Inspecting Network Traces for Applications Using Directed Discovery
Any network packet analyzer that can display raw packets can be used to inspect HTTP metadata exchange requests. Microsoft Network Monitor 3 (Netmon) is recommended. For more information about Netmon, see Downloading Netmon and Sample DPWS Filters.
To inspect network traces for directed discovery
Configure the host and client to run across the network (that is, make sure that the host and client will operate on different machines).
Install the packet analyzer (Netmon) on either the client or the host.
Configure the packet analyzer to capture traffic on the network adapter connecting the host and the client.
Reproduce the failure by starting the host and client or by pressing F5 in the Network Explorer.
Filter the results to isolate WS-Discovery and metadata exchange traffic. To view sample Netmon filters, see Downloading Netmon and Sample DPWS Filters.
Note
This step is optional.
Verify that messages sent between client and host meet basic traffic requirements.
Verifying that messages meet traffic requirements
WSDAPI clients and hosts must send messages that conform to the following criteria. For general information about message patterns, see Discovery and Metadata Exchange Message Patterns.
- Probe messages must be sent by HTTP or HTTPS, usually to port 5357 or 5358.
- The Types element of a Probe message must be present and must not be empty. It must contain the types to which a host will respond.
- A ProbeMatches message must be sent to the HTTP or HTTPS port from which the Probe was sent.
- The RelatesTo element of a ProbeMatches message must be present and must not be empty. Its value must match the value of the MessageId element from the corresponding Probe message.
- If an XAddrs element was included in the ProbeMatches message, the supplied transport addresses must be validated. For more information, see XAddr Validation Rules.
- A ProbeMatches message must be sent within 4 seconds of the corresponding Probe message. The Windows Firewall may drop a ProbeMatches message sent more than 4 seconds after a Probe message.
- If no XAddrs element was included in the ProbeMatches message, and the client or host will send an HTTP message (such as a Get metadata exchange request or a service message), then the client or host must send a Resolve message by HTTP or HTTPS. This message is usually sent to port 5357 or 5358.
- If a Resolve message is sent, then a ResolveMatches message must be sent to the HTTP or HTTPS port from which the Resolve message was sent.
- A ResolveMatches message must be sent within 4 seconds of the corresponding Resolve message. The Windows Firewall may drop a ResolveMatchesmessage sent more than 4 seconds after a Resolve message.
If the messages sent by the program do not conform to these message requirements, the cause of the problem has been successfully identified and no further troubleshooting steps are necessary. Rewrite the program so that it generates conformant messages and retest the program.
If the source of the problem still cannot be identified, contact Microsoft support for assistance. Before contacting support, collect the appropriate log files to help identify the root cause of the problem. For more information, see Enabling WSDAPI Tracing.
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for