From owner-freebsd-questions@FreeBSD.ORG Mon Sep 24 10:07:42 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 64E2E16A420 for ; Mon, 24 Sep 2007 10:07:42 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mesiob.obspm.fr (mesiob.obspm.fr [145.238.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id E2DFC13C45B for ; Mon, 24 Sep 2007 10:07:41 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from localhost (pcjas.obspm.fr [145.238.2.126]) by mesiob.obspm.fr (8.13.4/8.13.4/SIO Observatoire de Paris) with ESMTP id l8OA7ewx030917; Mon, 24 Sep 2007 12:07:40 +0200 Date: Mon, 24 Sep 2007 12:07:40 +0200 From: Albert Shih To: Martin Alejandro Paredes Sanchez Message-ID: <20070924100740.GE41149@pcjas.obspm.fr> References: <20070920172428.GA90565@pcjas.obspm.fr> <20070921185934.GI7562@dan.emsphone.com> <20070921201756.GB85057@pcjas.obspm.fr> <200709230027.15813.mapsware@prodigy.net.mx> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200709230027.15813.mapsware@prodigy.net.mx> User-Agent: Mutt/1.5.16 (2007-06-09) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mesiob.obspm.fr [145.238.2.2]); Mon, 24 Sep 2007 12:07:40 +0200 (CEST) X-Virus-Scanned: ClamAV version 0.91.2, clamav-milter version 0.91.2 on mesiob.obspm.fr X-Virus-Status: Clean Cc: Le Cocq Michel , freebsd-questions@freebsd.org Subject: Re: How to know who use NFS. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Sep 2007 10:07:42 -0000 Le 23/09/2007 à 00:27:15-0700, Martin Alejandro Paredes Sanchez a écrit > El Vie 21 Sep 2007, Albert Shih escribió: > > Le 21/09/2007 à 13:59:35-0500, Dan Nelson a écrit > > > In the last episode (Sep 21), Le Cocq Michel said: > > > > Albert Shih a écrit : > > > > > How can I known at un precise moment who charge my NFS server (I'm > > > > > root in both side : client and server). > > > > > > > > With some info student it also happen some times in here, and the way i > > > > find is to launch a tcpdum or ethereal on the server and look at which > > > > ip appear the more often > > > > > > I think ethereal/wireshark is your best bet too. At least with it you > > > can filter on the userid making an NFS request (it's rpc.auth.uid). > > > Unfortunately it doesn't look like there's a summary or analysis option > > > for NFS, so you'll have to count packets maually... > > > > But my problem is the NFS traffic is heavy in standard time, and wireshark > > or tcpdump give my lot of lot of data. > > Thanks > > Use the force luke > I like this ;-) > You only need 100 packets (you may decide to increase) that are directed to > your server, to the NFS daemon. > > tcpdump -c 100 -nq dst port nfs and dst host $HOST > > You don't need to interpret this info, you need to know who is originating the > traffic, lets extract the ip that are originating the traffic > > nawk 'BEGIN {FS="[ .]"; OFS="."} {print $4,$5,$6,$7}' > > But, who generate more traffic? > Lets count how many packets are originating each one of those ip > > nawk '{packets[$1]++} END{for (ip in packets){print packets[ip], ip}}' > > And order it > > sort -rn > > Use pipes to connect all the commands, if this situation is very common, > create a shell. Thanks again. > > HTH I think so. Regards. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Heure local/Local time: Lun 24 sep 2007 12:01:11 CEST