Skip to content

v5.2 — Graph Panel Filters, Sharp Static Graph & Safety

Latest

Choose a tag to compare

@srixivas srixivas released this 01 May 07:31

🚀 What's new in v5.2

🔍 Interactive graph panel — filters & click-to-inspect

  • Traffic filter combobox: All, Malicious, Tor, Covert, HTTP, HTTPS, DNS, ICMP
  • Node search entry — type a partial IP or label and press Enter to focus
  • Priority-based edge rendering — malicious edges are never overdrawn by normal traffic (malicious > Tor > covert > normal)
  • Role-based node colours — LAN hosts always blue, gateways always grey; threat colours (red/purple) only on external destinations
  • Click any node for details: domain, session count, protocols shown in the info bar
  • Filter changes correctly update click-to-inspect — stale closure bug fixed

🖼️ Static graph — sharp, readable, auto-fitting

Static network graph — natural layout with auto-fit zoom

  • Natural graphviz layout — no size/ratio/overlap attrs; dot engine chooses optimal spacing
  • DejaVu Sans font — eliminates blurry bitmap fallback on Linux (was Helvetica)
  • Aspect-ratio fit — PIL scales the PNG to fill the canvas, preserving proportions
  • Auto-fit zoom on load — graph fills the viewport immediately without manual zoom
  • Fit button in toolbar to reset zoom back to fill at any time
  • PIL source image cached; 120 ms debounce on window resize — no memory churn on 2 GB RAM

📦 Session cache — now lives in your output directory

  • SQLite session DB moves from ~/PcapXray_sessions.db<output_dir>/Report/pcapxray_sessions.db
  • Stays alongside your reports and graphs; never written to your home directory
  • .gitignore updated: *.db, *.log, lib/, memory/ — runtime files can't be accidentally committed

🔒 Safety & code quality

  • Log file created with chmod 0600 — not readable by other users
  • PCAP file path logged as basename only — full local path never hits the log
  • CLAUDE.md code review standards: closure bugs, resource leaks, thread safety, PII/payload rules, SQL safety

📦 Setup

Linux (Ubuntu/Debian):

sudo apt-get update
sudo apt-get install -y python3-tk graphviz tshark
pip3 install -r requirements.txt
sudo python3 Source/main.py

macOS:

brew install graphviz
pip3 install -r requirements.txt
sudo python3 Source/main.py

sudo is required for live capture. File analysis runs without it.
Python 3.10+ required.