Wireshark-users: Re: [Wireshark-users] nfs attrs

From: Mag Gam <magawake@xxxxxxxxx>
Date: Thu, 18 Feb 2010 21:00:25 -0500
This is great. Is there a filter I can use with wireshark for all the
file/directory accesses? And also, for the filehandle, is there a way
to convert it into more understandable format?

thanks a million guy!



On Thu, Feb 18, 2010 at 8:56 PM, Mag Gam <magawake@xxxxxxxxx> wrote:
> This works, is there a way to reduce the size of my dump? Basically, I
> just want these stats but really not the data.
>
>
> On Thu, Feb 18, 2010 at 8:42 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>>
>> On Feb 18, 2010, at 5:34 PM, Mag Gam wrote:
>>
>>> I am currently doing a tcpdump (tcpdump -i eth1 -w /tmp/out).
>>
>> Try
>>
>>        tcpdump -i eth1 -s 65535 -w /tmp/out
>>
>> instead.  Otherwise, you will be capturing only the first 68 or 96 bytes of the packet, so Wireshark won't be able to see very much of the NFS request or response.
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>