RPCSPY

Section: Maintenance Commands (8)
Updated:
Index Return to Main Contents
 

NAME

rpcspy  

SYNOPSIS

rpcspy [ -t secs ] [ -h bytes ] [ -h host:bytes ] [ -i interface ] [ -s suffix ] [ -c ]  

DESCRIPTION

rpcspy produces a trace of low level NFS commands by monitoring Ethernet traffic. Its main purpose is to provide input to the nfstrace(8) program, although it can be used by itself to get a snapshot of low-level NFS traffic.

The output format consists of 8 vertical-bar-separated fields:
timestamp | execution-time | server | client | command-name | arguments | reply-data
where timestamp is the time the reply message was received, execution-time is the time (in microseconds) that elapsed between the call and reply, server is the name (or IP address) of the server, client is the name (or IP address) of the client followed by the userid that issued the command, command-name is the name of the particular program invoked (read, write, getattr, etc.), and arguments and reply-data are the command dependent arguments and return values passed to and from the RPC program, respectively. For a complete grammar, see the nfstrace yacc file.

Normally, rpcspy just runs until interrupted; if the -t secs argument is specified the program terminates after secs seconds.

The name if the Ethernet interface to monitor can be specified with the -i flag.

File handles are emitted as hexadecimal strings. A default file handle size (in bytes) can be specified with the -h flag. If the handle size is 0 (the default), a guess is made on a case-by-case basis. Handle sizes can be restricted to a particular server by specifying -h host:bytes. Arbitrarily many -h flags can be given to allow for multiple handle sizes on the same network.

The -s flag can be used to specify a suffix that is removed from the host names before they are emitted. This is useful if your name server always returns fully-qualified host names for your local network. The default is "Princeton.EDU", which is probably not what you want.

If the -c flag is given, the output is more concise, with the arguments and reply data omitted. This is mainly useful if you are feeding the output to an NFS statistics collection script.

Note that the program must run as root for the NIT version. For the ULTRIX version, the user must be root or the packetfilter interface must be configured to allow promiscuous mode and copy-all mode. It's probably not safe to install rpcspy as a setuid program.  

FILES

/dev/nit (for the SunOS version)
/dev/pf/* (for the ULTRIX Packetfilter version)  

SEE ALSO

nfstrace(8), nit(4), packetfilter(4)  

BUGS

Not all the NFS commands have complete output. Really, it's just enough for nfstrace(8) to work with. There should be more control over the level of detail.

It's easy to break the program by specifying completely bogus command line arguments.

Timestamps are sometimes wrong on the NIT version, and are at best approximate in any case.

The packetfilter version changes the state of the filter flags when run as root.

The file handle size guessing algorithm is an ugly hack.

It should be easier to add other RPC services.  

AUTHOR

Matt Blaze, mab@cs.princeton.edu


 

Index

NAME
SYNOPSIS
DESCRIPTION
FILES
SEE ALSO
BUGS
AUTHOR

This document was created by man2html, using the manual pages.
Time: 12:55:57 GMT, November 04, 2024