tricks

pktt on a filer can capture for all network interfaces on a head. In order to quickly determine which have relevant data, we can use xargs:

KinMage:csiqa-6080-15 thomas$ ls -1 *021* | xargs -I {} -t tshark -R nfs -r {}
tshark -R nfs -r e0a_20101021_090354.trc
tshark -R nfs -r e0b_20101021_090354.trc
tshark -R nfs -r e0c_20101021_090354.trc
tshark -R nfs -r e0d_20101021_090354.trc
tshark -R nfs -r e0e_20101021_090354.trc
122   0.265844 10.227.74.89 -> 10.227.67.203 NFS V4 COMPOUND Call <EMPTY> PUTFH;CLOSE;GETATTR
123   0.267673 10.227.67.203 -> 10.227.74.89 NFS V4 COMPOUND Reply (Call In 122) <EMPTY> PUTFH;CLOSE
tshark -R nfs -r e0f_20101021_090354.trc
tshark -R nfs -r e4a_20101021_090354.trc
tshark -R nfs -r lo_20101021_090354.trc
tshark -R nfs -r losk_20101021_090354.trc
KinMage:csiqa-6080-15 thomas$ cd ../csiqa-6080-16/
KinMage:csiqa-6080-16 thomas$ ls -1 *021* | xargs -I {} -t tshark -R nfs -r {}
tshark -R nfs -r e0a_20101021_090347.trc
tshark -R nfs -r e0b_20101021_090347.trc
tshark -R nfs -r e0c_20101021_090347.trc
tshark -R nfs -r e0d_20101021_090347.trc
tshark -R nfs -r e4a_20101021_090347.trc
tshark -R nfs -r lo_20101021_090347.trc
tshark -R nfs -r losk_20101021_090347.trc

So we see the first head saw NFS traffic on e0e, but the second saw none.

[thomas@godwit ~]> tshark -R nfs -r e4a_20101020_223437.trc
9   1.020806 10.225.212.66 -> 10.225.212.116 NFS V4 NULL Call
10   1.020972 10.225.212.116 -> 10.225.212.66 NFS V4 NULL Reply (Call In 9)