguishes ISP fault from local network fault
• Network Grade (A–F) across 8 dimensions — uptime, latency, jitter, DNS, speed, safety, STP, storm
• ISP Accountability Report — HTML export with MTR hop table and outage log for support tickets
• How-to-Fix context menus on every scan result
• Hidden SSID and co-channel WiFi interference detection
• Live ping + DNS latency correlation
• On-demand diagnostics: speed test, DNS leak, traceroute, public IP
• Long-term background connectivity logger with stability scoring
• TCP port scanner, OS fingerprinter, CVE lookup, MTR, and more
• HTML, JSON, CSV, Nmap XML report export

NetSentinel v2.1.11

Security & Verification

Every release is signed and checksummed. Verify before running.

Check	Result
VirusTotal scan	aHR0cHM6Ly9n…
SHA256 checksums	SHA256SUMS.txt

Verify the SHA256 checksum (Windows):

$expected = (Get-Content SHA256SUMS.txt | Select-String 'NetSentinel-Setup').ToString().Split(' ')[0]
$actual   = (Get-FileHash 'NetSentinel-Setup-2.1.11.exe' -Algorithm SHA256).Hash.ToLower()
if ($expected -eq $actual) { '✅ OK' } else { '❌ MISMATCH' }

Verify the cosign signature (Windows installer):

cosign verify-blob \
  --bundle NetSentinel-Setup-2.1.11.exe.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-Setup-2.1.11.exe

Verify the cosign signature (MSIX):

cosign verify-blob \
  --bundle NetSentinel-2.1.11.msix.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-2.1.11.msix

---

NetSentinel v2.1.11

v2.1.11

Added

• modules/cdn_ranges.py — static CDN/streaming-provider IP range classifier (Netflix/YouTube/Twitch/Disney+) for App Traffic device drill-downs
• modules/traffic_insights.py — household usage narrative, ISP plan utilization, and QoS overlap recommendation builders
• modules/service_bandwidth_overlay.py — bandwidth-sharing context note for Service Diagnostics
• ui/widgets/usage_insights_card.py — home page "Usage insights" card (weekly category breakdown, plan utilization, dismissible QoS suggestion)
• app_traffic_sample table (schema v17) persists App Traffic history; new "Last 24 Hours by Category" chart on the App Traffic page with click-to-drill-down by device and CDN
• "Internet Plan" settings card — optional monthly data cap feeding plan utilization on the home page

---

Recommended install

winget install NetSentinel.NetSentinel

Or download manually:

Platform	File	Notes
Windows	NetSentinel-Setup-*.exe	Installer — adds to Start Menu + PATH. Use winget (above) instead if possible.
Windows	NetSentinel-svc.exe	Background Windows service (not in winget).
macOS	NetSentinel-macOS.zip	GUI — unzip, right-click → Open.
macOS	NetSentinel-cli-macOS	Headless CLI.
Linux	NetSentinel	GUI — chmod +x NetSentinel && sudo ./NetSentinel
Linux	NetSentinel-cli-linux	Headless CLI.

What it does

One tool that replaces a drawer full of network utilities:

• Rogue device fingerprinting with curated OUI registry (Google, TP-Link, Apple, Amazon, Samsung, LG, PlayStation, Nintendo, Xbox, Roku, Netgear, Asus)
• STP/BPDU rogue Root Bridge detection
• Broadcast & multicast storm analysis
• IoT Behavioral Baseline — learns normal device traffic, alerts on deviations
• Root Cause Correlator — distinguishes ISP fault from local network fault
• Network Grade (A–F) across 8 dimensions — uptime, latency, jitter, DNS, speed, safety, STP, storm
• ISP Accountability Report — HTML export with MTR hop table and outage log for support tickets
• How-to-Fix context menus on every scan result
• Hidden SSID and co-channel WiFi interference detection
• Live ping + DNS latency correlation
• On-demand diagnostics: speed test, DNS leak, traceroute, public IP
• Long-term background connectivity logger with stability scoring
• TCP port scanner, OS fingerprinter, CVE lookup, MTR, and more
• HTML, JSON, CSV, Nmap XML report export

NetSentinel v2.1.10

Security & Verification

Every release is signed and checksummed. Verify before running.

