From owner-freebsd-net  Tue Feb 22  2:48:34 2000
Delivered-To: freebsd-net@freebsd.org
Received: from lanturn.express.ru (lanturn.kmost.express.ru [212.24.37.109])
	by hub.freebsd.org (Postfix) with ESMTP id 2913037B58C
	for <freebsd-net@freebsd.org>; Tue, 22 Feb 2000 02:48:28 -0800 (PST)
	(envelope-from vova@express.ru)
Received: from vova (helo=localhost)
	by lanturn.express.ru with local-esmtp (Exim 3.11 #1)
	id 12NCsy-000Oxp-00; Tue, 22 Feb 2000 13:49:44 +0300
Date: Tue, 22 Feb 2000 13:49:43 +0300 (MSK)
From: "Vladimir B. Grebenschikov" <vova@express.ru>
X-Sender: vova@lanturn.kmost.express.ru
To: Wim Livens <livensw@rc.bel.alcatel.be>
Cc: freebsd-net@freebsd.org
Subject: Re: tcpdump and nfs packets
In-Reply-To: <20000222102620.M290@rc.bel.alcatel.be>
Message-ID: <Pine.BSF.4.21.0002221346540.95945-100000@lanturn.kmost.express.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 22 Feb 2000, Wim Livens wrote:

> > I want to audit my nfs traffic but don't know how to do it. 
> 
> I think 'ethereal' can do this. 

No :(

It shows even less than tcpdump (tcpdump shows nsfs operation like
write/read, but ethereal not). 

In sources of tcpdump I found resolution of filesnames/inode
of operation, but there is no switch case for FreeBSD filehandle
onle for brand unixes, so tcpdump simple drop additional data and 
does not show it.

 
> -- Wim Livens.

--
TSB Russian Express, Moscow
Vladimir B. Grebenschikov, vova@express.ru



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message