At Swoop we use Redis extensively for caching, message processing and analytics. The Redis documentation can be pithy at times and recently I found myself wanting to look in more depth at the Redis wire protocol. Getting everything set up the right way took some time and, hopefully, this blog post can save you that hassle.
Redis MONITOR
The Redis logs do not include the commands that the database is executing but you can see them via the MONITOR command. As a habit, during development I run redis-cli MONITOR in a terminal window to see what’s going on.
Getting set up with WireShark
While normally we’d use a debugging proxy such as Charles to look at traffic in a Web application, here we need a real network protocol analyzer because Redis uses a TCP-based binary protocol. My go-to tool is WireShark because it is free, powerful and highly customizable (including Lua scriptable). The price for all this is dealing with an X11 interface from the last century and the expectation that you passed your Certified Network Engineer exams with flying colors.
To get going:
- WireShark needs X11. Since even Mac OS X stopped shipping X11 by default with Mountain Lion, you’ll most likely want to grab a copy, e.g., XQuartz for OS X or Xming for Windows.
- Download and install WireShark.
- Start WireShark. If you see nothing, it may be because the app shows as a window associated with the X11 server process. Look for that and you’ll find the main application window.
Redis protocol monitoring
WireShark’s plugin architecture allows it to understand dozens of network protocols. Luckily for us, jzwinck has written a Redis protocol plugin. It doesn’t come with WireShark by default so you’ll need to install it. Run the following:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir ~/.wireshark/plugins && cd ~/.wireshark/plugins && curl -O https://raw.github.com/jzwinck/redis-wireshark/master/redis-wireshark.lua |
If WireShark is running, restart it to pick up the Redis plugin.
Now let’s monitor the traffic to a default Redis installation (port 6379) on your machine. In WireShark, you’ll have to select the loopback interface.
To reduce the noise, filter capture to TCP packets on port 6379. If you need more sophisticated filtering, consult the docs.
Once you start capture, it’s time to send some Redis commands. I’ll use the Ruby console for that.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1.9.3p392 :001 > r = Redis.new | |
| => #<Redis client v3.0.4 for redis://127.0.0.1:6379/0> | |
| 1.9.3p392 :002 > r.set("key:5", "\xad\xad") | |
| => "OK" | |
| 1.9.3p392 :003 > r.get("key:5") | |
| => "\xAD\xAD" |
This will generate the following output from the MONITOR command:
1999[~]$ redis-cli MONITOR OK 1369526925.306016 [0 127.0.0.1:55023] "set" "key:5" "\xad\xad" 1369526927.497785 [0 127.0.0.1:55023] "get" "key:5"
In WireShark you’ll be able to see the binary data moving between the client and Redis with the benefit of the command and its parameters clearly visible.
Check out the time between request and response. Redis is fast!
Thanks for the article, just note for someone who may wonder, why the lua plugin does not get loaded and shown in Help / About / Plugins – install your Wireshark with Lua support: `brew install –with-lua wireshark`. Another problem is that the dissector does not handle properly TCP fragmentation: http://stackoverflow.com/questions/15630725/is-there-any-good-redis-dissector-for-wireshark
Pingback: Monitoring Redis with MONITOR and WireShark - FrontFluence