Recently I had an issue where I was trying to create a stubbed/mocked version of a SOAP service locally. I ran my web application, my client connected, my service got the request, sent back the response and… the client didn’t like it. Not sure why… everything should be working.
So I wanted to look at the actual data coming across the wire. Admittedly, I don’t have a lot of experience with SOAP services. I mean, I know the basic concepts, but I have used just plain old HTTP RESTful services a lot more often.
I couldn’t figure out for the life of me how to set a breakpoint to view the raw message I was getting, so I set out trying to capture the packet and look at it that way.
Fiddler – no dice.
I have used Fiddler in the past to look at web traffic, and with success… but it seems like it doesn’t work very well in Windows 10. That, and it always seems to mess up some other application that needs to access the web. As was the case here, Fiddler proved to be no help.
Wireshark
Wireshark is a free tool that allows you to capture traffic. And I mean all the traffic. I’ve used it when trying to debug a UDP service, TCP service, HTTP service, basically any kind of service that accesses the web. It has powerful filtering that lets you get down to exactly what you’re trying to find, so even though the initial data load is huge, you can drill down to the bits that are actually what you’re looking for.
Wireshark doesn’t capture localhost to localhost traffic
Unfortunately, Wireshark alone doesn’t fix the problem. Apparently, Windows doesn’t use a network adapter at all when routing localhost to localhost traffic. I guess this makes sense; there’s no need to go to the network adapter level if you’re just staying inside of the same box.
RawCap
RawCap is a simple little .NET 2.0 utility that captures all traffic at the socket level – thus solving our problem. Luckily, you can even output it to a file and then open it with Wireshark to view and filter the data.
Usage
Download and install Wireshark, and download RawCap. Inside of a command prompt window (in the same directory as RawCap), run this command:
This will begin capturing all of the packets. Run the test that produces the packet you want to capture, and then press CTRL+C on the command prompt window to stop capturing packets.
Open Wireshark, and simply navigate to the File->Open menu and select the dumpfile.pcap that RawCap produced in the capture session.
From there, you should be able to filter down to exactly what you need to find, and analyze your data. In my case (for a SOAP request), I found a packet, right clicked, and chose “Follow TCP stream” to see the entire exchange of information.
