Add network debugging functionality and enhance packet capture monitoring

lib/services/protocol_blocking_service.dart

@@ -92,14 +92,16 @@ class ProtocolBlockingService {
   }
   
   static Future<void> _monitorPeerTraffic() async {
-    // Capture ANY packet on ALL interfaces and print it
+    // Monitor FORWARDED traffic (after VPN decryption, before internet)
     try {
       final process = await Process.start('timeout', [
         '0.1', // Very short timeout
         'tcpdump',
-        '-i', 'any', // Monitor ALL interfaces
+        '-i', 'any',
         '-c', '1',
         '-v', // Verbose
+        // Only capture forwarded packets from VPN peers to internet
+        'src net 10.0.0.0/24 and not dst net 10.0.0.0/24',
       ]);
       
       final output = <String>[];
@@ -112,7 +114,7 @@ class ProtocolBlockingService {
       
       if (exitCode == 0 && output.isNotEmpty) {
         final packetData = output.join().trim();
-        print('📦 PACKET DETECTED ON ANY INTERFACE: $packetData');
+        print('📦 DECRYPTED VPN TRAFFIC TO INTERNET: $packetData');
         
         // Check if it's from our monitored peers
         for (final peerIP in _activePeerIPs) {
@@ -150,11 +152,12 @@ class ProtocolBlockingService {
       final process = await Process.start('timeout', [
         '2',
         'tcpdump',
-        '-i', 'wg0',
+        '-i', 'any',
         '-c', '3', // Capture a few packets to get handshake
         '-s', '200',
         '-x',
-        'src $peerIP',
+        // Capture decrypted traffic from peer to internet for handshake analysis
+        'src $peerIP and not dst net 10.0.0.0/24',
       ]);
       
       final handshakeData = <String>[];
@@ -575,9 +578,54 @@ class ProtocolBlockingService {
         print('✅ ALLOWING PROTOCOL: $detectedProtocol');
       }
     } else {
-      print('❓ UNKNOWN PROTOCOL (basic analysis)');
+      // Check for BitTorrent by traffic patterns
-      print('🔤 ASCII sample: ${asciiData.replaceAll(RegExp(r'[^\x20-\x7E]'), '.').substring(0, 50)}...');
+      if (_analyzeTrafficPatterns(conn)) {
+        detectedProtocol = 'BitTorrent (Pattern Analysis)';
+      } else {
+        print('❓ UNKNOWN PROTOCOL (basic analysis)');
+        print('🔤 ASCII sample: ${asciiData.replaceAll(RegExp(r'[^\x20-\x7E]'), '.').substring(0, 50)}...');
+      }
     }
+    
+    if (detectedProtocol != null) {
+      print('🎯 BASIC DETECTION: $detectedProtocol');
+      
+      // Simple blocking logic for basic patterns
+      if (['BitTorrent', 'BitTorrent (Pattern Analysis)', 'eMule'].contains(detectedProtocol)) {
+        print('🚫 BLOCKING PROTOCOL: $detectedProtocol');
+      } else {
+        print('✅ ALLOWING PROTOCOL: $detectedProtocol');
+      }
+    }
+  }
+  
+  static final Map<String, List<DateTime>> _recentConnections = {};
+  
+  static bool _analyzeTrafficPatterns(Connection conn) {
+    final now = DateTime.now();
+    final peerIP = conn.localIP;
+    
+    // Track recent connections from this peer
+    if (!_recentConnections.containsKey(peerIP)) {
+      _recentConnections[peerIP] = [];
+    }
+    
+    // Clean old connections (older than 2 minutes)
+    _recentConnections[peerIP]!.removeWhere((time) => 
+        now.difference(time).inMinutes > 2);
+    
+    _recentConnections[peerIP]!.add(now);
+    
+    final connectionCount = _recentConnections[peerIP]!.length;
+    
+    // BitTorrent pattern: Multiple connections in short time
+    if (connectionCount >= 3) {
+      print('🔍 Pattern Analysis: $connectionCount connections from $peerIP in 2 minutes');
+      print('🚨 SUSPICIOUS: Multiple rapid connections typical of P2P protocols');
+      return true;
+    }
+    
+    return false;
   }
   
   static List<String> _extractHexBytes(String tcpdumpOutput) {