Human readable output from tcpdump
Posted by davidnewcomb on 13 Jun 2008 in System Admin
I had a problem with Funambol’s administration tool where the same version worked at home, but not at work. When I tried to login at work it said “Host not found or not reachable, please verify connection parameter". I verified the host was found, the route was reachable and the user name and password were correct. The error in the client (and server) log was:
12 Jun 2008 09:58 [ERROR] no SOAPAction header!
AxisFault
faultCode: {http://xml.apache.org/axis/}Client.NoSOAPAction
faultSubcode:
faultString: no SOAPAction header!
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}hostname:bigsoft.co.uk
no SOAPAction header!
at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:633)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanEndElement(XMLNSDocumentScannerImpl.java:719)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1685)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:368)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1242)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:796)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.funambol.admin.util.WSTools.invoke(WSTools.java:122)
at com.funambol.admin.main.BusinessDelegate.login(BusinessDelegate.java:458)
at com.funambol.admin.main.SyncAdminController.startLogin(SyncAdminController.java:346)
at com.funambol.admin.main.SyncAdminController$ConnectionThread.run(SyncAdminController.java:622)
The administration tool uses SOAP to communicate, and the error means that the request does not have a action command in the HTTP header.
Is the problem the client software? Wireshark helped with the answer. First I needed to verify that what was being sent from both locations was the same. Packet sniffing on the work and PC produced the same result:
POST /funambol/services/admin HTTP/1.0 Content-Type: text/xml; charset=utf-8 Accept: application/soap+xml, application/dime, multipart/related, text/* User-Agent: Axis/1.4 Host: bigsoft.co.uk Cache-Control: no-cache Pragma: no-cache SOAPAction: "" Content-Length: 444 Authorization: Basic ***** <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <login soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <arg0 xsi:type="soapenc:string" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">admin</arg0> </login> </soapenv:Body></soapenv:Envelope>The trace showed a SOAPAction included. The question is what does the server think we are saying? To find this out I need to see the packet arriving on the server. To do this I used a program called tcpdump which is installed by default on almost all unix machines. Running tcpdump on the machine with no parameters just gives information about connections, but I needed the contents of the packet. The special incantation to get this is:
tcpdump -lnX -s 1024 dst port ??Where: -l - Make stdout line buffered -n - Don’t convert addresses -X - Expand packet -s 1024 - Snarf snaplen bytes of data from each packet rather than the default of 68 dst port ?? - Only display packets going to port ?? This produced the output thus:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 1024 bytes
10:30:20.689632 IP work_ip.22620 > bigsoft.co.uk.webcache: S 2161710720:2161710720(0) win 512 <mss 1460>
0x0000: 4500 002c b434 0000 3806 8e73 c30c 1422 E..,.4..8..s..."
0x0010: 576a 118c 585c 1f90 80d9 1680 0000 0000 Wj..X\..........
0x0020: 6002 0200 46bc 0000 0204 05b4 aaaa `...F.........
10:30:20.713939 IP work_ip.22620 > bigsoft.co.uk.webcache: . ack 3824537099 win 7300
0x0000: 4500 0028 b43a 4000 3806 4e71 c30c 1422 E..(.:@.8.Nq..."
0x0010: 576a 118c 585c 1f90 80d9 1681 e3f5 ce0b Wj..X\..........
0x0020: 5010 1c84 91e3 0000 0000 aaaa aaaa P.............
10:30:20.715952 IP work_ip.22620 > bigsoft.co.uk.webcache: P 0:770(770) ack 1 win 7300
0x0000: 4500 032a b43b 4000 3806 4b6e c30c 1422 E..*.;@.8.Kn..."
0x0010: 576a 118c 585c 1f90 80d9 1681 e3f5 ce0b Wj..X\..........
0x0020: 5018 1c84 9979 0000 504f 5354 202f 6675 P....y..POST./fu
0x0030: 6e61 6d62 6f6c 2f73 6572 7669 6365 732f nambol/services/
0x0040: 6164 6d69 6e20 4854 5450 2f31 2e30 0d0a admin.HTTP/1.0..
0x0050: 436f 6e74 656e 742d 5479 7065 3a20 7465 Content-Type:.te
0x0060: 7874 2f78 6d6c 3b20 6368 6172 7365 743d xt/xml;.charset=
0x0070: 7574 662d 380d 0a41 6363 6570 743a 2061 utf-8..Accept:.a
0x0080: 7070 6c69 6361 7469 6f6e 2f73 6f61 702b pplication/soap+
0x0090: 786d 6c2c 2061 7070 6c69 6361 7469 6f6e xml,.application
0x00a0: 2f64 696d 652c 206d 756c 7469 7061 7274 /dime,.multipart
0x00b0: 2f72 656c 6174 6564 2c20 7465 7874 2f2a /related,.text/*
0x00c0: 0d0a 5573 6572 2d41 6765 6e74 3a20 4178 ..User-Agent:.Ax
0x00d0: 6973 2f31 2e34 0d0a 486f 7374 3a20 ???? is/1.4..Host:.??