Check	Result
VirusTotal scan	aHR0cHM6Ly9n…
SHA256 checksums	SHA256SUMS.txt

Verify the SHA256 checksum (Windows):

$expected = (Get-Content SHA256SUMS.txt | Select-String 'NetSentinel-Setup').ToString().Split(' ')[0]
$actual   = (Get-FileHash 'NetSentinel-Setup-2.1.10.exe' -Algorithm SHA256).Hash.ToLower()
if ($expected -eq $actual) { '✅ OK' } else { '❌ MISMATCH' }

Verify the cosign signature (Windows installer):

cosign verify-blob \
  --bundle NetSentinel-Setup-2.1.10.exe.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-Setup-2.1.10.exe

Verify the cosign signature (MSIX):

cosign verify-blob \
  --bundle NetSentinel-2.1.10.msix.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-2.1.10.msix

---

NetSentinel v2.1.10

v2.1.10

Added

• Persistent device map: after each scan, pinned and static-candidate offline devices (infrastructure roles, IP-stable seen 3+ times) are appended to the Inventory snapshot with freshness state pinned, cached (<24 h), or stale (<7 d); implemented in ScanResultMixin._merge_scan_with_persistent() (ui/scan_wiring.py)
• "Hide offline" toggle in the Current Devices card header hides cached/stale rows without discarding the persistent map; resets on navigation

Fixed

• ui/scan_wiring.py: _store_ref used before assignment in _on_m1_result inventory block; replaced with _inv_store to fix silent UnboundLocalError that prevented segment detection from running

---

Recommended install

winget install NetSentinel.NetSentinel

Or download manually:

Platform	File	Notes
Windows	NetSentinel-Setup-*.exe	Installer — adds to Start Menu + PATH. Use winget (above) instead if possible.
Windows	NetSentinel-svc.exe	Background Windows service (not in winget).
macOS	NetSentinel-macOS.zip	GUI — unzip, right-click → Open.
macOS	NetSentinel-cli-macOS	Headless CLI.
Linux	NetSentinel	GUI — chmod +x NetSentinel && sudo ./NetSentinel
Linux	NetSentinel-cli-linux	Headless CLI.

What it does

One tool that replaces a drawer full of network utilities:

• Rogue device fingerprinting with curated OUI registry (Google, TP-Link, Apple, Amazon, Samsung, LG, PlayStation, Nintendo, Xbox, Roku, Netgear, Asus)
• STP/BPDU rogue Root Bridge detection
• Broadcast & multicast storm analysis
• IoT Behavioral Baseline — learns normal device traffic, alerts on deviations
• Root Cause Correlator — distinguishes ISP fault from local network fault
• Network Grade (A–F) across 8 dimensions — uptime, latency, jitter, DNS, speed, safety, STP, storm
• ISP Accountability Report — HTML export with MTR hop table and outage log for support tickets
• How-to-Fix context menus on every scan result
• Hidden SSID and co-channel WiFi interference detection
• Live ping + DNS latency correlation
• On-demand diagnostics: speed test, DNS leak, traceroute, public IP
• Long-term background connectivity logger with stability scoring
• TCP port scanner, OS fingerprinter, CVE lookup, MTR, and more
• HTML, JSON, CSV, Nmap XML report export

NetSentinel v2.1.9

Security & Verification

Every release is signed and checksummed. Verify before running.

