NetSentinel v2.1.1
Security & Verification
Every release is signed and checksummed. Verify before running.
| Check | Result |
|---|---|
| VirusTotal scan | aHR0cHM6Ly9n… |
| SHA256 checksums | SHA256SUMS.txt |
Verify the SHA256 checksum (Windows):
$expected = (Get-Content SHA256SUMS.txt | Select-String 'NetSentinel-Setup').ToString().Split(' ')[0]
$actual = (Get-FileHash 'NetSentinel-Setup-2.1.1.exe' -Algorithm SHA256).Hash.ToLower()
if ($expected -eq $actual) { '✅ OK' } else { '❌ MISMATCH' }Verify the cosign signature (Windows installer):
cosign verify-blob \
--bundle NetSentinel-Setup-2.1.1.exe.bundle \
--certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
NetSentinel-Setup-2.1.1.exeVerify the cosign signature (MSIX):
cosign verify-blob \
--bundle NetSentinel-2.1.1.msix.bundle \
--certificate-identity-regexp "https://github.com/ossianericson/netsentinel/.*" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
NetSentinel-2.1.1.msixNetSentinel v2.1.1
v2.1.1
Fixed
modules/rogue_device.py: proxy-ARP deduplication — IPs sharing the gateway MAC are collected inproxy_arp_ipsand excluded from device results so the gateway never appears twicemodules/rogue_device.py: gateway device always classified asRouter / Gatewayviais_gatewayparameter, chip-OUI heuristic, and consumer-hostname sanity check — misclassification fromLite-OnOUI orPlaystation 4hostname resolvedui/scan_enrichment.py: gateway hostname guard in plugin enrichment loop — plugin client entries whose IP matches the gateway are skipped so the gateway hostname cannot be overwrittenui/scan_enrichment.py: gateway MAC filtered from_plugin_enrichmentsso the router's own MAC never appears as a client device in enrichment dataui/scan_enrichment.py: IP-keyed hostname sync (_apply_mesh_enrichment) skips the gatewayDeviceInfoobject to prevent the mesh/table-cell sync from overwriting the gateway hostnameui/scan_enrichment.py: post-enrichment device-type cell sync writesDeviceInfo.device_typeback to the Devices table for all devices with a known type — guards against the race where the cell was written beforeis_gatewayclassification rantests/test_scan_enrichment.py: regression test for shared-MAC (proxy-ARP) sync — twoDeviceInfoobjects with the same MAC; gateway hostname protected, non-gateway hostname updated
Recommended install
winget install NetSentinel.NetSentinelOr download manually:
| Platform | File | Notes |
|---|---|---|
| Windows | NetSentinel-Setup-*.exe |
Installer — adds to Start Menu + PATH. Use winget (above) instead if possible. |
| Windows | NetSentinel-svc.exe |
Background Windows service (not in winget). |
| macOS | NetSentinel-macOS.zip |
GUI — unzip, right-click → Open. |
| macOS | NetSentinel-cli-macOS |
Headless CLI. |
| Linux | NetSentinel |
GUI — chmod +x NetSentinel && sudo ./NetSentinel |
| Linux | NetSentinel-cli-linux |
Headless CLI. |
What it does
One tool that replaces a drawer full of network utilities:
- Rogue device fingerprinting with curated OUI registry (Google, TP-Link, Apple, Amazon, Samsung, LG, PlayStation, Nintendo, Xbox, Roku, Netgear, Asus)
- STP/BPDU rogue Root Bridge detection
- Broadcast & multicast storm analysis
- IoT Behavioral Baseline — learns normal device traffic, alerts on deviations
- Root Cause Correlator — distinguishes ISP fault from local network fault
- Network Grade (A–F) across 8 dimensions — uptime, latency, jitter, DNS, speed, safety, STP, storm
- ISP Accountability Report — HTML export with MTR hop table and outage log for support tickets
- How-to-Fix context menus on every scan result
- Hidden SSID and co-channel WiFi interference detection
- Live ping + DNS latency correlation
- On-demand diagnostics: speed test, DNS leak, traceroute, public IP
- Long-term background connectivity logger with stability scoring
- TCP port scanner, OS fingerprinter, CVE lookup, MTR, and more
- HTML, JSON, CSV, Nmap XML report export