# Incoming Traffic

mirrord lets your local process receive network traffic that would normally go to a pod in the cluster. There are two modes:

### Mirroring (default)

In the default configuration, mirrord **mirrors** incoming TCP traffic - your local process receives a copy of the traffic while the remote pod continues to handle it normally. Responses from your local process are dropped. This is a safe, read-only way to observe how your code handles real requests.

### Stealing

In **steal** mode, mirrord intercepts incoming traffic and redirects it to your local process instead of the remote pod. Your local process becomes the one responding to real requests. This is useful when you need to test how your code handles and responds to live traffic.

Steal mode can be configured in your mirrord config:

```json
{
  "feature": {
    "network": {
      "incoming": "steal"
    }
  }
}
```

### What's in this section

* [**Filter Incoming Traffic**](https://metalbear.com/mirrord/docs/using-mirrord/incoming-traffic/filter-incoming-traffic) - Steal only a subset of traffic using HTTP header, W3C `baggage`/`tracestate`, path, or method filters
  * [Filtering by JSON Body](https://metalbear.com/mirrord/docs/using-mirrord/incoming-traffic/filter-incoming-traffic/filtering-by-json-body) - Filter based on request body content
  * [Debug from Browser](https://metalbear.com/mirrord/docs/using-mirrord/incoming-traffic/filter-incoming-traffic/debug-from-browser) - Use the Chrome extension to route browser traffic to your local process
* [**Steal HTTPS Requests**](https://metalbear.com/mirrord/docs/using-mirrord/incoming-traffic/steal-https) **\[Teams]** - Decrypt and steal HTTPS traffic using TLS certificates
* [**Inspect Live Traffic**](https://metalbear.com/mirrord/docs/using-mirrord/incoming-traffic/inspect-live-traffic) - Monitor incoming traffic without running a local process