new remote captures page

ranbel · ranbel · commit 0124ae8a4e11 · 2024-09-23T20:16:52.000-04:00
diff --git a/src/content/docs/cloudflare-one/insights/dex/notifications.mdx b/src/content/docs/cloudflare-one/insights/dex/notifications.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: reference
 title: Notifications
 sidebar:
-  order: 3
+  order: 5
 head:
   - tag: title
     content: DEX notifications
diff --git a/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
@@ -0,0 +1,68 @@
+---
+pcx_content_type: reference
+title: Remote captures
+sidebar:
+  order: 4
+
+---
+
+import { Details, Render } from "~/components"
+
+
+<Details header="Feature availability">
+
+| [WARP modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
+| ----------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
+| All modes                                                                                 | All plans                                                     |
+
+| System   | Availability | Minimum WARP version |
+| -------- | ------------ | -------------------- |
+| Windows  | ✅            | 2024.6.415.0         |
+| macOS    | ✅            |                      |
+| Linux    | ✅            |                      |
+| iOS      | ❌            |                      |
+| Android  | ❌            |                      |
+| ChromeOS | ❌            |                      |
+
+</Details>
+
+Remote captures allow administrators to collect packet captures (PCAPs) and WARP diagnostic logs directly from end user devices. This data can be used to troubleshoot network problems, investigate security incidents, and identify performance bottlenecks.
+
+## Start a remote capture
+
+To capture data from a remote device:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
+2. Select the device(s) you want to run a capture on. Devices must be [registered](/cloudflare-one/connections/connect-devices/warp/deployment/) in your Zero Trust organization.
+3. Configure the types of captures to run.
+	- **PCAP**: Performs packet captures by running `warp-cli debug pcap start` and `warp-cli debug pcap stop` commands on the device. The capture will include two files -- a PCAP for traffic outside of the WARP tunnel (default network interface), and a PCAP for traffic inside of the WARP tunnel ([WARP virtual interface](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#ip-traffic)).
+		<Details header="PCAP limits">
+		Packet captures are subject to the following limits:
+			- **Maximum time limit**: 1,800 seconds
+			- **Maximum file size**: 100 MB
+			- **Maximum packet size**: 160 bytes
+		</Details>
+	- **WARP Diagnostics Logs**: Generates [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) by running a `warp-diag` command on the device. You can optionally select **Test all routes** to run an `ip route get` command for all IPs and domains in your [Split Tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/).
+4. Select **Start a capture**.
+
+DEX will now send capture requests to the configured devices. If the WARP client is disconnected, the capture will time out after 10 minutes.
+
+## Check remote capture status
+
+To view a list of captures, go to **DEX** > **Remote captures**. The **Status** column displays one of the following options:
+	- **Success**: The capture is complete and ready for download.
+	- **Running**: The capture is in progress on the device.
+	- **Pending Upload**: The capture is complete but not yet ready for download.
+	- **Failed**: The capture has either timed out or encountered an error. To retry the capture, make sure the WARP client is connected and start a [new capture](/cloudflare-one/insights/dex/remote-captures/#start-a-remote-capture).
+
+## Download remote captures
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
+2. Find a successful capture.
+3. Select the three-dot menu and select **Download**.
+
+This will download a ZIP file to your local machine. You can analyze `.pcap` files using Wireshark or another third-party packet capture tool.
+
+## Data retention
+
+Cloudflare will store capture data for 7 days.
