Monitoring Redis with MONITOR and WireShark

At Swoop we use Redis extensively for caching, message processing and analytics. The Redis documentation can be pithy at times and recently I found myself wanting to look in more depth at the Redis wire protocol. Getting everything set up the right way took some time and, hopefully, this blog post can save you that hassle.


The Redis logs do not include the commands that the database is executing but you can see them via the MONITOR command. As a habit, during development I run redis-cli MONITOR in a terminal window to see what’s going on.

Getting set up with WireShark

While normally we’d use a debugging proxy such as Charles to look at traffic in a Web application, here we need a real network protocol analyzer because Redis uses a TCP-based binary protocol. My go-to tool is WireShark because it is free, powerful and highly customizable (including Lua scriptable). The price for all this is dealing with an X11 interface from the last century and the expectation that you passed your Certified Network Engineer exams with flying colors.

To get going:

  1. WireShark needs X11. Since even Mac OS X stopped shipping X11 by default with Mountain Lion, you’ll most likely want to grab a copy, e.g., XQuartz for OS X or Xming for Windows.
  2. Download and install WireShark.
  3. Start WireShark. If you see nothing, it may be because the app shows as a window associated with the X11 server process. Look for that and you’ll find the main application window.

Redis protocol monitoring

WireShark’s plugin architecture allows it to understand dozens of network protocols. Luckily for us, jzwinck has written a Redis protocol plugin. It doesn’t come with WireShark by default so you’ll need to install it. Run the following:

mkdir ~/.wireshark/plugins && cd ~/.wireshark/plugins && curl -O

view raw

hosted with ❤ by GitHub

If WireShark is running, restart it to pick up the Redis plugin.

Now let’s monitor the traffic to a default Redis installation (port 6379) on your machine. In WireShark, you’ll have to select the loopback interface.

wireshark-startTo reduce the noise, filter capture to TCP packets on port 6379. If you need more sophisticated filtering, consult the docs.


Once you start capture, it’s time to send some Redis commands. I’ll use the Ruby console for that.

1.9.3p392 :001 > r =
=> #<Redis client v3.0.4 for redis://>
1.9.3p392 :002 > r.set("key:5", "\xad\xad")
=> "OK"
1.9.3p392 :003 > r.get("key:5")
=> "\xAD\xAD"

view raw


hosted with ❤ by GitHub

This will generate the following output from the MONITOR command:

1999[~]$ redis-cli MONITOR
1369526925.306016 [0] "set" "key:5" "\xad\xad"
1369526927.497785 [0] "get" "key:5"

In WireShark you’ll be able to see the binary data moving between the client and Redis with the benefit of the command and its parameters clearly visible.


Check out the time between request and response. Redis is fast!

About Simeon Simeonov

Entrepreneur. Investor. Trusted advisor.
This entry was posted in Software Development and tagged , , , , , . Bookmark the permalink.

2 Responses to Monitoring Redis with MONITOR and WireShark

  1. Thanks for the article, just note for someone who may wonder, why the lua plugin does not get loaded and shown in Help / About / Plugins – install your Wireshark with Lua support: `brew install –with-lua wireshark`. Another problem is that the dissector does not handle properly TCP fragmentation:

  2. Pingback: Monitoring Redis with MONITOR and WireShark - FrontFluence

Leave a Reply