Workbench 0.18 User Guide

Transformers

BDS Plugin

Although Babel translates IIS W3C logs to PCAP-NG format, Wireshark has no default dissector to present the IIS log data.

 BDS Screenshot

Although the text from each log entry is contained in the packet bytes, this is very usable.  We’ve written a Wireshark dissector to address this issue.  The dissector is called Babel Data Scope (BDS) and is free for download at https://community.tribelab.com/course/view.php?id=15#downloads.

BDS Screenshot

BDS converts log values into Wireshark fields, which means they can be used in filters and find operations in the same way as any other protocol field.

BDS Screenshot

It’s also a good idea to create a “BDS IIS” Wireshark profile to produce a more suitable packet list.