0x00e0: ???? ???? ???? ???? ???? ???? ???? ???? www.bigsoft.co.u
0x00f0: 6d65 ???? ???? ???? ???? ???? ???? ???? k???????????????
0x0100: 3038 300d 0a43 6163 6865 2d43 6f6e 7472 ???..Cache-Contr
0x0110: 6f6c 3a20 6e6f 2d63 6163 6865 0d0a 5072 ol:.no-cache..Pr
0x0120: 6167 6d61 3a20 6e6f 2d63 6163 6865 0d0a agma:.no-cache..
0x0130: 436f 6e74 656e 742d 4c65 6e67 7468 3a20 Content-Length:.
0x0140: 3434 340d 0a41 7574 686f 7269 7a61 7469 444..Authorizati
0x0150: ???? ???? ???? ???? ???? ???? ???? ???? on:.Basic.??????
0x0160: ???? ???? ???? ???? ???? ???? ???? ???? ??????????....<?
0x0170: 786d 6c20 7665 7273 696f 6e3d 2231 2e30 xml.version="1.0
0x0180: 2220 656e 636f 6469 6e67 3d22 5554 462d ".encoding="UTF-
0x0190: 3822 3f3e 3c73 6f61 7065 6e76 3a45 6e76 8"?><soapenv:Env
0x01a0: 656c 6f70 6520 786d 6c6e 733a 736f 6170 elope.xmlns:soap
0x01b0: 656e 763d 2268 7474 703a 2f2f 7363 6865 env="http://sche
0x01c0: 6d61 732e 786d 6c73 6f61 702e 6f72 672f mas.xmlsoap.org/
0x01d0: 736f 6170 2f65 6e76 656c 6f70 652f 2220 soap/envelope/".
0x01e0: 786d 6c6e 733a 7873 643d 2268 7474 703a xmlns:xsd="http:
0x01f0: 2f2f 7777 772e 7733 2e6f 7267 2f32 3030 //www.w3.org/200
0x0200: 312f 584d 4c53 6368 656d 6122 2078 6d6c 1/XMLSchema".xml
0x0210: 6e73 3a78 7369 3d22 6874 7470 3a2f 2f77 ns:xsi="http://w
0x0220: 7777 2e77 332e 6f72 672f 3230 3031 2f58 ww.w3.org/2001/X
0x0230: 4d4c 5363 6865 6d61 2d69 6e73 7461 6e63 MLSchema-instanc
0x0240: 6522 3e3c 736f 6170 656e 763a 426f 6479 e"><soapenv:Body
0x0250: 3e3c 6c6f 6769 6e20 736f 6170 656e 763a ><login.soapenv:
0x0260: 656e 636f 6469 6e67 5374 796c 653d 2268 encodingStyle="h
0x0270: 7474 703a 2f2f 7363 6865 6d61 732e 786d ttp://schemas.xm
0x0280: 6c73 6f61 702e 6f72 672f 736f 6170 2f65 lsoap.org/soap/e
0x0290: 6e63 6f64 696e 672f 223e 3c61 7267 3020 ncoding/"><arg0.
0x02a0: 7873 693a 7479 7065 3d22 736f 6170 656e xsi:type="soapen
0x02b0: 633a 7374 7269 6e67 2220 786d 6c6e 733a c:string".xmlns:
0x02c0: 736f 6170 656e 633d 2268 7474 703a 2f2f soapenc="http://
0x02d0: 7363 6865 6d61 732e 786d 6c73 6f61 702e schemas.xmlsoap.
0x02e0: 6f72 672f 736f 6170 2f65 6e63 6f64 696e org/soap/encodin
0x02f0: 672f 223e 6164 6d69 6e3c 2f61 7267 303e g/">admin</arg0>
0x0300: 3c2f 6c6f 6769 6e3e 3c2f 736f 6170 656e </login></soapen
0x0310: 763a 426f 6479 3e3c 2f73 6f61 7065 6e76 v:Body></soapenv
0x0320: 3a45 6e76 656c 6f70 653e :Envelope>
10:30:20.750956 IP work_ip.22620 > bigsoft.co.uk.webcache: . ack 810 win 7300
0x0000: 4500 0028 b457 4000 3806 4e54 c30c 1422 E..(.W@.8.NT..."
0x0010: 576a 118c 585c 1f90 80d9 1983 e3f5 d134 Wj..X\.........4
0x0020: 5010 1c84 8bb8 0000 0000 aaaa aaaa P.............
10:30:20.751148 IP work_ip.22620 > bigsoft.co.uk.webcache: F 770:770(0) ack 810 win 7300
0x0000: 4500 0028 b45a 0000 3806 8e51 c30c 1422 E..(.Z..8..Q..."
0x0010: 576a 118c 585c 1f90 80d9 1983 e3f5 d134 Wj..X\.........4
0x0020: 5011 1c84 8bb7 0000 0000 aaaa aaaa P.............
5 packets captured
5 packets received by filter
0 packets dropped by kernel
The SOAPAction header had disappeared in transit from the work location but not from the home location. The question of where it went is a mystery! A quick Google hinted at various proxy caches stripping it away - so that is my next investigation!No feedback yet
Form is loading...