fix: top external ASNs panel showing zero entries (#179)

* fix: check both src and dst IPs when computing top external ASNs

Previously only dstIp was checked, so external IPs appearing as the
source (inbound connections, responses) were silently skipped, causing
the Top External Destinations panel to show zero entries.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: handle sql.Timestamp cast in beacon candidate detection

JPA native queries return java.sql.Timestamp for timestamp columns,
not LocalDateTime. The direct cast threw a ClassCastException which
was silently caught, causing all aggregates (including top external
ASNs) to be empty on every story generation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: log tshark stderr on parse failure

Previously stderr was discarded, making it impossible to diagnose
why tshark rejected a file. Now stderr is captured and included in
both the log message and the thrown exception.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: dark mode text contrast for error message and loading view

- ErrorMessage: override hardcoded dark-red title/text colors with
  light pink tones under [data-theme='dark']
- sgds-overrides: add explicit dark mode rules for .text-body and
  .text-muted so Bootstrap utility classes respect the dark theme;
  also wire --bs-body-color and --bs-secondary-color tokens

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: address PR #179 review comments

- Replace StringBuilder with StringBuffer for stderrBuf to prevent race condition if join(5000) times out and background thread is still writing
- Cache isPrivate() results in computeTopAsns to avoid repeated string parsing per conversation; replace nested ternary with if-else for readability
- Remove duplicate [data-theme='dark'] .text-muted rule in sgds-overrides.css

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: NotYuSheng

backend/src/main/java/com/tracepcap/analysis/service/PcapParserService.java

@@ -81,12 +81,24 @@ public PcapAnalysisResult analyzePcapFile(File pcapFile) {
             "arp.dst.proto_ipv4",
             "-e",
             "eth.dst");
-    pb.redirectError(ProcessBuilder.Redirect.DISCARD);
+    pb.redirectErrorStream(false);
 
     long packetNumber = 0;
     try {
       Process process = pb.start();
 
+      // Drain stderr in a background thread so it doesn't block stdout
+      StringBuffer stderrBuf = new StringBuffer();
+      Thread stderrThread = new Thread(() -> {
+        try (BufferedReader err =
+            new BufferedReader(new InputStreamReader(process.getErrorStream()))) {
+          String l;
+          while ((l = err.readLine()) != null) stderrBuf.append(l).append('\n');
+        } catch (Exception ignored) {}
+      });
+      stderrThread.setDaemon(true);
+      stderrThread.start();
+
       try (BufferedReader reader =
           new BufferedReader(new InputStreamReader(process.getInputStream()))) {
         String line;
@@ -221,10 +233,12 @@ public PcapAnalysisResult analyzePcapFile(File pcapFile) {
         }
       }
 
+      stderrThread.join(5000);
       int exitCode = process.waitFor();
       if (exitCode != 0 && packetNumber == 0) {
-        log.error("tshark exited with code {} and parsed 0 packets", exitCode);
-        throw new RuntimeException("tshark failed to parse PCAP file (exit " + exitCode + ")");
+        String stderr = stderrBuf.toString().trim();
+        log.error("tshark exited with code {} and parsed 0 packets. stderr: {}", exitCode, stderr);
+        throw new RuntimeException("tshark failed to parse PCAP file (exit " + exitCode + "): " + stderr);
       }
 
     } catch (RuntimeException e) {

backend/src/main/java/com/tracepcap/story/service/StoryAggregatesService.java

@@ -90,12 +90,21 @@ private List<AsnEntry> computeTopAsns(UUID fileId, long totalBytes) {
     // Fetch all conversations to get dst IPs and their byte counts
     List<ConversationEntity> all = conversationRepository.findByFileId(fileId);
 
-    // Group external dstIps → total bytes
+    // Group external IPs → total bytes (check both src and dst)
     Map<String, Long> ipBytes = new HashMap<>();
     Map<String, Long> ipFlows = new HashMap<>();
+    Map<String, Boolean> privateCache = new HashMap<>();
     for (ConversationEntity c : all) {
-      String ip = c.getDstIp();
-      if (ip != null && !isPrivate(ip)) {
+      String dst = c.getDstIp();
+      String src = c.getSrcIp();
+      // Prefer dstIp as the "remote" endpoint; fall back to srcIp if dst is private/null
+      String ip = null;
+      if (dst != null && !privateCache.computeIfAbsent(dst, StoryAggregatesService::isPrivate)) {
+        ip = dst;
+      } else if (src != null && !privateCache.computeIfAbsent(src, StoryAggregatesService::isPrivate)) {
+        ip = src;
+      }
+      if (ip != null) {
         ipBytes.merge(ip, c.getTotalBytes(), Long::sum);
         ipFlows.merge(ip, 1L, Long::sum);
       }
@@ -207,8 +216,11 @@ record FlowKey(String src, String dst, String port, String proto, String app) {}
       String proto = String.valueOf(row[3]);
       String app = row[4] != null ? String.valueOf(row[4]) : null;
       FlowKey key = new FlowKey(src, dst, port, proto, app);
+      LocalDateTime ts = row[5] instanceof java.sql.Timestamp t
+          ? t.toLocalDateTime()
+          : (LocalDateTime) row[5];
       groups.computeIfAbsent(key, k -> new ArrayList<>())
-          .add((LocalDateTime) row[5]);
+          .add(ts);
     }
 
     List<BeaconCandidate> candidates = new ArrayList<>();

frontend/src/assets/styles/sgds-overrides.css

@@ -33,6 +33,11 @@
 [data-theme='dark'] {
   color-scheme: dark;
 
+  /* ── Bootstrap utility tokens (text-muted, text-body, etc.) ── */
+  --bs-body-color: var(--tp-text);
+  --bs-secondary-color: var(--tp-text-muted);
+  --bs-tertiary-color: var(--tp-text-muted);
+
   /* ── SGDS global tokens ── */
   --sgds-body-bg: var(--tp-bg);
   --sgds-body-color: var(--tp-text);
@@ -307,6 +312,10 @@
   border-color: var(--tp-border) !important;
 }
 
+[data-theme='dark'] .text-body {
+  color: var(--tp-text) !important;
+}
+
 /* Bootstrap utility classes */
 [data-theme='dark'] .bg-light,
 [data-theme='dark'] .bg-white {

frontend/src/components/common/ErrorMessage/ErrorMessage.css

@@ -31,6 +31,14 @@
   color: #58151c;
 }
 
+[data-theme='dark'] .error-title {
+  color: #f8d7da;
+}
+
+[data-theme='dark'] .error-text {
+  color: #f1aeb5;
+}
+
 .error-content button {
   display: flex;
   align-items: center;