Check	Result
VirusTotal scan	aHR0cHM6Ly9n…
SHA256 checksums	SHA256SUMS.txt

Verify the SHA256 checksum (Windows):

$expected = (Get-Content SHA256SUMS.txt | Select-String 'NetSentinel-Setup').ToString().Split(' ')[0]
$actual   = (Get-FileHash 'NetSentinel-Setup-2.1.9.exe' -Algorithm SHA256).Hash.ToLower()
if ($expected -eq $actual) { '✅ OK' } else { '❌ MISMATCH' }

Verify the cosign signature (Windows installer):

cosign verify-blob \
  --bundle NetSentinel-Setup-2.1.9.exe.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-Setup-2.1.9.exe

Verify the cosign signature (MSIX):

cosign verify-blob \
  --bundle NetSentinel-2.1.9.msix.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-2.1.9.msix

---

NetSentinel v2.1.9

v2.1.9

Fixed

• modules/topology_cytoscape.py: removed re-export block that created a cyclic import with topology_cytoscape_html (CodeQL #1526, #1528)
• modules/topology_cytoscape_html.py: promoted lazy build_cytoscape_elements imports to module-level now that the cycle is broken (CodeQL #1524, #1525)
• tests/test_topology_cytoscape_html.py: unified import form to from modules import topology_cytoscape_html to resolve CodeQL py/import-and-import-from (#1527)

---

Recommended install

winget install NetSentinel.NetSentinel

Or download manually:

Platform	File	Notes
Windows	NetSentinel-Setup-*.exe	Installer — adds to Start Menu + PATH. Use winget (above) instead if possible.
Windows	NetSentinel-svc.exe	Background Windows service (not in winget).
macOS	NetSentinel-macOS.zip	GUI — unzip, right-click → Open.
macOS	NetSentinel-cli-macOS	Headless CLI.
Linux	NetSentinel	GUI — chmod +x NetSentinel && sudo ./NetSentinel
Linux	NetSentinel-cli-linux	Headless CLI.

What it does

One tool that replaces a drawer full of network utilities:

• Rogue device fingerprinting with curated OUI registry (Google, TP-Link, Apple, Amazon, Samsung, LG, PlayStation, Nintendo, Xbox, Roku, Netgear, Asus)
• STP/BPDU rogue Root Bridge detection
• Broadcast & multicast storm analysis
• IoT Behavioral Baseline — learns normal device traffic, alerts on deviations
• Root Cause Correlator — distinguishes ISP fault from local network fault
• Network Grade (A–F) across 8 dimensions — uptime, latency, jitter, DNS, speed, safety, STP, storm
• ISP Accountability Report — HTML export with MTR hop table and outage log for support tickets
• How-to-Fix context menus on every scan result
• Hidden SSID and co-channel WiFi interference detection
• Live ping + DNS latency correlation
• On-demand diagnostics: speed test, DNS leak, traceroute, public IP
• Long-term background connectivity logger with stability scoring
• TCP port scanner, OS fingerprinter, CVE lookup, MTR, and more
• HTML, JSON, CSV, Nmap XML report export

NetSentinel v2.1.5

Security & Verification

Every release is signed and checksummed. Verify before running.

Check	Result
VirusTotal scan	aHR0cHM6Ly9n…
SHA256 checksums	SHA256SUMS.txt

Verify the SHA256 checksum (Windows):

$expected = (Get-Content SHA256SUMS.txt | Select-String 'NetSentinel-Setup').ToString().Split(' ')[0]
$actual   = (Get-FileHash 'NetSentinel-Setup-2.1.5.exe' -Algorithm SHA256).Hash.ToLower()
if ($expected -eq $actual) { '✅ OK' } else { '❌ MISMATCH' }

Verify the cosign signature (Windows installer):

cosign verify-blob \
  --bundle NetSentinel-Setup-2.1.5.exe.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-Setup-2.1.5.exe

Verify the cosign signature (MSIX):

cosign verify-blob \
  --bundle NetSentinel-2.1.5.msix.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-2.1.5.msix

---

NetSentinel v2.1.5

v2.1.5

Fixed

• RULE 10 contradiction with RULE-AH3 resolved; all matplotlib chart backgrounds now use ui/styles.py tokens
• QTimer.singleShot calls replaced with parented QTimer(self) instances across widget classes (RULE-WIN5 hardening)
• app.py wiring refactor — always-on worker signals connected after Dashboard construction per RULE-DW2
• Network Map interactive view: hierarchical top-down Cytoscape.js layout and LLDP hint + WebEngine fallback polish

