I'm not seeing NFSv4 traffic in a tcpdump capture of traffic with a server [closed]

asked 2020-12-21 18:52:30 +0000

uragnorson gravatar image

updated 2020-12-21 21:00:20 +0000

Guy Harris gravatar image

I captured traffic using tcpdump. I read it thru wireshark(3.4.2). In wireshark I can see Protocol:TCP but not "NFS". In the info, I see nfs(2049) -> 786. But, I don't see any information about OPEN/CLOSE/STAT a file (which is what I am trying to get). I capture using

tcpdump -i eth0 -s0 'host nfsserver' -w nfs.tcpdump

How can I see this info in Wireshark?

edit retag flag offensive reopen merge delete

Closed for the following reason duplicate question by uragnorson
close date 2020-12-22 14:33:10.695891

Comments

Just to see if its a capture vs decode issue, there is a NFSv4 capture (nfsv4.1_pnfs.cap) on the Wireshark wiki. Does it give a proper decode in your Wireshark?

Chuckc gravatar imageChuckc ( 2020-12-21 19:21:26 +0000 )edit

Do you see 786 -> nfs(2049) in the capture?

Guy Harris gravatar imageGuy Harris ( 2020-12-21 21:00:53 +0000 )edit

Yes. I see that. What I did was remove all my settings and now I am able to see NFSv4 protocol! Thanks

uragnorson gravatar imageuragnorson ( 2020-12-22 14:32:31 +0000 )edit