I am trying to debug a little SOAP issue. I am using a java web app to consume an API over a VPN. ping and telnet on the webservice server are fine.The Environment is aws ec2 for my app. I have no clue of system used on the other side
the command below doesn't show the request packet but rather the response from IP
sudo tcpdump -nnvvv port 9090
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:17:36.888448 IP (tos 0x0, ttl 252, id 60101, offset 0, flags [DF], proto TCP (6), length 60)
10.10.0.10.9090 > 192.168.254.17.37950: Flags [S.], cksum 0xd7d0 (correct), seq 742479247, ack 3287685991, win 4164, options [mss 1388,nop,nop,TS val 3518147694 ecr 1039206094,sackOK,eol], length 0
16:17:39.755471 IP (tos 0x0, ttl 252, id 60182, offset 0, flags [DF], proto TCP (6), length 52)
10.10.0.10.9090 > 192.168.254.17.37950: Flags [.], cksum 0xf53c (correct), seq 1, ack 8, win 4171, options [nop,nop,TS val 3518150562 ecr 1039206811], length 0
16:17:39.757330 IP (tos 0x0, ttl 252, id 60183, offset 0, flags [DF], proto TCP (6), length 1021)
10.10.0.10.9090 > 192.168.254.17.37950: Flags [P.], cksum 0x92df (correct), seq 1:970, ack 8, win 4171, options [nop,nop,TS val 3518150563 ecr 1039206811], length 969
16:17:39.757370 IP (tos 0x0, ttl 252, id 60186, offset 0, flags [DF], proto TCP (6), length 52)
I am expecting to see the part :
192.168.254.17.8080 > 10.10.0.10.9090
I have tried all sort of combinations found online:
tcpdump -A -s 0 'tcp port 9-9- and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tcpdump -A -s 0 'src 192.168.254.17 and tcp portrange > 9090 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
Even pinging doesn't show echo request but echo reply. Very Weird. Is there anything I left out?
