This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Unable to capture SOAP response

0

Hi everyone, I am having an issue trying to capture the incoming message from my webservice.

The situation is as follows:

1) We have a portable device used for sending and receiving SOAP messages from our webservice. We are trying to capture the messages sent back and forth.

2) We set up a test configuration where the device will connect via wifi to a laptop (set to Access Point mode using Connectify) that is connected to the Internet using an Ethernet cable. The laptop's running on Windows 7.

3) We run Wireshark 1.6.5 to capture in promiscuous mode, with capture filter set to "tcp port http"

4) Capture begins and we make the device send the request message to the webservice. The webservice sends a response and the device received the response.

5) We ended the capture and viewed the http/xml protocol packets, selecting "Follow TCP stream".

6) What we get are all outgoing capture and no incoming packets being captured. There should be some data being captured but there is none!

What could be the issue here? Thank you and hope for some direction on how to proceed from here, thank you.

asked 05 Mar '12, 18:25

Tkuan's gravatar image

Tkuan
6112
accept rate: 0%

We set up a test configuration where the device will connect via wifi to a laptop (set to Access Point mode using Connectify) that is connected to the Internet using an Ethernet cable. The laptop's running on Windows 7.

So the laptop is acting as a router between a Wi-FI network and the Ethernet that goes to your Internet access device?

We run Wireshark 1.6.5 to capture in promiscuous mode, with capture filter set to "tcp port http"

Are you capturing on the laptop's Wi-Fi interface or on its Ethernet interface?

(05 Mar '12, 19:29) Guy Harris ♦♦

Hi Guy, the laptop is now acting as an access point with a SSID. The device connects to the laptop with the correct SSID and key set up.

The laptop needs a separate internet connection, thus the Ethernet acts in this capacity.

Capturing on the Ethernet interface.

(05 Mar '12, 19:36) Tkuan

I.e., the portable device's SOAP requests to your Web service are going from the portable device to the laptop, which then forwards them to your Web service by sending them over the Ethernet interface onto the Internet?

(05 Mar '12, 19:55) Guy Harris ♦♦

There is no forwarding done, the laptop's treated invisibly in this case.

Something to add, when I do a direct HTTP post to the webservice using my browser on my laptop, I was able to capture both outgoing and incoming packets. Strange.

(05 Mar '12, 20:06) Tkuan
1

There is no forwarding done, the laptop's treated invisibly in this case.

Unless your device is directly communicating with the Web service over Wi-Fi - i.e., if you could power down the laptop, without changing the device or the Web service's configuration, and the traffic would still flow between the device and the Web service - then there's SOME sort of forwarding going on inside the laptop's operating system, whether it's low-level link-layer bridging or IP-layer forwarding.

(05 Mar '12, 20:13) Guy Harris ♦♦

One Answer:

0

If you do see traffic in WIreshark traversing from the Connectify SSID towards the Ethernet interface, but you don't see the returning traffic, that means that Connectify redirects that traffic before WinPcap gets the chance to capture the incoming packets. Similar things happen with some VPN software. You couldupdate the wiki with your experiences.

The only way to capture the traffic in your case is to ether capture the wireless traffic or use a hub or switch (with port mirroring capabilities) between your Connectify laptop and the router.

answered 05 Mar '12, 23:22

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thank you, I think this is the issue here, I will find an alternative way of capturing the data.

(07 Mar '12, 18:07) Tkuan