• Choose a category
• All
• Classic-Fiction

By Root 546 0

server's successful reply is shown in packet 4. Packet 5 shows the client's request for the port number for RPC program number 100005, Version 1, over TCP (the RPC MOUNT program). The server replies with packet 6 with port=33168. Packets 7 through 9 are TCP hand shaking between our NFS client and the server's mountd. Packet 10 shows the client's call to the server's mountd daemon (which implements the MOUNT program) currently running on port 33168. The client is requesting the list of exported entries. The server replies with packet 12 including the names of the two entries exported. Packets 18 and 19 are similar to packets 5 and 6, except that this time the client is asking for the port number of the MOUNT program version 3 running over UDP. Packet 20 and 21 show the client verifying that version 3 of the MOUNT service is up and running on the server. Finally, the client issues the Mount /export/home request to the server in packet 22, requesting the filehandle of the /export/home path. The server's mountd daemon checks its export list, and determines that the host rome is not present in it and replies to the client with a "Permission Denied" error in packet 23.

The analysis indicates that the "Permission Denied" error returned to the ls command came from the MOUNT request made to the server, not from problems with directory mode bits on the client. Having gathered this information, we study the exported list on the server and quickly notice that the filesystem /export/home is exported only to the host verona:

rome$ showmount -e zeus

export list for zeus:

/export/eng (everyone)

/export/home verona

We could have obtained the same information by inspecting the contents of packet 12, which contains the export list requested during the transaction:

rome# snoop -i /tmp/cap -v -p 10,12

...

Packet 10 arrived at 3:32:47.73

RPC: ----- SUN RPC Header -----

RPC:

RPC: Record Mark: last fragment, length = 40

RPC: Transaction id = 965581102

RPC: Type = 0 (Call)

RPC: RPC version = 2

RPC: Program = 100005 (MOUNT), version = 1, procedure = 5

RPC: Credentials: Flavor = 0 (None), len = 0 bytes

RPC: Verifier : Flavor = 0 (None), len = 0 bytes

RPC:

MOUNT:----- NFS MOUNT -----

MOUNT:

MOUNT:Proc = 5 (Return export list)

MOUNT:

...

Packet 12 arrived at 3:32:47.74

RPC: ----- SUN RPC Header -----

RPC:

RPC: Record Mark: last fragment, length = 92

RPC: Transaction id = 965581102

RPC: Type = 1 (Reply)

RPC: This is a reply to frame 10

RPC: Status = 0 (Accepted)

RPC: Verifier : Flavor = 0 (None), len = 0 bytes

RPC: Accept status = 0 (Success)

RPC:

MOUNT:----- NFS MOUNT -----

MOUNT:

MOUNT:Proc = 5 (Return export list)

MOUNT:Directory = /export/eng

MOUNT:Directory = /export/home

MOUNT: Group = verona

MOUNT:

For simplicity, only the RPC and NFS Mount portions of the packets are shown. Packet 10 is the request for the export list, packet 12 is the reply. Notice that every RPC packet contains the transaction ID (XID), the message type (call or reply), the status of the call, and the credentials. Notice that the RPC header includes the string "This is a reply to frame 10". This is not part of the network packet. Snoop keeps track of the XIDs it has processed and attempts to match calls with replies and retransmissions. This feature comes in very handy during debugging. The Mount portion of packet 12 shows the list of directories exported and the group of hosts to which they are exported. In this case, we can see that /export/home was only exported with access rights to the host verona. The problem can be fixed by adding the host rome to the export list on the server.

Useful filters

Information is most useful when it can be organized into categories and noise can be filtered and ignored. snoop provides powerful capture filters that allow you to collect only the kind of information you are interested in. The following list of snoop filters is useful when capturing NFS-related traffic. snoop provides very nice NFS and RPC level debugging features. The logical and, or, and not operators can be used on filters to