What's the best network traffic sniffer to extract SOAP envelope information?

All I can say is good luck. Everything I’ve ever heard about SOAP development is that it’s a nightmare. Thank God the industry has moved on…

Oy. I think my SOAP bubble just popped.

Quick googling showed a lot of mentions for Wireshark which I’ve never used so can’t speak for.

The other option I came across was SoapUi from SmartBear. I’ve used some of their other stuff and it was pretty intuitive. A quick glance looks like you can set up the capture proxy for whatever port you like.

Maybe a place to start?

I tried to set up wire shark but it left me scratchign my head. Thanks, I’ll try soap ui

I’m not sure sniffing is the best tool to use in this use case. SOAP works over TCP (actually either HTTP or SMTP, but TCP will catch both), so you’re trying to read triple-encapsulated data from your Wireshark captures. That sounds neither fun nor easy to automate.

If you can get access to either the sending or receiving host (ideally the server), maybe you can run tcpdump, TCPMon or a similar program and capture the results to a file. This file will get really big really fast… but not compared to a capture file.

What exactly do you mean by “make a bridge” between the two systems? Do you mean you need to translate SOAP calls to whatever the other system uses?

I am making a system that communicates a few vital pieces of information between electronic medical records from competing vendors that do not communicate with each other. One system I know very well, the other I do not. THe one I do not the vendor told me operates via SOAP through the intranet.
The vendors are dragging their feet, hoping we will purchase a product from their company to replace the other and then “solve” the communciation issue. IT is unfortunately poor help. I’ve tried installing WinPCAP but I do not have privleges to run it. And IT certainly won’t give them to me. Yak.

It looks like Fiddler2 might be just what you want. It’s a proxy that captures and analyzes HTTP traffic. Unfortunately, I think you might have to install something on the SOAP server in order to make it work. I didn’t read the docs too deeply, so you might want to check that.

Also, just a reminder that Wireshark must be on the same link as machines that it’s capturing from. That is, Wireshark is installed on 10.0.0.1, and you are trying to capture packets between 10.0.0.2 and 10.0.0.3, then you can’t have a switch between 10.0.0.1 and the other two- Wireshark (or any packet capture) will only get traffic on the link between the switch port and 10.0.0.1’s interface. If you have physical access to one or both of 10.0.0.2 or 10.0.0.3, then a stategically-placed hub will mitigate this.

Does the IT department understand what you are trying to accomplish? They must surely have their own packet-capture setup (necessary for some kinds of troubleshooting) and might be able to provide you with the logs you need. If you can write a filtering rule to pull out the SOAP envelope data then they should be able to implement it for you. If not then they should be fired and your company should hire me instead. IT is there to enable the use of technology, not prevent it!

Mordak, preventor of information services. I thought he was a joke. He lives where I work. Instead of being sinister, he’s just smart enough to realize that if we all figure out how dumb he is, he’d be out of a job.

Sounds like he is trying to intercept communications with a man-in-the-middle or similar type of attack. If the OP is an honest guy, this may be legit.

But he’s asking the type of questions that a malevolent hacker would be asking – and that makes me a bit worried.