This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Get full NFS path/filename for object

0

When analyzing wireshark data, none of the NFS path/filenames are available even after selecting the option to show full path and file name. How can I see the full NFS path and file name that was accessed? Please advise.

Additional data. NFS v3, source data is on NetApp running Ontap 7.1.x; wireshark capturing NFS data on port 2049 from Linux SLES10 client (autofs). I can see all access,getattr,setattr, etc. i need to figure out how to see each NFS path/filename (full path & file name)

Thanks

asked 09 Oct '10, 09:53

debugme's gravatar image

debugme
6336
accept rate: 0%

edited 09 Oct '10, 09:57


One Answer:

1

You can only see the full pathname for a file if:

  • for a request that includes a file name (LOOKUP, REMOVE, RENAME, CREATE, etc.), replies that provide the file names of all directories in the path of the directory in which that request was done appear in the capture before the request in question;

  • for a request that includes only a file handle (ACCESS, GETATTR, SETATTR, etc.), replies that provide the file names of all those directories and the file to which the file handle refers appear in the capture appear in the capture before the request in question.

In general, there's no guarantee that you can see the full path name - or even just the file name - corresponding to a given file handle in an arbitrary capture. That's just how NFS works.

answered 10 Oct '10, 13:50

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

edited 10 Oct '10, 13:51