Redis packet capture analysis

Time:2020-9-29

Front desk command

sudo tcpdump -i eth0 tcp and port 6379 -n -nn -s0 -tttt -w redis.cap

Background command

sudo  tcpdump -i eth0 -n -nn -s0 -C50 -W 400 tcp and port 6379 -Z root  &

Start packet capture

$ ./redis-cli -h xxx -p 6379 -a xxx
set abc12345abcd kkkkkkkkkkkk
del abc12345abcd
del abc12345abcd

The result packet and message content have been parsed, and the key value can be observed directly, so it is very convenient to deal with the problem

IP Client > Server: Flags [.], ack 9200, win 372, options [nop,nop,TS val 436096603 ecr 3408210638], length 0
IP Client > Server: Flags [P.], seq 53:104, ack 9200, win 372, options [nop,nop,TS val 436107785 ecr 3408210638], length 51: RESP "set" "abc12345abcd" "kkkkkkkkkkkk"
IP Server > Client: Flags [.], ack 104, win 171, options [nop,nop,TS val 3408221821 ecr 436107785], length 0
IP Server > Client: Flags [P.], seq 9200:9205, ack 104, win 171, options [nop,nop,TS val 3408221821 ecr 436107785], length 5: RESP "OK"
IP Client > Server: Flags [.], ack 9205, win 372, options [nop,nop,TS val 436107827 ecr 3408221821], length 0
IP Client > Server: Flags [P.], seq 104:136, ack 9205, win 372, options [nop,nop,TS val 436112554 ecr 3408221821], length 32: RESP "del" "abc12345abcd"
IP Server > Client: Flags [.], ack 136, win 171, options [nop,nop,TS val 3408226590 ecr 436112554], length 0
IP Server > Client: Flags [P.], seq 9205:9209, ack 136, win 171, options [nop,nop,TS val 3408226591 ecr 436112554], length 4: RESP "1"
IP Client > Server: Flags [.], ack 9209, win 372, options [nop,nop,TS val 436112556 ecr 3408226591], length 0
IP Client > Server: Flags [P.], seq 136:168, ack 9209, win 372, options [nop,nop,TS val 436113234 ecr 3408226591], length 32: RESP "del" "abc12345abcd"
IP Server > Client: Flags [.], ack 168, win 171, options [nop,nop,TS val 3408227270 ecr 436113234], length 0
IP Server > Client: Flags [P.], seq 9209:9213, ack 168, win 171, options [nop,nop,TS val 3408227271 ecr 436113234], length 4: RESP "0"

Redis network protocol

https://redis.io/topics/protocol