General Question

drhat77's avatar

What's the best network traffic sniffer to extract SOAP envelope information?

Asked by drhat77 (6197points) September 11th, 2013

I need to make a bridge between two medical record systems inside my hospital (inside the firewall). One of them I’m very familiar with, but the other I am not. The vendor tells me that the system communicates from client computers to the server via SOAP.
I have used network traffic sniffers to isolate the address and port that information is being sent to, but I cannot get the packet info.

Observing members: 0 Composing members: 0

9 Answers

gorillapaws's avatar

All I can say is good luck. Everything I’ve ever heard about SOAP development is that it’s a nightmare. Thank God the industry has moved on…

drhat77's avatar

Oy. I think my SOAP bubble just popped.

funkdaddy's avatar

Quick googling showed a lot of mentions for Wireshark which I’ve never used so can’t speak for.

The other option I came across was SoapUi from SmartBear. I’ve used some of their other stuff and it was pretty intuitive. A quick glance looks like you can set up the capture proxy for whatever port you like.

Maybe a place to start?

drhat77's avatar

I tried to set up wire shark but it left me scratchign my head. Thanks, I’ll try soap ui

rexacoracofalipitorius's avatar

I’m not sure sniffing is the best tool to use in this use case. SOAP works over TCP (actually either HTTP or SMTP, but TCP will catch both), so you’re trying to read triple-encapsulated data from your Wireshark captures. That sounds neither fun nor easy to automate.

If you can get access to either the sending or receiving host (ideally the server), maybe you can run tcpdump, TCPMon or a similar program and capture the results to a file. This file will get really big really fast… but not compared to a capture file.

What exactly do you mean by “make a bridge” between the two systems? Do you mean you need to translate SOAP calls to whatever the other system uses?

drhat77's avatar

I am making a system that communicates a few vital pieces of information between electronic medical records from competing vendors that do not communicate with each other. One system I know very well, the other I do not. THe one I do not the vendor told me operates via SOAP through the intranet.
The vendors are dragging their feet, hoping we will purchase a product from their company to replace the other and then “solve” the communciation issue. IT is unfortunately poor help. I’ve tried installing WinPCAP but I do not have privleges to run it. And IT certainly won’t give them to me. Yak.

rexacoracofalipitorius's avatar

It looks like Fiddler2 might be just what you want. It’s a proxy that captures and analyzes HTTP traffic. Unfortunately, I think you might have to install something on the SOAP server in order to make it work. I didn’t read the docs too deeply, so you might want to check that.

Also, just a reminder that Wireshark must be on the same link as machines that it’s capturing from. That is, Wireshark is installed on, and you are trying to capture packets between and, then you can’t have a switch between and the other two- Wireshark (or any packet capture) will only get traffic on the link between the switch port and’s interface. If you have physical access to one or both of or, then a stategically-placed hub will mitigate this.

Does the IT department understand what you are trying to accomplish? They must surely have their own packet-capture setup (necessary for some kinds of troubleshooting) and might be able to provide you with the logs you need. If you can write a filtering rule to pull out the SOAP envelope data then they should be able to implement it for you. If not then they should be fired and your company should hire me instead. IT is there to enable the use of technology, not prevent it!

drhat77's avatar

Mordak, preventor of information services. I thought he was a joke. He lives where I work. Instead of being sinister, he’s just smart enough to realize that if we all figure out how dumb he is, he’d be out of a job.

elbanditoroso's avatar

Sounds like he is trying to intercept communications with a man-in-the-middle or similar type of attack. If the OP is an honest guy, this may be legit.

But he’s asking the type of questions that a malevolent hacker would be asking – and that makes me a bit worried.

Answer this question




to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
Knowledge Networking @ Fluther