Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 23 Sep 2007 00:27:15 -0700
From:      Martin Alejandro Paredes Sanchez <mapsware@prodigy.net.mx>
To:        freebsd-questions@freebsd.org
Cc:        Le Cocq Michel <Michel.Lecocq@lipn.univ-paris13.fr>, Albert.Shih@obspm.fr
Subject:   Re: How to know who use NFS.
Message-ID:  <200709230027.15813.mapsware@prodigy.net.mx>
In-Reply-To: <20070921201756.GB85057@pcjas.obspm.fr>
References:  <20070920172428.GA90565@pcjas.obspm.fr> <20070921185934.GI7562@dan.emsphone.com> <20070921201756.GB85057@pcjas.obspm.fr>
next in thread | previous in thread | raw e-mail | index | archive | help 
El Vie 21 Sep 2007, Albert Shih escribi=F3:
>  Le 21/09/2007 =E0 13:59:35-0500, Dan Nelson a =E9crit
> > In the last episode (Sep 21), Le Cocq Michel said:
> > > Albert Shih a =E9crit :
> > > > How can I known at un precise moment who charge my NFS server (I'm
> > > > root in both side : client and server).
> > >=20
> > > With some info student it also happen some times in here, and the way=
 i=20
> > > find is to launch a tcpdum or ethereal on the server and look at which
> > > ip appear the more often
> >=20
> > I think ethereal/wireshark is your best bet too.  At least with it you=
=20
> > can filter on the userid making an NFS request (it's rpc.auth.uid).
> > Unfortunately it doesn't look like there's a summary or analysis option
> > for NFS, so you'll have to count packets maually...
>=20
> But my problem is the NFS traffic is heavy in standard time, and wireshar=
k=20
> or tcpdump give my lot of lot of data.
>

Use the force luke

You only need 100 packets (you may decide to increase) that are directed to=
=20
your server, to the NFS daemon.

tcpdump -c 100 -nq dst port nfs and dst host $HOST

You don't need to interpret this info, you need to know who is originating =
the=20
traffic, lets extract the ip that are originating the traffic

nawk 'BEGIN {FS=3D"[ .]"; OFS=3D"."} {print $4,$5,$6,$7}'

But, who generate more traffic?
Lets count how many packets are originating each one of those ip

nawk '{packets[$1]++} END{for (ip in packets){print packets[ip], ip}}'

And order it

sort -rn

Use pipes to connect all the commands, if this situation is very common,=20
create a shell.

HTH
maps

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709230027.15813.mapsware>