While snoop and tcpdump are designed as multipurpose network monitoring
utilities, nfstrace is primarily devoted to monitoring NFS traffic on the
network.
nfstrace was developed by Matt Blaze of Princeton University to be
used as a portable toolkit for the creation of NFS trace data. The trace
data may be analyzed
to produce a plausible set of client system calls corresponding to
the network activity, or may also be used as a representation of network
activity for
experimentation purposes like testing cache efficiency. nfstrace is
interesting in that it attempts to reconstruct NFS activity into its higher
level of computer
instructions. The usefulness of this information is limited, however,
due to the fact that nfstrace must do postmortem analysis of all its data
instead of on-the-fly and
it provides no pathname information related to the files being remotely
accessed. nfstrace is mainly concerned general trace specific behavior
and leaves a lot to be
seen about actual file transactions