Skip to content

Capturing Request-Response and Latency Details

Using the watch command, you can collect specific network traffic and parse them into request-response pairs, allowing you to:

  • View detailed request-response content.
  • Observe latency details, including key timestamps for when a request reaches the network interface, when a response reaches the network interface, when it arrives at the Socket buffer, and when the application process reads the response.

Let's start with a basic example:

bash
kyanos watch

Since no filter is specified, kyanos will attempt to capture all traffic it can analyze. Currently, kyanos supports parsing three application-layer protocols: HTTP, Redis, and MySQL.

When you execute this command, you’ll see a table like this: kyanos watch result

Each column represents:

Column NameDescriptionExample
idTable's Sequence number
ConnectionThe connection for this request-response"10.0.4.9:44526 => 169.254.0.4:80"
ProtoProtocol used for the request-response"HTTP"
TotalTimeTotal time for this request-response, in milliseconds
ReqSizeRequest size, in bytes
RespSizeResponse size, in bytes
Net/InternalIf send request as a client, it shows network latency; if received as a server, it shows internal processing time
ReadSocketTimeFor client, time spent reading the response from the Socket buffer; for server , reading requests time from the buffer

You can sort by column using the number keys and navigate through records using the "↑"/"↓" or "k"/"j" keys. Pressing Enter opens the details view for a specific request-response:

kyanos watch result detail

In the details view, the first section shows latency details with each block representing a step in the data packet's journey—such as the process, network card, and Socket buffer.
Each block displays the time taken between these points, allowing you to trace the flow from when a request is sent by the process to when a response is received, with step-by-step latency.

The second section contains the request and response content, split into Request and Response parts. Content exceeding 1024 bytes is truncated, but you can adjust this limit using the --max-print-bytes option.

How to Filter Requests and Responses ?

By default, kyanos captures all traffic for the protocols it currently supports. However, in many scenarios, you might need to filter more precisely. For example, you may want to focus on requests sent to a specific remote port, or related to a certain process or container, or queries tied to specific Redis commands or HTTP paths.
Below are the ways to use kyanos options to filter request-responses you're interested in.

Filtering by IP and Port

kyanos supports filtering based on IP and port at the network layer (Layer 3/4). You can specify the following options:

Filter ConditionCommand Line FlagExample
Local Connection Portslocal-ports--local-ports 6379,16379
Only observe request-responses on local ports 6379 and 16379.
Remote Connection Portsremote-ports--remote-ports 6379,16379
Only observe request-responses on remote ports 6379 and 16379.
Remote IP Addressesremote-ips--remote-ips 10.0.4.5,10.0.4.2
Only observe request-responses from remote IPs 10.0.4.5 and 10.0.4.2.

Filtering by Process/Container

Filter ConditionCommand Line FlagExample
Process PID Listpids--pids 12345,12346
Separate multiple PIDs with commas.
Container IDcontainer-id--container-id xx
Specify the container ID.
Container Namecontainer-name--container-name foobar
Specify the container name.
Kubernetes Pod Namepod-name--pod-name nginx-7bds23212-23s1s.default
Format: NAME.NAMESPACE

It's worth mentioning that kyanos also displays latency between the container network card and the host network card: kyanos time detail

Filtering by Request-Response General Information

Filter ConditionCommand Line FlagExample
Request-Response Latencylatency--latency 100
Only observe request-responses that exceed 100ms in latency.
Request Size in Bytesreq-size--req-size 1024
Only observe request-responses larger than 1024 bytes.
Response Size in Bytesresp-size--resp-size 1024
Only observe request-responses larger than 1024 bytes.

Filtering by Protocol-Specific Information

You can choose to capture only request-responses for a specific protocol by adding the protocol name as subcommand. The currently supported protocols are:

  • http
  • redis
  • mysql

For example, to capture only HTTP requests to the path /foo/bar, you would run:

bash
kyanos watch http --path /foo/bar

Here are the options available for filtering by each protocol:

HTTP Protocol Filtering

Filter ConditionCommand Line FlagExample
Request Pathpath--path /foo/bar
Only observe requests with the path /foo/bar.
Request Hosthost--host www.baidu.com
Only observe requests with the host www.baidu.com.
Request Methodmethod--method GET
Only observe requests with the method GET.

Redis Protocol Filtering

Filter ConditionCommand Line FlagExample
Request Commandcommand--command GET,SET
Only observe requests with the commands GET and SET.
Request Keykeys--keys foo,bar
Only observe requests with the keys foo and bar.
Request Key Prefixkey-prefix--key-prefix foo:bar
Only observe requests with keys that have the prefix foo:bar.

MySQL Protocol Filtering

MySQL protocol capturing is supported, but filtering by conditions is still in development...


TIP

All of the above options can be combined. For example:

bash
./kyanos watch redis --keys foo,bar --remote-ports 6379 --pid 12345

This flexibility allows you to tailor your traffic capture to your specific needs, ensuring you gather only the most relevant request-response data.