rolisz's site

Wireshark and Amazon SWF

Today at work I had to debug our own library which wraps around Amazon SWF and makes it super fun to work with (and which is going to be open source soon).

After lots of "print variable" and head­bash­ing, I realized that the problem must be somewhere else and I needed to sniff the actual traffic.

I used Wireshark for the first time in my life and it took me a while to figure out what exactly do I need to look for.

I needed to see both the requests and the responses from the Amazon server and because the IP of the server Amazon used to respond to my query kept changing, I couldn't filter by IP.

After a while I figured out that I needed to look for the following things:

http contains x-amzn-RequestId || http.request.full_uri contains "http://swf.us-east-1.amazonaws.com/"

The first part is for the response, where Amazon always sends back this custom header, while the second part is for the request, where we can filter by the full_uri (which can be adapted to the region we use, as needed).

Also, to see the actual HTTP traffic, I needed to turn off use_secure in Boto.

In the end, the problem turned out to be that sockets were being kept open even after the program that opened them had been closed (forcibly), and this caused a race condition between the old socket and the new one.

All in all, Wireshark looks like a pretty fun tool :D I saw a loooot of network traffic I didn't know about :-S