---

Recommended install

winget install NetSentinel.NetSentinel

Or download manually:

Platform	File	Notes
Windows	NetSentinel-Setup-*.exe	Installer — adds to Start Menu + PATH. Use winget (above) instead if possible.
Windows	NetSentinel-svc.exe	Background Windows service (not in winget).
macOS	NetSentinel-macOS.zip	GUI — unzip, right-click → Open.
macOS	NetSentinel-cli-macOS	Headless CLI.
Linux	NetSentinel	GUI — chmod +x NetSentinel && sudo ./NetSentinel
Linux	NetSentinel-cli-linux	Headless CLI.

What it does

One tool that replaces a drawer full of network utilities:

• Rogue device fingerprinting with curated OUI registry (Google, TP-Link, Apple, Amazon, Samsung, LG, PlayStation, Nintendo, Xbox, Roku, Netgear, Asus)
• STP/BPDU rogue Root Bridge detection
• Broadcast & multicast storm analysis
• IoT Behavioral Baseline — learns normal device traffic, alerts on deviations
• Root Cause Correlator — distinguishes ISP fault from local network fault
• Network Grade (A–F) across 8 dimensions — uptime, latency, jitter, DNS, speed, safety, STP, storm
• ISP Accountability Report — HTML export with MTR hop table and outage log for support tickets
• How-to-Fix context menus on every scan result
• Hidden SSID and co-channel WiFi interference detection
• Live ping + DNS latency correlation
• On-demand diagnostics: speed test, DNS leak, traceroute, public IP
• Long-term background connectivity logger with stability scoring
• TCP port scanner, OS fingerprinter, CVE lookup, MTR, and more
• HTML, JSON, CSV, Nmap XML report export

NetSentinel v2.1.3

Security & Verification

Every release is signed and checksummed. Verify before running.

Check	Result
VirusTotal scan	aHR0cHM6Ly9n…
SHA256 checksums	SHA256SUMS.txt

Verify the SHA256 checksum (Windows):

$expected = (Get-Content SHA256SUMS.txt | Select-String 'NetSentinel-Setup').ToString().Split(' ')[0]
$actual   = (Get-FileHash 'NetSentinel-Setup-2.1.3.exe' -Algorithm SHA256).Hash.ToLower()
if ($expected -eq $actual) { '✅ OK' } else { '❌ MISMATCH' }

Verify the cosign signature (Windows installer):

cosign verify-blob \
  --bundle NetSentinel-Setup-2.1.3.exe.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-Setup-2.1.3.exe

Verify the cosign signature (MSIX):

cosign verify-blob \
  --bundle NetSentinel-2.1.3.msix.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-2.1.3.msix

---

NetSentinel v2.1.3

v2.1.3

Added

• MetricStore schema v13: device_classification_overrides table — user-set type overrides survive all enrichment re-runs permanently
• modules/device_classifier.py: get_all_device_types() — sorted list of every valid device type label for UI dropdowns
• inventory_page.py: _TypeOverrideDialog — right-click "Override Device Type…" on any device in the snapshot table; type combobox with Set/Clear/Cancel
• inventory_page.py: confidence indicator prefix in Type column (★ user override, ● high ≥70%, ◑ medium 30–70%, ○ low <30%) with coloured foreground and tooltip
• inventory_page.py: Classification section in device detail drawer — current type, override badge, confidence level, evidence list, Clear Override button
• ui/scan_enrichment.py: override guard in _apply_dhcp_fingerprints() and _on_passive_observation() — user-set overrides block all automatic enrichment upgrades
• tests/test_device_classifier.py: 5 new tests for get_all_device_types()

---

Recommended install

winget install NetSentinel.NetSentinel

Or download manually:

Platform	File	Notes
Windows	NetSentinel-Setup-*.exe	Installer — adds to Start Menu + PATH. Use winget (above) instead if possible.
Windows	NetSentinel-svc.exe	Background Windows service (not in winget).
macOS	NetSentinel-macOS.zip	GUI — unzip, right-click → Open.
macOS	NetSentinel-cli-macOS	Headless CLI.
Linux	NetSentinel	GUI — chmod +x NetSentinel && sudo ./NetSentinel
Linux	NetSentinel-cli-linux	Headless CLI.

