feat: device fingerprinting icons in network graph nodes

[apanchoo]

Summary

• OUI-based MAC vendor detection (~80 entries) + IP heuristics for automatic device type identification
• #override-node slot renders a colored ring (private/public indicator) + dark fill + SVG icon per device type
• 10 device types with inline SVG icons: router, server, computer, phone, apple, windows, linux, printer, vm, internet (default: server)
• Manual override via dropdown in the node edit panel — updates the graph immediately via shallowReactive node replacement
• README updated with all implemented features (graph, PCAP recording, export rules, performance improvements)

Test plan

• Start a capture and verify nodes show icons (most should show server by default)
• Connect an Apple device — verify apple icon appears
• Check that .1 / .254 addresses get router icon
• Check that public IPs get globe icon
• Click a node → change type from dropdown → icon updates immediately without clicking elsewhere
• Verify the dropdown is dark-themed (no white background)

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly upgrades the network analysis tool by introducing intelligent device fingerprinting and visualization within the network graph, allowing for clearer identification of connected devices. It also brings crucial performance and usability enhancements to the real-time packet table, ensuring a smoother experience when monitoring high-traffic captures. The changes aim to provide users with more insightful and interactive network visualizations.

Highlights

• Device Fingerprinting: Implemented automatic device type identification for network graph nodes using MAC OUI and IP heuristics, supporting 10 distinct device types with corresponding SVG icons.
• Manual Device Type Override: Added a dropdown in the node edit panel to manually change a node's device type, with immediate updates to the graph via shallowReactive node replacement.
• Network Graph Visual Enhancements: Nodes now feature a colored ring indicating private/public IP addresses and a dark fill, alongside the new device-specific SVG icons.
• Real-time Packet Table Improvements: Enhanced the packet table with auto-scrolling functionality that pauses on manual user scroll, and increased the maximum displayed rows from 5 to 500 for better data visibility.
• Documentation Update: The README has been comprehensively updated to detail new features, including PCAP recording, network graph capabilities, and various export options.

Changelog

• README.md
  • Added 'PCAP recording' feature description.
  • Introduced a detailed 'Network Graph' section outlining force-directed layout, device fingerprinting with icons, colored rings for IP types, manual override, and export functionalities.
  • Added an 'Export & Rules' section for CSV, Snort, Suricata, and iptables script generation.
  • Updated the 'UI' section to highlight real-time packet table improvements and high-performance rendering.
• src/components/AnalyseView/BottomLong.vue
  • Implemented auto-scrolling for the packet table.
  • Added logic to pause auto-scrolling when a user manually scrolls up.
  • Increased the maximum number of displayed packet rows from 5 to 500.
  • Refactored CSS for the packet table to improve layout and scrolling behavior.
• src/components/AnalyseView/NetworkGraphComponent.vue
  • Integrated device fingerprinting logic based on MAC OUI and IP heuristics.
  • Added a deviceType property to node data and initialized it during graph loading.
  • Implemented a custom node rendering slot to display colored rings and SVG icons for various device types.
  • Added a dropdown in the node info panel for manual device type editing.
  • Modified node update mechanism to use shallowReactive replacement for immediate UI updates on label or device type changes.
  • Integrated graph export functionality (PNG/SVG) via custom events, removing direct buttons from the component's template.
  • Updated node information display to include the detected device type.
  • Simplified default filenames for SVG and PNG exports.
• src/types/capture.ts
  • Added an optional deviceType property to the NodeData interface.

Activity

• The initial code for this feature was generated with Claude Code.
• A detailed test plan has been provided, covering verification of icon display, specific device type detection (Apple, routers, public IPs), and immediate UI updates upon manual type changes.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a great new feature for device fingerprinting in the network graph, complete with automatic detection via OUI/IP and manual overrides. The custom node icons are a nice touch and significantly improve the graph's readability. The related updates to the packet table for auto-scrolling and performance are also valuable additions.

I've found a few issues to address:

• A critical syntax error in BottomLong.vue due to incorrect quote characters.
• A memory leak in the same component from an un-removed event listener.
• A couple of medium-severity items in NetworkGraphComponent.vue related to improving IPv6 detection and code clarity.

Once these are fixed, this will be a solid contribution.

[gemini-code-assist]

This line uses typographic quotes (‘ and ’) instead of standard single quotes ('). This will cause a JavaScript syntax error and prevent the component from working correctly. The same issue is present on line 84.

    if (typeof maybeOff === 'function') this.offPacket = maybeOff

[gemini-code-assist]

This line uses a typographic quote (‘) instead of a standard single quote ('). This will cause a JavaScript syntax error.

      tbody.addEventListener('scroll', () => {

[gemini-code-assist]

An event listener is added to the tbody element here, but it's never removed. This will cause a memory leak because the listener holds a reference to the component instance, preventing it from being garbage collected when it's unmounted. You should store the listener function in data and remove it in the beforeUnmount lifecycle hook, similar to how it's done for export handlers in NetworkGraphComponent.vue.

[gemini-code-assist]

The current logic for detecting an 'internet' device only checks for public IPv4 addresses. Public IPv6 addresses will not be correctly identified and will fall back to the default 'server' type. You should extend this check to also identify public IPv6 addresses.

    if (!isPrivateIp(ip) && (/^\d+\.\d+\.\d+\.\d+$/.test(ip) || ip.includes(':'))) return "internet"

[gemini-code-assist]

The name editNodeLabel is now misleading, as the method also updates the device type. Consider renaming it to something more descriptive, like saveNodeChanges or updateNodeProperties, to better reflect its new functionality. Remember to also update the call site in the template (line 892).