Project

General

Profile

Actions

Bug #5140

open

nfs: NFS3/NFS2 procedure conflict

Added by Sam Muhammed 7 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

an NFS2 procedure "STATFS" is being logged as an NFS3 "READDIRPLUS"
since both have the same proc_num: 17 but no distinguished proc_name for NFS2

{"flow_id":397357320141328,"pcap_cnt":12,"event_type":"nfs","src_ip":"139.25.22.102","src_port":2049,"dest_ip":"139.25.22.2","dest_port":1023,"proto":"UDP","rpc":{"xid":1578961813,"status":"ACCEPTED","auth_type":"UNIX","creds":{"machine_name":"werrmsche","uid":0,"gid":0}},"nfs":{"version":2,"procedure":"READDIRPLUS","filename":"","id":2,"file_tx":false,"type":"response","status":"OK"}}

Pcap file: nfsv2.pcap | https://redmine.openinfosecfoundation.org/issues/3277


Files

Screenshot from 2022-02-21 17-08-48.png (59.6 KB) Screenshot from 2022-02-21 17-08-48.png wireshark - original nfs2 pcap STATFS record Sam Muhammed, 02/21/2022 03:09 PM

No data to display

Actions

Also available in: Atom PDF