I would like to know how can I find some specific NFS server error using tcpdump analysis with wireshark. I am specifically interested in finding if the NFS server is returning NFS3ERR_BADHANDLE = 10001 or NFS3ERR_IO = 5 when issuing a read request. I am also unable to "follow tcp stream" for a NFS READ request to see what the server returned for that request. Sorry, for a newbie kind of question. asked 15 Feb '14, 07:01  sumit |
One Answer:
Did you try this filter: You can also add nfs.status / nfs.nfsstat3 as a column and sort on the column ... answered 15 Feb '14, 09:34  mrEEde edited 15 Feb '14, 09:35 |
Thank you for your help. I had tried looking up using the filter nfs.status == 10001 or nfs.status == 5, but not got any results. So I deduced that there is no such error being reported back.
Following your suggestion I also added nfs.status, nfs.status2 and nfs.status3 columns to the display. However, those columns report nothing.
Assuming that your capture actually contains nfs frames, if you get "nothing" (i.e., blank ?) for nfs.status, then I'd say something is not right since I would expect that there would almost always be an nfs.status field for "server replies".
Do you see "status" fields in the dissection detail pane for any of the replies from the server ?
The issue turned out to be that network admin did not capture tcpdump correctly with "host" option but did so, with only dst option :-)
As soon as I followed your advice on adding status to display fields and saw it blank, I figured that. Thanks a ton!