What it does

One tool that replaces a drawer full of network utilities:

• Rogue device fingerprinting with curated OUI registry (Google, TP-Link, Apple, Amazon, Samsung, LG, PlayStation, Nintendo, Xbox, Roku, Netgear, Asus)
• STP/BPDU rogue Root Bridge detection
• Broadcast & multicast storm analysis
• IoT Behavioral Baseline — learns normal device traffic, alerts on deviations
• Root Cause Correlator — distinguishes ISP fault from local network fault
• Network Grade (A–F) across 8 dimensions — uptime, latency, jitter, DNS, speed, safety, STP, storm
• ISP Accountability Report — HTML export with MTR hop table and outage log for support tickets
• How-to-Fix context menus on every scan result
• Hidden SSID and co-channel WiFi interference detection
• Live ping + DNS latency correlation
• On-demand diagnostics: speed test, DNS leak, traceroute, public IP
• Long-term background connectivity logger with stability scoring
• TCP port scanner, OS fingerprinter, CVE lookup, MTR, and more
• HTML, JSON, CSV, Nmap XML report export

NetSentinel v2.1.2

Security & Verification

Every release is signed and checksummed. Verify before running.

Check	Result
VirusTotal scan	aHR0cHM6Ly9n…
SHA256 checksums	SHA256SUMS.txt

Verify the SHA256 checksum (Windows):

$expected = (Get-Content SHA256SUMS.txt | Select-String 'NetSentinel-Setup').ToString().Split(' ')[0]
$actual   = (Get-FileHash 'NetSentinel-Setup-2.1.2.exe' -Algorithm SHA256).Hash.ToLower()
if ($expected -eq $actual) { '✅ OK' } else { '❌ MISMATCH' }

Verify the cosign signature (Windows installer):

cosign verify-blob \
  --bundle NetSentinel-Setup-2.1.2.exe.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-Setup-2.1.2.exe

Verify the cosign signature (MSIX):

cosign verify-blob \
  --bundle NetSentinel-2.1.2.msix.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-2.1.2.msix

---

NetSentinel v2.1.2

v2.1.2

Added

• modules/network_segments.py — NetworkSegment dataclass, auto_detect_segments(), classify_device_segment(), merge_segments(); groups scan devices into colour-coded /24 subnets (Sprint 4)
• MetricStore schema v11: network_segments table (CIDR unique, auto_created flag, user-editable name/colour)
• inventory_page.py: colour-coded segment pill bar above the device table with multi-select filter; Segment ● column; _SegmentEditorDialog for right-click segment editing
• ui/scan_wiring.py: segments auto-detected and persisted after every full scan; stored user-defined segments win over auto-detected ones on CIDR conflict
• tests/test_network_segments.py: 15 tests covering detection, classification, merge logic, and scaling guard

---

Recommended install

winget install NetSentinel.NetSentinel

Or download manually:

Platform	File	Notes
Windows	NetSentinel-Setup-*.exe	Installer — adds to Start Menu + PATH. Use winget (above) instead if possible.
Windows	NetSentinel-svc.exe	Background Windows service (not in winget).
macOS	NetSentinel-macOS.zip	GUI — unzip, right-click → Open.
macOS	NetSentinel-cli-macOS	Headless CLI.
Linux	NetSentinel	GUI — chmod +x NetSentinel && sudo ./NetSentinel
Linux	NetSentinel-cli-linux	Headless CLI.

