Enhance handshake analysis with detailed logging and protocol detection improvements

lib/services/protocol_blocking_service.dart

@@ -250,28 +250,75 @@ class ProtocolBlockingService {
   }
   
   static void _analyzeHandshake(String handshakeData, Connection conn) {
-    // Simple pattern detection for now
+    print('════════════════ HANDSHAKE SIGNATURE ANALYSIS ════════════════');
+    print('📍 Connection: $conn');
+    
+    // Extract raw bytes from tcpdump hex output
+    final hexBytes = _extractHexBytes(handshakeData);
+    final asciiData = _extractAsciiFromHex(hexBytes);
+    
+    print('📊 Raw Data Length: ${handshakeData.length} chars');
+    print('🔢 Hex Bytes (first 64): ${hexBytes.take(64).join(' ')}');
+    print('📝 ASCII Representation: ${asciiData.replaceAll('\n', '\\n').replaceAll('\r', '\\r')}');
+    print('🔍 First 32 bytes as string: ${String.fromCharCodes(hexBytes.take(32).map((h) => int.tryParse(h, radix: 16) ?? 0).where((b) => b >= 32 && b <= 126))}');
+    
+    // Protocol detection with signature details
     final data = handshakeData.toLowerCase();
-    
     String? detectedProtocol;
+    String signature = '';
     
-    if (data.contains('bittorrent protocol') || data.contains('13426974546f7272656e742070726f746f636f6c')) {
+    if (data.contains('bittorrent protocol') || hexBytes.join('').contains('13426974546f7272656e742070726f746f636f6c')) {
       detectedProtocol = 'BitTorrent';
+      signature = 'BitTorrent handshake signature detected';
     } else if (data.contains('ssh-2.0') || data.contains('ssh-1.')) {
       detectedProtocol = 'SSH';
+      signature = 'SSH protocol version string';
     } else if (data.contains('get ') || data.contains('post ') || data.contains('http/')) {
       detectedProtocol = 'HTTP';
+      signature = 'HTTP request headers';
     } else if (data.contains('220 ') && conn.remotePort == 25) {
       detectedProtocol = 'SMTP';
+      signature = 'SMTP welcome message';
     } else if (data.contains('220 ') && conn.remotePort == 21) {
       detectedProtocol = 'FTP';
+      signature = 'FTP welcome message';
+    } else if (hexBytes.isNotEmpty && hexBytes.first == '16' && hexBytes.length > 5) {
+      // TLS detection
+      detectedProtocol = 'TLS/SSL';
+      signature = 'TLS ClientHello/ServerHello (0x16 record type)';
     }
     
     if (detectedProtocol != null) {
-      print('🎯 PROTOCOL DETECTED: $detectedProtocol for $conn');
+      print('🎯 PROTOCOL IDENTIFIED: $detectedProtocol');
+      print('📋 Signature: $signature');
     } else {
-      print('❓ Unknown protocol for $conn');
+      print('❓ UNKNOWN PROTOCOL');
+      print('💡 Pattern not recognized - logging for analysis');
     }
+    print('══════════════════════════════════════════════════════════════');
+  }
+  
+  static List<String> _extractHexBytes(String tcpdumpOutput) {
+    final hexPattern = RegExp(r'0x[0-9a-f]+:\s*([0-9a-f\s]+)', caseSensitive: false);
+    final matches = hexPattern.allMatches(tcpdumpOutput);
+    
+    final hexBytes = <String>[];
+    for (final match in matches) {
+      final hexLine = match.group(1)?.replaceAll(' ', '') ?? '';
+      for (int i = 0; i < hexLine.length; i += 2) {
+        if (i + 1 < hexLine.length) {
+          hexBytes.add(hexLine.substring(i, i + 2));
+        }
+      }
+    }
+    return hexBytes;
+  }
+  
+  static String _extractAsciiFromHex(List<String> hexBytes) {
+    return hexBytes
+        .map((hex) => int.tryParse(hex, radix: 16) ?? 0)
+        .map((byte) => (byte >= 32 && byte <= 126) ? String.fromCharCode(byte) : '.')
+        .join('');
   }
   
   static void dispose() {