apply review feedback

Author: ranbel

src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx

@@ -67,21 +67,21 @@ The `warp-debugging-info-<date>-<time>.zip` archive contains the following files
 | `daemon_dns.log` | Contains detailed DNS logs if **Log DNS queries** is enabled in the WARP client. |
 | `daemon.log`                                                                                        | Detailed log of all actions performed by the WARP client, including all communication between the device and Cloudflare's global network. **Note:** This is the most useful debug log.   |
 | `date.txt`  | Date and time (UTC) when you ran the `warp-diag` command.  |
-| `dex.log`  | ? |
+| `dex.log`  | Logs related to [DEX test](/cloudflare-one/insights/dex/tests/) execution. |
 | `dhcp-lease-plists.txt`  | DHCP lease information from `/var/db/dhcpclient/leases/` for each interface that has a DHCP lease. |
 | `dhcp-lease.txt`  | DHCP lease information from `ipconfig` (macOS) or `nmcli` (Linux). |
 | `dig.txt`  | DNS lookup query output for `cloudflare.com` and `apple.com`. |
 | `dns_stats.log`  | Statistics on the DNS queries received and resolved by WARP, generated every two minutes.  |
 | `dns-check.txt` | Verifies that the WARP DNS servers are set as system default. For [operating modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) where DNS filtering is enabled, this file contains the IPs of the local WARP DNS proxy (`127.0.2.2:0`, `127.0.2.3:0`, `[fd01:db8:1111::2]:0`, and `[fd01:db8:1111::3]:0`). |
-| `dynamic.log` | ? |
+| `dynamic.log` | Reserved for use by Cloudflare Support. |
 | `etc-hosts.txt`  | Static DNS config of device.  |
 | `firewall-pfctl-all.txt` | Packet filter (pf) firewall configuration (macOS only). |
 | `firewall-rules.txt` | The [system firewall rules](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#system-firewall) configured by WARP. |
 | `gui-launcher.log` | macOS console log showing application launch.  |
 | `gui-log.log`  | Log file for the GUI app that users interact with. |
 | `hostname.txt` | Name of the device.  |
 | `ifconfig.txt` <br/> `ipconfig.txt`  | IP configuration of each network interface.  |
-| `installed_applications.text` | List of installed applications. |
+| `installed_applications.txt` | List of installed applications. |
 | `installed_cert.pem` | [Root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) installed on the system. |
 | `installer.log` <br/> `msi-installer.log` | MSI or PKG installation log.|
 | `InstallHistory.plist` <br/> `macos_installer.log` | macOS software installation logs. |

src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx

@@ -17,9 +17,9 @@ import { Details, Render } from "~/components"
 
 | System   | Availability | Minimum WARP version |
 | -------- | ------------ | -------------------- |
-| Windows  | ✅            | 2024.9.346.0        |
-| macOS    | ✅            | 2024.9.346.0        |
-| Linux    | ✅            | 2024.9.346.0        |
+| Windows  | ✅            | 2024.9.346.0         |
+| macOS    | ✅            | 2024.9.346.0         |
+| Linux    | ✅            | 2024.9.346.0         |
 | iOS      | ❌            |                      |
 | Android  | ❌            |                      |
 | ChromeOS | ❌            |                      |
@@ -28,6 +28,11 @@ import { Details, Render } from "~/components"
 
 Remote captures allow administrators to collect packet captures (PCAPs) and WARP diagnostic logs directly from end user devices. This data can be used to troubleshoot network problems, investigate security incidents, and identify performance bottlenecks.
 
+:::note
+DEX remote captures are available in early access. For more information, contact your account team.
+:::
+
+
 ## Start a remote capture
 
 To capture data from a remote device:
@@ -36,36 +41,48 @@ To capture data from a remote device:
 2. Select up to 10 devices that you want to run a capture on. Devices must be [registered](/cloudflare-one/connections/connect-devices/warp/deployment/) in your Zero Trust organization.
 3. Configure the types of captures to run.
 	- **PCAP**: Performs packet captures for traffic outside of the WARP tunnel (default network interface) and traffic inside of the WARP tunnel ([WARP virtual interface](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#ip-traffic)).
-		<Details header="PCAP capture limits">
-		Packet captures are subject to the following limits:
-			- **Maximum time limit**: 600 seconds
-			- **Maximum file size**: 50 MB
-			- **Maximum packet size**: 1500 bytes
-		</Details>
 	- **WARP Diagnostics Logs**: Generates a [WARP diagnostic log](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) of the past 96 hours. To include a routing test for all IPs and domains in your [Split Tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/), select **Test all routes**.
-		<Details header="WARP capture limits">
-		WARP diagnostic logs have no file size limit, but files larger than 100 MB cannot be uploaded to Cloudflare and must be shared directly with the admin.
-		</Details>
+	:::note
+	**Test all routes** will extend the time for diagnostics to run and may temporarily impact device performance during the test.
+	:::
 4. Select **Start a capture**.
 
 DEX will now send capture requests to the configured devices. If the WARP client is disconnected, the capture will time out after 10 minutes.
 
 ## Check remote capture status
 
 To view a list of captures, go to **DEX** > **Remote captures**. The **Status** column displays one of the following options:
-	- **Success**: The capture is complete and ready for download.
+	- **Success**: The capture is complete and ready for download. Any partially successful captures will still upload to Cloudflare. For example, there could be a scenario where the PCAP succeeds on the primary network interface but fails on the WARP tunnel interface. You can [review PCAP results](/cloudflare-one/insights/dex/remote-captures/#download-remote-captures) to determine which PCAPs succeeded or failed.
 	- **Running**: The capture is in progress on the device.
 	- **Pending Upload**: The capture is complete but not yet ready for download.
-	- **Failed**: The capture has either timed out or encountered an error. To retry the capture, verify the [connectivity status](/cloudflare-one/insights/dex/fleet-status/) of the device and start a [new capture](/cloudflare-one/insights/dex/remote-captures/#start-a-remote-capture).
+	- **Failed**: The capture has either timed out or encountered an error. To retry the capture, check the WARP client version and [connectivity status](/cloudflare-one/insights/dex/fleet-status/), then start a [new capture](/cloudflare-one/insights/dex/remote-captures/#start-a-remote-capture).
 
 ## Download remote captures
 
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
 2. Find a successful capture.
 3. Select the three-dot menu and select **Download**.
 
-This will download a ZIP file to your local machine. You can analyze `.pcap` files using Wireshark or another third-party packet capture tool.
+This will download a ZIP file to your local machine called `<capture-id>.zip`. DEX will store capture data according to our [log retention policy](/cloudflare-one/insights/logs/#log-retention).
+
+### Device PCAP contents
+
+The downloaded PCAP folder contains three files:
+- `capture-default.pcap`: Packet captures for the primary network interface.
+- `capture-tunnel.pcap`: Packet captures for traffic inside of the WARP tunnel.
+- `results.json`: Reports successful and failed packet captures.
+
+You can analyze `.pcap` files using Wireshark or another third-party packet capture tool.
+
+### WARP Diag contents
+
+Refer to [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) for a description of each file.
 
-## Data retention
+## Limitations
 
-Cloudflare will store capture data for 7 days.
+- Packet captures are subject to the following limits:
+	- **Maximum time limit**: 600 seconds
+	- **Maximum file size**: 50 MB
+	- **Maximum packet size**: 1500 bytes
+- WARP diagnostic logs have no file size limit, but files larger than 100 MB cannot be uploaded to Cloudflare and must be shared directly with the admin.
+- Windows devices do not support concurrent remote captures. If you start a remote capture while another is in progress, the second capture will fail immediately.