TOPTRACING

Kyanos: a simple & powerful network tracing tool

Dec 1, 2024

0
https://kyanos.io/https://github.com/hengyoush/kyanos

Kyanos is a Network Traffic Analyzer that provides real-time, packet-level to protocol-level visibility into a host's internal network, capturing and analyzing all inbound and outbound traffic.

What Kyanos Can Offer You

Powerful Traffic Filtering

Not only can filter based on traditional IP/port information, can also filter by process/container, L7 protocol information, request/response byte size, latency, and more.

# Filter by pid
./kyanos watch --pids 1234
# Filter by container id
./kyanos watch --container-id abc
# Filter by Redis key
./kyanos watch redis --keys my-key1,my-key2
# Filter by response byte size
./kyanos watch --resp-size 10000

Advanced Analysis Capabilities

Unlike tcpdump, which only provides fine-grained packet capture, Kyanos supports aggregating captured packet metrics across various dimensions, quickly providing the critical data most useful for troubleshooting.

Imagine if the bandwidth of your HTTP service is suddenly maxed out—how would you quickly analyze which IPs and which requests are causing it?

With Kyanos, you just need one command: kyanos stat http --bigresp to find the largest response byte sizes sent to remote IPs and view specific data on request and response metrics.

In-Depth Kernel-Level Latency Details

In real-world, slow queries to remote services like Redis can be challenging to diagnose precisely. Kyanos provides kernel trace points from the arrival of requests/responses at the network card to the kernel socket buffer, displaying these details in a visual format. This allows you to identify exactly which stage is causing delays.

Lightweight and Dependency-Free

Almost zero dependencies—just a single binary file and one command, with all results displayed in the command line.

Automatic SSL Traffic Decryption

All captured requests and responses are presented in plaintext.

When to Use Kyanos

Capture Request and Response

Kyanos provides the watch command, allowing you to filter and capture various traffic types. It supports filtering based on process ID, container ID, container name, pod name, as well as IP and port. Additionally, you can filter based on protocol-specific fields, such as HTTP paths, Redis commands, and keys. The captured traffic includes not only the request and response content but also detailed timing information, such as the time taken for requests to go from system calls to the network card and for responses to travel from the network card to the socket buffer and then to the process.

Analyze Abnormal Flow Path

Kyanos’s stat command can help you quickly identify abnormal links. The stat command supports aggregation across multiple dimensions.

For example, it can aggregate by remote IP, allowing you to quickly analyze which remote IP is slower. Kyanos also supports various metrics, such as request-response latency and request-response size. With these features, you can resolve 80% of network issues quickly.

Global Dependency Analysis (beta)

Sometimes, you may need to know which external resources a machine depends on. Kyanos offers the overview command to capture all external resources a machine relies on and their latency in a single command.

Basic Examples

Capture HTTP Traffic with Latency Details

Run the command:

./kyanos watch http

The result is as follows:

Capture Redis Traffic with Latency Details

Run the command:

./kyanos watch redis

The result is as follows:

Identify the Slowest Requests in the Last 5 Seconds

Run the command:

 ./kyanos stat --slow --time 5

The result is as follows: