Listening to NFS
This was one of series of experiments with tcpdump conducted on our small
"made up" internet. The main purpose of this test was to demonstrate
the possiblity to use tcpdump to capture packets going between a client and a
server running Network File System (NFS). Before you delve into how the experiment was conducted, please take a look at the
below figure on how the NFS was set up on the machines.
Server ( larry )
Client ( moe )
The /tmp directory on larry is now accessed
as the /home/lakov directory on moe
The previous command:
mount -t nfs larry:/tmp /home/lakov
has three parts:
1. -t option is the client part. It indicates file type and has to be understood by the NFS client only. This means, it depends on the client host and is documented in the client's documentation.
2. larry:/tmp is the server part. The syntax depends on the server's file system. Refer to the documentation of the NFS server to know what parameters it will accept.
3. /home/lakov is a client part and is called the mount point, that is, where the remote file system will be hooked on the local file system.
The umount command removes the remote file system from the local file hierachy. Following the example above:
umount /home/tmp
will remove the /home/tmp directory.
Notice:
To execute above commands successfully, you must have root access and your NFS has been properly installed. Once you have NFS installed, if you need to export the system to serve as a NFS server, you need to edit the /etc/exports, which is the file that contains information about the directories the server exports to its NFS clients. For example, the "exports" file on larry contains this line: /tmp moe(rw), which means to export /tmp directory on larry to domain moe with read and write access previlige.