I'm not seeing NFSv4 traffic in a tcpdump capture of traffic with a server [closed]
I captured traffic using tcpdump. I read it thru wireshark(3.4.2). In wireshark I can see Protocol:TCP but not "NFS". In the info, I see nfs(2049) -> 786. But, I don't see any information about OPEN/CLOSE/STAT a file (which is what I am trying to get). I capture using
tcpdump -i eth0 -s0 'host nfsserver' -w nfs.tcpdump
How can I see this info in Wireshark?
Just to see if its a capture vs decode issue, there is a NFSv4 capture (nfsv4.1_pnfs.cap) on the Wireshark wiki. Does it give a proper decode in your Wireshark?
Do you see 786 -> nfs(2049) in the capture?
Yes. I see that. What I did was remove all my settings and now I am able to see NFSv4 protocol! Thanks