What it does

One tool that replaces a drawer full of network utilities:

• Rogue device fingerprinting with curated OUI registry (Google, TP-Link, Apple, Amazon, Samsung, LG, PlayStation, Nintendo, Xbox, Roku, Netgear, Asus)
• STP/BPDU rogue Root Bridge detection
• Broadcast & multicast storm analysis
• IoT Behavioral Baseline — learns normal device traffic, alerts on deviations
• Root Cause Correlator — distinguishes ISP fault from local network fault
• Network Grade (A–F) across 8 dimensions — uptime, latency, jitter, DNS, speed, safety, STP, storm
• ISP Accountability Report — HTML export with MTR hop table and outage log for support tickets
• How-to-Fix context menus on every scan result
• Hidden SSID and co-channel WiFi interference detection
• Live ping + DNS latency correlation
• On-demand diagnostics: speed test, DNS leak, traceroute, public IP
• Long-term background connectivity logger with stability scoring
• TCP port scanner, OS fingerprinter, CVE lookup, MTR, and more
• HTML, JSON, CSV, Nmap XML report export

NetSentinel v2.1.1

Security & Verification

Every release is signed and checksummed. Verify before running.

Check	Result
VirusTotal scan	aHR0cHM6Ly9n…
SHA256 checksums	SHA256SUMS.txt

Verify the SHA256 checksum (Windows):

$expected = (Get-Content SHA256SUMS.txt | Select-String 'NetSentinel-Setup').ToString().Split(' ')[0]
$actual   = (Get-FileHash 'NetSentinel-Setup-2.1.1.exe' -Algorithm SHA256).Hash.ToLower()
if ($expected -eq $actual) { '✅ OK' } else { '❌ MISMATCH' }

Verify the cosign signature (Windows installer):

cosign verify-blob \
  --bundle NetSentinel-Setup-2.1.1.exe.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-Setup-2.1.1.exe

Verify the cosign signature (MSIX):

cosign verify-blob \
  --bundle NetSentinel-2.1.1.msix.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-2.1.1.msix

---

NetSentinel v2.1.1

v2.1.1

Fixed

• modules/rogue_device.py: proxy-ARP deduplication — IPs sharing the gateway MAC are collected in proxy_arp_ips and excluded from device results so the gateway never appears twice
• modules/rogue_device.py: gateway device always classified as Router / Gateway via is_gateway parameter, chip-OUI heuristic, and consumer-hostname sanity check — misclassification from Lite-On OUI or Playstation 4 hostname resolved
• ui/scan_enrichment.py: gateway hostname guard in plugin enrichment loop — plugin client entries whose IP matches the gateway are skipped so the gateway hostname cannot be overwritten
• ui/scan_enrichment.py: gateway MAC filtered from _plugin_enrichments so the router's own MAC never appears as a client device in enrichment data
• ui/scan_enrichment.py: IP-keyed hostname sync (_apply_mesh_enrichment) skips the gateway DeviceInfo object to prevent the mesh/table-cell sync from overwriting the gateway hostname
• ui/scan_enrichment.py: post-enrichment device-type cell sync writes DeviceInfo.device_type back to the Devices table for all devices with a known type — guards against the race where the cell was written before is_gateway classification ran
• tests/test_scan_enrichment.py: regression test for shared-MAC (proxy-ARP) sync — two DeviceInfo objects with the same MAC; gateway hostname protected, non-gateway hostname updated

---

Recommended install

winget install NetSentinel.NetSentinel

Or download manually:

Platform	File	Notes
Windows	NetSentinel-Setup-*.exe	Installer — adds to Start Menu + PATH. Use winget (above) instead if possible.
Windows	NetSentinel-svc.exe	Background Windows service (not in winget).
macOS	NetSentinel-macOS.zip	GUI — unzip, right-click → Open.
macOS	NetSentinel-cli-macOS	Headless CLI.
Linux	NetSentinel	GUI — chmod +x NetSentinel && sudo ./NetSentinel
Linux	NetSentinel-cli-linux	Headless CLI.

