Workbench 0.18 User Guide

FAQs

I know I have files I want to use in my file system but they don’t appear in the Add/Import File finder.

Make sure the file extension of the files you want to add is listed in the file extensions for the data type you want to add them to.  Use View -> Object Explorer Type Window to check the extensions listed.  To add a new extension, see Creating a New Data Type.

I made a mistake defining a Transformer which meant that it produced an output file with no/the wrong content.  I’ve corrected the mistake but Workbench keeps passing a cached version of the wrong file to my tool.

To resolve this problem, right click on the original file in the Object Explorer, click on Cached Versions and then click on the red X to delete the transformed version.

I’ve defined a Transformer but when I run the tool that should use it, Workbench is ignoring the Transformer and launching the tool specifying the untransformed file as its input.  The tool then throws an error as it doesn’t support the original file format.

Make sure that you haven’t added the file extension for the original file format to the list of supported formats for the tool.  For example, we might define a Transformer that converts txt files to pcapng format.  If we have defined txt in the extension list for Wireshark, when we drop Wireshark onto a txt file Workbench determines that txt files are directly supported and so starts Wireshark with the text file as input.

When I attempt to drag the Filter or Marker Finder tool onto a file a red box appears around the file and the tool doesn’t work.

Unlike many guest tools, Filter and Marker Finder can process groups of files.  Filter and Marker Finder will process any files, file sets or directory sets that are present on the workpad.  The error condition when attempting to process a single object is to indicate that we can’t process a specific object on the workpad.  The correct way to use these tools is to drag and drop them anywhere on the workpad except where a data object resides.  We can have any number of objects on the workpad including one, and so we can process single data objects.

When I try opening an IIS W3C log in Wireshark using Babel I get “Err  Field 's-sitename' (iis_log.s_sitename) is a FT_ABSOLUTE_TIME but …”.

Make sure you have downloaded the correct version of BDS.  You will get the above error if you install the BDS plugin for Wireshark 2.0.x on a PC with Wireshark 2.3.x.