From aef57245ab25489b7851d4db17792479ea8664b5 Mon Sep 17 00:00:00 2001
From: Ranbel Sun <ranbel@cloudflare.com>
Date: Thu, 2 Jan 2025 12:40:24 -0500
Subject: [PATCH] cap_net_raw optional

---
 .../connect-networks/troubleshoot-tunnels/diag-logs.mdx       | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx
index 192058a35b117a..01c1ce77801178 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx
@@ -22,12 +22,14 @@ The steps for getting diagnostic logs depend on your `cloudflared` deployment en
 
 These instructions apply to remotely-managed and locally-managed tunnels running directly on the host machine.
 
-1. (Linux only) Allow the `cloudflared` user to create RAW and PACKET sockets without root permissions:
+1. (Linux only) To include network diagnostics in the logs, allow the `cloudflared` user to create RAW and PACKET sockets without root permissions:
 
 		```sh
 		sudo setcap cap_net_raw+ep /usr/bin/traceroute && sudo setcap cap_net_raw+ep /usr/bin/traceroute
 		```
 
+		If you do not set `cap_net_raw`, then traceroute data will be unavailable.
+
 2. Get diagnostic logs:
 
 		```sh