The output format consists of 8 vertical-bar-separated fields:
timestamp | execution-time | server | client | command-name | arguments | reply-data
where
timestamp
is the time the reply message was received,
execution-time
is the time (in microseconds) that elapsed between the call and reply,
server
is the name (or IP address) of the server,
client
is the name (or IP address) of the client followed by the userid that
issued the command,
command-name
is the name of the particular program invoked
(read, write, getattr,
etc.), and
arguments
and
reply-data
are the command dependent arguments and return values passed to and
from the RPC program, respectively. For a complete grammar, see the
nfstrace yacc file.
Normally, rpcspy just runs until interrupted; if the -t secs argument is specified the program terminates after secs seconds.
The name if the Ethernet interface to monitor can be specified with the -i flag.
File handles are emitted as hexadecimal strings. A default file handle size (in bytes) can be specified with the -h flag. If the handle size is 0 (the default), a guess is made on a case-by-case basis. Handle sizes can be restricted to a particular server by specifying -h host:bytes. Arbitrarily many -h flags can be given to allow for multiple handle sizes on the same network.
The -s flag can be used to specify a suffix that is removed from the host names before they are emitted. This is useful if your name server always returns fully-qualified host names for your local network. The default is "Princeton.EDU", which is probably not what you want.
If the -c flag is given, the output is more concise, with the arguments and reply data omitted. This is mainly useful if you are feeding the output to an NFS statistics collection script.
Note that the program must run as root for the NIT version. For the ULTRIX version, the user must be root or the packetfilter interface must be configured to allow promiscuous mode and copy-all mode. It's probably not safe to install rpcspy as a setuid program.
It's easy to break the program by specifying completely bogus command line arguments.
Timestamps are sometimes wrong on the NIT version, and are at best approximate in any case.
The packetfilter version changes the state of the filter flags when run as root.
The file handle size guessing algorithm is an ugly hack.
It should be easier to add other RPC services.