When the EWS is installed on the same machine using the service then all packets will be going to the localhost and will not hit the NIC so will not be captured in a Wireshark packet capture.
Packets sent between services on the same machine (like SOAP and EWS) do not hit the NIC and therefore cannot be captured with the default configuration of Wireshark using the WinPcap packet sniffing library.
Replace WinPcap with Npcap to emulate a loopback NIC for packet capture.
- Go to https://nmap.org/npcap/ for details on the library.
- Download the library installer from https://nmap.org/npcap/#download
- Uninstall WinPcap.
- Install Npcap.
- Npcap will create an adapter named Npcap Loopback Adapter for you. In Wireshark choose this adapter to capture, you will see all loopback traffic the same way as other non-loopback adapters.
- You can test this out by typing in commands like "ping 127.0.0.1" (IPv4) or "ping ::1" (IPv6).