A community user recently reported a problem with Wireshark not opening when the Packets button was clicked in Brim. This inspired me to revisit the user experience when they're running Brim on an OS that lacks any installed/configured app tied to the opening of pcaps (e.g. Wireshark not installed). Repros are with GA Brim tagged v0.22.0.

On Windows (repro was on Server 2019) we seem pretty well covered. As shown in the attached video, when the Packets button is hit, a familiar "Windows can't open this type of file (.pcap)" message pops up.

On macOS (repro was on Big Sur) and Linux (repro was on Debian 10) it's not great. As shown in the videos below, the user sees the "Download Complete" message, but no app appears (expected) and no message is shown to explain why (that's bad!) I've kept the Dev Tools console window open during these repros to show that there doesn't seem to be an underlying message tied to this.

If we can recognize this occurrence and provide guidance, that would be a great improvement.

After the community user's experience, they also offered the opinion:

I think it might be helpful if the "download complete" message showed the directory that the files get saved into. I found them in my /tmp directory by accident.

Since these are supposed to be just temporary flow extractions, I'm not sure if this is something we'd want to add since it might give the user the impression that they're responsible for hunting down the files in that location, but for the "happy path" they should simply open in the appropriate app without issue. But this is good feedback, so I'm including it here for consideration when revisiting this UX.