What it does

One tool that replaces a drawer full of network utilities:

• Rogue device fingerprinting with curated OUI registry (Google, TP-Link, Apple, Amazon, Samsung, LG, PlayStation, Nintendo, Xbox, Roku, Netgear, Asus)
• STP/BPDU rogue Root Bridge detection
• Broadcast & multicast storm analysis
• IoT Behavioral Baseline — learns normal device traffic, alerts on deviations
• Root Cause Correlator — distinguishes ISP fault from local network fault
• Network Grade (A–F) across 8 dimensions — uptime, latency, jitter, DNS, speed, safety, STP, storm
• ISP Accountability Report — HTML export with MTR hop table and outage log for support tickets
• How-to-Fix context menus on every scan result
• Hidden SSID and co-channel WiFi interference detection
• Live ping + DNS latency correlation
• On-demand diagnostics: speed test, DNS leak, traceroute, public IP
• Long-term background connectivity logger with stability scoring
• TCP port scanner, OS fingerprinter, CVE lookup, MTR, and more
• HTML, JSON, CSV, Nmap XML report export

NetSentinel v2.0.0

Security & Verification

Every release is signed and checksummed. Verify before running.

Check	Result
VirusTotal scan	aHR0cHM6Ly9n…
SHA256 checksums	SHA256SUMS.txt

Verify the SHA256 checksum (Windows):

$expected = (Get-Content SHA256SUMS.txt | Select-String 'NetSentinel-Setup').ToString().Split(' ')[0]
$actual   = (Get-FileHash 'NetSentinel-Setup-2.0.0.exe' -Algorithm SHA256).Hash.ToLower()
if ($expected -eq $actual) { '✅ OK' } else { '❌ MISMATCH' }

Verify the cosign signature (Windows installer):

cosign verify-blob \
  --bundle NetSentinel-Setup-2.0.0.exe.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-Setup-2.0.0.exe

Verify the cosign signature (MSIX):

cosign verify-blob \
  --bundle NetSentinel-2.0.0.msix.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-2.0.0.msix

---

NetSentinel v2.0.0

v2.0.0

Added

• packaging/AppxManifest.xml: declared windows.startupTask (uap5, disabled by default) — enables user-controlled auto-start via Settings → Apps → Startup for Microsoft Store builds
• app.py: --startup-logger flag — starts the app minimised to the system tray and auto-starts the Network Logger; fired by the Windows startup task when the user opts in

Changed

• ui/system_tray.py: "Launch at Startup" registry entry now registers --startup-logger instead of --minimised, so enabling auto-start also begins background logging
• ui/pages/settings_cards.py: startup checkbox label updated to reflect that auto-start runs as a background logger

---

Recommended install

winget install NetSentinel.NetSentinel

Or download manually:

Platform	File	Notes
Windows	NetSentinel-Setup-*.exe	Installer — adds to Start Menu + PATH. Use winget (above) instead if possible.
Windows	NetSentinel-svc.exe	Background Windows service (not in winget).
macOS	NetSentinel-macOS.zip	GUI — unzip, right-click → Open.
macOS	NetSentinel-cli-macOS	Headless CLI.
Linux	NetSentinel	GUI — chmod +x NetSentinel && sudo ./NetSentinel
Linux	NetSentinel-cli-linux	Headless CLI.

What it does

One tool that replaces a drawer full of network utilities:

• Rogue device fingerprinting with curated OUI registry (Google, TP-Link, Apple, Amazon, Samsung, LG, PlayStation, Nintendo, Xbox, Roku, Netgear, Asus)
• STP/BPDU rogue Root Bridge detection
• Broadcast & multicast storm analysis
• IoT Behavioral Baseline — learns normal device traffic, alerts on deviations
• Root Cause Correlator — distinguishes ISP fault from local network fault
• Network Grade (A–F) across 8 dimensions — uptime, latency, jitter, DNS, speed, safety, STP, storm
• ISP Accountability Report — HTML export with MTR hop table and outage log for support tickets
• How-to-Fix context menus on every scan result
• Hidden SSID and co-channel WiFi interference detection
• Live ping + DNS latency correlation
• On-demand diagnostics: speed test, DNS leak, traceroute, public IP
• Long-term background connectivity logger with stability scoring
• TCP port scanner, OS fingerprinter, CVE lookup, MTR, and more
• HTML, JSON, CSV, Nmap XML report export

NetSentinel v1.9.99

Security & Verification

Every release is signed and checksummed. Verify before running.

Check	Result
VirusTotal scan	aHR0cHM6Ly9n…
SHA256 checksums	SHA256SUMS.txt

Verify the SHA256 checksum (Windows):

$expected = (Get-Content SHA256SUMS.txt | Select-String 'NetSentinel-Setup').ToString().Split(' ')[0]
$actual   = (Get-FileHash 'NetSentinel-Setup-1.9.99.exe' -Algorithm SHA256).Hash.ToLower()
if ($expected -eq $actual) { '✅ OK' } else { '❌ MISMATCH' }

Verify the cosign signature (Windows installer):

cosign verify-blob \
  --bundle NetSentinel-Setup-1.9.99.exe.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-Setup-1.9.99.exe

Verify the cosign signature (MSIX):

cosign verify-blob \
  --bundle NetSentinel-1.9.99.msix.bundle \
  --certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  NetSentinel-1.9.99.msix

---

NetSentinel v1.9.99

v1.9.99

Fixed

• ui/header.py: snap-layout maximize button no longer crashes with RPC_E_WRONG_THREAD (0x8001010d) when a native file dialog is open — _toggle_maximize() is now invoked via QMetaObject.invokeMethod with QueuedConnection so it always runs on the Qt main thread
• app.py: tplinkrouterc6u (Deco hardware plugin dep) is now pre-imported on the main STA thread before any background workers start — eliminates RPC_E_WRONG_THREAD crash loop on app restart after a wild chaos run
• tools/monkey_test.py: raised _UNRESPONSIVE_SECS from 20 s to 45 s — "Update Feeds" on Threat Intel page takes ~26 s on a slow connection; the 20 s threshold caused false-positive test terminations
• Navigation animations and live chart redraws: eliminated a linear memory accumulation where old FuncAnimation / Line2D objects were never released between redraws

---

Recommended install

winget install NetSentinel.NetSentinel

Or download manually:

Platform	File	Notes
Windows	NetSentinel-Setup-*.exe	Installer — adds to Start Menu + PATH. Use winget (above) instead if possible.
Windows	NetSentinel-svc.exe	Background Windows service (not in winget).
macOS	NetSentinel-macOS.zip	GUI — unzip, right-click → Open.
macOS	NetSentinel-cli-macOS	Headless CLI.
Linux	NetSentinel	GUI — chmod +x NetSentinel && sudo ./NetSentinel
Linux	NetSentinel-cli-linux	Headless CLI.

What it does

One tool that replaces a drawer full of network utilities:

• Rogue device fingerprinting with curated OUI registry (Google, TP-Link, Apple, Amazon, Samsung, LG, PlayStation, Nintendo, Xbox, Roku, Netgear, Asus)
• STP/BPDU rogue Root Bridge detection
• Broadcast & multicast storm analysis
• IoT Behavioral Baseline — learns normal device traffic, alerts on deviations
• Root Cause Correlator — distinguishes ISP fault from local network fault
• Network Grade (A–F) across 8 dimensions — uptime, latency, jitter, DNS, speed, safety, STP, storm
• ISP Accountability Report — HTML export with MTR hop table and outage log for support tickets
• How-to-Fix context menus on every scan result
• Hidden SSID and co-channel WiFi interference detection
• Live ping + DNS latency correlation
• On-demand diagnostics: speed test, DNS leak, traceroute, public IP
• Long-term background connectivity logger with stability scoring
• TCP port scanner, OS fingerprinter, CVE lookup, MTR, and more
• HTML, JSON, CSV, Nmap XML report export