Date: Mon, 24 Sep 2007 12:07:40 +0200 From: Albert Shih <Albert.Shih@obspm.fr> To: Martin Alejandro Paredes Sanchez <mapsware@prodigy.net.mx> Cc: Le Cocq Michel <Michel.Lecocq@lipn.univ-paris13.fr>, freebsd-questions@freebsd.org Subject: Re: How to know who use NFS. Message-ID: <20070924100740.GE41149@pcjas.obspm.fr> In-Reply-To: <200709230027.15813.mapsware@prodigy.net.mx> References: <20070920172428.GA90565@pcjas.obspm.fr> <20070921185934.GI7562@dan.emsphone.com> <20070921201756.GB85057@pcjas.obspm.fr> <200709230027.15813.mapsware@prodigy.net.mx>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 23/09/2007 à 00:27:15-0700, Martin Alejandro Paredes Sanchez a écrit
> El Vie 21 Sep 2007, Albert Shih escribió:
> > Le 21/09/2007 à 13:59:35-0500, Dan Nelson a écrit
> > > In the last episode (Sep 21), Le Cocq Michel said:
> > > > Albert Shih a écrit :
> > > > > How can I known at un precise moment who charge my NFS server (I'm
> > > > > root in both side : client and server).
> > > >
> > > > With some info student it also happen some times in here, and the way i
> > > > find is to launch a tcpdum or ethereal on the server and look at which
> > > > ip appear the more often
> > >
> > > I think ethereal/wireshark is your best bet too. At least with it you
> > > can filter on the userid making an NFS request (it's rpc.auth.uid).
> > > Unfortunately it doesn't look like there's a summary or analysis option
> > > for NFS, so you'll have to count packets maually...
> >
> > But my problem is the NFS traffic is heavy in standard time, and wireshark
> > or tcpdump give my lot of lot of data.
> >
Thanks
>
> Use the force luke
>
I like this ;-)
> You only need 100 packets (you may decide to increase) that are directed to
> your server, to the NFS daemon.
>
> tcpdump -c 100 -nq dst port nfs and dst host $HOST
>
> You don't need to interpret this info, you need to know who is originating the
> traffic, lets extract the ip that are originating the traffic
>
> nawk 'BEGIN {FS="[ .]"; OFS="."} {print $4,$5,$6,$7}'
>
> But, who generate more traffic?
> Lets count how many packets are originating each one of those ip
>
> nawk '{packets[$1]++} END{for (ip in packets){print packets[ip], ip}}'
>
> And order it
>
> sort -rn
>
> Use pipes to connect all the commands, if this situation is very common,
> create a shell.
Thanks again.
>
> HTH
I think so.
Regards.
--
Albert SHIH
Observatoire de Paris Meudon
SIO batiment 15
Heure local/Local time:
Lun 24 sep 2007 12:01:11 CEST
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070924100740.GE41149>