Wireshark version Version 3.2.0 (v3.2.0-0-ge0ed4cfa3d72)
files downloaded from GitHub: https://github.com/kondah/ICS-pcap
Are the PCAP's version sensitive?
Thanks in advance for any/all help!!
Since you've not specified what you tried I downloaded a random sample (ICS-pcap/DNP3/DNP3-Read/DNP3-Read.pcap) from GitHub to test and it loads without problems.PCAP files in general are not version sensitive.
If you acquired the files by cloning the repo be aware of the use of git lfs.
Gents,
Thanks for the replies, and I apologize for the rubbish initial entry! less haste etc.
Right, so I have downloaded from the GitHub location originally referenced and expanded the zip on my OneDrive directory. I'm double-clicking on a file within the directory created when unzipping, and Wireshark starts but then a pop-up error msgbox appears:
'The file 'DNPs-ReadRequest.pcap' isn't a capture file in a format Wireshark understands.
I downloaded the repo using the green 'Clone or Download' and selected Download Zip on the next pop-up. I'm thinking this may be a way I'm grabbing these from Git, I've just downloaded an individual file and it works from a double-click.
Thank you for your responses and Happy New Year!
Yep, I can confirm (on Windows at least) using git clone (on the original github repo https://github.com/automayt/ICS-pcap.git) or downloading the repo as a zip fails. The clone fails to checkout due to an invalid path. Downloading an individual file as reported by @Jaap does work. This is a git or github issue and not a Wireshark problem.
Note that some files don't actually contain what they purport to represent, e.g. the DNP3-ReadRequest.pcap file doesn't actually contain a Read Request, but a Link status Request.
Comments
What does "won't open" mean? Did you try double-clicking on the file? If so, what happened? Did nothing happen, or was an error reported? If an error was reported, what was the error?