-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide guidance on macOS/Linux when no app is tied to opening of pcaps #1379
Comments
Note to self: If/when we make improvements here, I should be able to revise the wiki article updated via #1380. |
This was recently reviewed with the UX team. We suspect the "open" would return a non-zero when the app fails to launch, and so we could catch this. @jameskerr: Also noted that there's currently a few different places in Brim where things are "downloaded" in some way (this pcap flow extraction for opening in Wireshark, ZNG/CSV/NDJSON export, etc.), and he's had a thought for some time of creating a unifying way to handle all these. Perhaps we can create an Epic when this topic becomes the priority. |
Hi, |
@Ibranum: A couple questions to help narrow it down.
|
@philrz Here ya go! Thanks for helping!
It turns out, I didn't realize that Brim wasn't storing the PCAPs and their information in its own directory but just the data lake itself that it had interpreted (sorry I'm VERY new to Brim). So when I moved the PCAP in its own directory to another one, Brim still had the old path to where the PCAP was and wasn't able to open it. Reloading the PCAP into Brim and ensuring it stays in its own location (AKA me not moving it haha) fixed this issue for me. Sorry for the trouble! |
@Ibranum: Glad to hear you were able to figure out what was going on. Indeed, my next line of inquiry would have been to start to piece together the In any case, it's good that you were able to share your experience, as it points to another motivation to improve the error handling/messaging here. |
Update: As of GA Brim tagged |
I'm pleased to report that since the changes merged from #2992, this problem has been addressed on macOS. As shown in the attached video, now when the Download Packets button is clicked and there's no app like Wireshark tied to the opening of pcap files, a system message is popped up. This is reminiscent of what we showed above for Windows,. Verify-macOS.mp4However, even at the tip of main (commit 7ba4321 at the moment) the behavior on Linux is still as previously described, so I'll continue to hold this issue open. |
Verified in Zui Insiders 1.8.1-insiders.4, which is based on Zui commit 6a90407. The videos below show where things now stand on each OS when Wireshark is not installed and the Packets button is clicked. LinuxLinux is where the help was most needed, since the OS previously did not pop up any kind of error. Here we now have the benefit of the app's own error message "Could not open extracted pcap. Is Wirshark installed?" Verify-Linux.mp4macOSAs noted above, on current macOS (Sonoma 14.5 at the moment, specifically), the OS now pops up an error. We now have the benefit of that and the app's own error. Verify-macOS.mp4WindowsAs noted above, on Windows we've always had the benefit of an OS error pop-up, and that is still true today. For some reason the Electron method we use to attempt the open does not seem to be acting as if it failed in this case, so the presentation of the app's own error is not happening here. However, since there's at least some error visible to the user and it's pretty clear what's going on, we're not going to invest effort right now digging into that. Verify-Windows.mp4Regarding two other points made earlier in this issue:
|
A community user recently reported a problem with Wireshark not opening when the Packets button was clicked in Brim. This inspired me to revisit the user experience when they're running Brim on an OS that lacks any installed/configured app tied to the opening of pcaps (e.g. Wireshark not installed). Repros are with GA Brim tagged
v0.22.0
.On Windows (repro was on Server 2019) we seem pretty well covered. As shown in the attached video, when the Packets button is hit, a familiar "Windows can't open this type of file (.pcap)" message pops up.
Windows.mov
On macOS (repro was on Big Sur) and Linux (repro was on Debian 10) it's not great. As shown in the videos below, the user sees the "Download Complete" message, but no app appears (expected) and no message is shown to explain why (that's bad!) I've kept the Dev Tools console window open during these repros to show that there doesn't seem to be an underlying message tied to this.
macOS.mov
Linux.Debian.10.mov
If we can recognize this occurrence and provide guidance, that would be a great improvement.
After the community user's experience, they also offered the opinion:
Since these are supposed to be just temporary flow extractions, I'm not sure if this is something we'd want to add since it might give the user the impression that they're responsible for hunting down the files in that location, but for the "happy path" they should simply open in the appropriate app without issue. But this is good feedback, so I'm including it here for consideration when revisiting this UX.
The text was updated successfully, but these errors were encountered: