🚀 What's new in v5.2
🔍 Interactive graph panel — filters & click-to-inspect
- Traffic filter combobox: All, Malicious, Tor, Covert, HTTP, HTTPS, DNS, ICMP
- Node search entry — type a partial IP or label and press Enter to focus
- Priority-based edge rendering — malicious edges are never overdrawn by normal traffic (malicious > Tor > covert > normal)
- Role-based node colours — LAN hosts always blue, gateways always grey; threat colours (red/purple) only on external destinations
- Click any node for details: domain, session count, protocols shown in the info bar
- Filter changes correctly update click-to-inspect — stale closure bug fixed
🖼️ Static graph — sharp, readable, auto-fitting
- Natural graphviz layout — no
size/ratio/overlapattrs;dotengine chooses optimal spacing - DejaVu Sans font — eliminates blurry bitmap fallback on Linux (was Helvetica)
- Aspect-ratio fit — PIL scales the PNG to fill the canvas, preserving proportions
- Auto-fit zoom on load — graph fills the viewport immediately without manual zoom
- Fit button in toolbar to reset zoom back to fill at any time
- PIL source image cached; 120 ms debounce on window resize — no memory churn on 2 GB RAM
📦 Session cache — now lives in your output directory
- SQLite session DB moves from
~/PcapXray_sessions.db→<output_dir>/Report/pcapxray_sessions.db - Stays alongside your reports and graphs; never written to your home directory
.gitignoreupdated:*.db,*.log,lib/,memory/— runtime files can't be accidentally committed
🔒 Safety & code quality
- Log file created with
chmod 0600— not readable by other users - PCAP file path logged as basename only — full local path never hits the log
CLAUDE.mdcode review standards: closure bugs, resource leaks, thread safety, PII/payload rules, SQL safety
📦 Setup
Linux (Ubuntu/Debian):
sudo apt-get update
sudo apt-get install -y python3-tk graphviz tshark
pip3 install -r requirements.txt
sudo python3 Source/main.pymacOS:
brew install graphviz
pip3 install -r requirements.txt
sudo python3 Source/main.py
sudois required for live capture. File analysis runs without it.
Python 3.10+ required.
