> For the complete documentation index, see [llms.txt](https://docs.goreplay.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.goreplay.org/untitled/capturing-and-replaying-traffic.md). # Capturing-and-replaying-traffic Think about Gor more like a network analyzer or tcpdump on steroids, it is not a proxy and does not affect your app anyhow. You specify application port, and it will capture and replay incoming data. Simplest setup will be: ```bash # Run on servers where you want to catch traffic. You can run it on every `web` machine. sudo gor --input-raw :80 --output-http http://staging.com ``` It will record and replay traffic from the same machine. However, it is possible to use \[\[Aggregator-forwarder setup]], when Gor on your web machines forward traffic to Gor aggregator instance running on the separate server. > You may notice that it require `sudo`: to analyze network Gor need permissions which available only to root users. However, it is possible to configure Gor [beign run for non-root users](https://app.gitbook.com/s/-MOSMqWJv57pGTOWPxHf/untitled/goreplay.wiki/Running%20as%20a%20non-root%20user). ## Forwarding to multiple addresses You can forward traffic to multiple endpoints. ``` gor --input-tcp :28020 --output-http "http://staging.com" --output-http "http://dev.com" ``` ## Splitting traffic By default, it will send same traffic to all outputs, but you have options to equally split it (round-robin) using `--split-output` option. ``` gor --input-raw :80 --output-http "http://staging.com" --output-http "http://dev.com" --split-output true ``` ## Tracking responses By default `input-raw` does not intercept responses, only requests. You can turn response tracking using `--input-raw-track-response` option. When enable you will be able to access response information in middleware and `output-file`. ## Traffic interception engine By default, Gor will use `libpcap` for intercepting traffic, it should work in most cases. If you have any troubles with it, you may try alternative engine: `raw_socket`. ``` sudo gor --input-raw :80 --input-raw-engine "raw_socket" --output-http "http://staging.com" ``` You can read more about \[\[Replaying HTTP traffic]]. ## Tracking original IP addresses You can use `--input-raw-realip-header` option to specify header name: If not blank, injects header with given name and real IP value to the request payload. Usually, this header should be named: `X-Real-IP`, but you can specify any name. `gor --input-raw :80 --input-raw-realip-header "X-Real-IP" ...` Also you may want to know about \[\[Rate limiting]], \[\[Request rewriting]] and \[\[Request filtering]] --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.goreplay.org/untitled/capturing-and-replaying-traffic.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.