Does anyone know of any good tools to snoop NFS traffic? I'm looking for something better than snoop or tcpdump that caches lookups and decodes file names, etc.
- Dan
Does anyone know of any good tools to snoop NFS traffic? I'm looking for something better than snoop or tcpdump that caches lookups and decodes file names, etc.
There's a tool called nfswatch floating around thet net. I haven't touched it in ages, and don't know it's current status.
Matt Blaze wrote some NFS analysis tools that snooped NFS packets and tried to infer the likely series of UNIX system calls that would have generated them. For instance, if the tool saw packets like this:
fh = LOOKUP(dirfh, "foo") SETATTR(size=0) WRITE(fh) WRITE(fh) WRITE(fh)
it would infer that the user had probably done an
open("foo", O_TRUCK); write();
on an existing file.
He wrote a USENIX paper on some of the stuff he discovered using these tools several years ago, I think when he was still a grad student at Princeton, but I don't know if they are still available on the net anywhere now.
Dave
-
Daniel Quinlan -
hitz@netapp.com