Wireless
Performance
• Wireless - Too Many Physical Errors: There are frames captured at this location containing a CRC error. The threshold is in number of CRC errors per second.
• Wireless AP - QBSS Client Too Many: A QoS Basic Service Set (QBSS) capable access point has more users than the specified default.
• Wireless AP - Mixed Mode: An 802.11 b/g access point is communicating with both b and g clients.
• Wireless AP - 802.11n Capable: An access point is capable of using 802.11n.
• Wireless AP - 802.11n Dual Channel Capable: An access point is advertising that it is capable of using dual channel mode for increased throughput.
• Wireless AP - Physical Errors: There are frames from a wireless client captured at this location containing a CRC error. The threshold is in number of CRC errors per second
• Wireless AP - QoS Not Enabled: An access point is not advertising that it is capable of QoS or WMM.
• Wireless AP - Repeater Mode Detected: Reported once per access point, this condition implies that an access point is functioning as a relaying device, cutting effective throughput in half.
• Wireless AP - Too Many: The number of access points observed on a given channel is at or greater than the threshold, decreasing the efficiency of utilization (contention) of that channel.
• Wireless AP - Too Many Clients: The number of active clients connected to an access point has exceeded the threshold.
• Wireless AP - Too Many Retries: The access point has previously attempted to send packets over the wireless medium without receiving an ACK from the receiver.
• Wireless AP - Weak Signal: The signal strength of a frame transmitted by an access point and captured at this location is at or below the threshold.
• Wireless Channel Overlap: The Expert has detected a management frame from a channel other than the capture channel, indicating channel overlap or “bleed.”
• Wireless Client - Excessive Roam Time: A roaming client has been observed to take an unacceptably long time to rejoin another access point the wireless network. This can cause performance effects on time-sensitive applications such as VoIP over WLAN
• Wireless Client - High Fragmentation Rate: Based on the threshold, there are too many packets being fragmented into smaller packets. This impacts performance on your WLAN by increasing traffic and decreasing effective throughput.
• Wireless Client - No Response to Probe Request: The access point failed to send out a probe response frame for outstanding probe request from clients for its ESSID.
• Wireless Client - Physical Errors: There are frames from a wireless client captured at this location containing a CRC error. The threshold is in number of CRC errors per second.
• Wireless Client - Power Save Interval Exceeded: Association requests specify the number of beacon intervals a station will wait before waking up to receive buffered traffic from the access point. A wireless client has failed to “wake up” within this time to receive buffered traffic.
• Wireless Client - Power Save Listen Interval Too Long: The wireless client has been observed to have a power save interval longer than the specified value in the threshold.
• Wireless Client - Power Save Missed Packet: An access point has dropped buffered data that was being held for a client in the “sleep” state.
• Wireless Client - Probe Response Not Accepted: The reported wireless client has not continued the normal process of associating with the responding access point after receiving a matching probe response frame.
• Wireless Client - Too Many Retries: The client has previously attempted to send packets over the wireless medium without receiving an ACK from the receiver.
• Wireless Client - Weak Signal: The signal strength of a frame transmitted by a client and captured at this location is at or below the threshold. The minimum sample period is how often this event is reported.
• Wireless Data Rate Change: The data rate of this packet is lower than the previous packet.
• Wireless Excessive Data Rate Change: The data rate of this packet is changing at an excessive rate.
• Wireless Excessive Probe Requests: A client is sending excessive probe requests. If this problem persists, it could lead to lowered available bandwidth and a delay in the client getting on the network.
• Wireless Excessive RTS: A wireless network has seen more RTS (Request to Send) packets than specified by the threshold. This overhead can slow down the overall throughput of the network if used excessively.
• Wireless Fragmentation Packet Size Too Small: The wireless fragmentation size of a packet is lower than the threshold. This can cause a decrease in throughput, but increase the ability of the sender to deal with interference.
• Wireless g Device Short Time Slot: A wireless 802.11g device has re-transmitted a frame using the short time slot. This may be an indication of a collision problem in a mixed b/g network as 802.11b does not support short slots.
• Wireless High Beacon Rate: An access point or ad hoc station is sending beacon frames at a faster rate than the threshold.
• Wireless Low Signal-to-Noise Ratio: The analyzer is receiving packets with a low signal-to-noise ratio below the value specified in the settings.
• Wireless RF Interference: Unwanted RF signals disrupt normal operation, causing lower data rates and a high percentage of wireless retries. This event is triggered when noise is detected above the configured threshold in the EventFinder settings.
• Wireless RTS/CTS Data Packets Too Small: RTS/CTS mechanism is using packets size smaller than the threshold, potentially impacting throughput.
• Wireless Transmission Retry: The transmitter has previously attempted to send this packet over the wireless medium.
Security
• Wireless AP - Broadcasting ESSID: The access point is sending its ESSID in beacon broadcasts, allowing all stations (including tools that snoop broadcast packets) to see the ESSID.
• Wireless AP - Inconsistent Configuration: Multiple access points (BSSIDs) in your WLAN, with the same ESSID, have conflicting configuration elements such as different data rates, compatibility configurations or more.
• Wireless AP - Missing: An access point, active in the past, has recently stopped transmitting packets. This event is only reported once per access point unless the device reappears and disappears again.
• Wireless AP - Not Configured: The access point is broadcasting an ESSID that is one of several known default ESSIDs. The ESSID table is contained in an XML file which can be updated.
• Wireless AP - Possible Spoof: Multiple access points are seen beaconing for a short period of time and then disappearing.
• Wireless AP - Restarted: An access point has been restarted within the past number of minutes as determined by the threshold.
• Wireless AP - Rogue: An unrecognized access point has been detected, since it does not exist in the name table and it is not designated as an access point.
• Wireless AP - WEP Not Required: The access point does not require WEP for stations to associate to it.
• Wireless Ad Hoc Detected: Two or more wireless nodes are communicating directly to each other without using an access point. If communicating on the same or nearby channel as a wireless infrastructure using access points, available bandwidth can be severely impacted.
• Wireless Association Attack: The number of association requests is at or has exceeded the threshold, measured in number of associations in so many seconds.
• Wireless Association Denied: An authenticated client's association request was denied by the access point resulting in any of the following status codes in the association response frame: 12,17,18,19,20,21,22,23,24,25,26.
• Wireless Authentication Attack: The number of authentication requests is at or has exceeded the threshold, measured in number of authentications in so many seconds.
• Wireless Authentication Denied: An access point is rejecting a client’s authentication request. A “normal insertion” by a client into a wireless network is a probe request followed by authentication, then association.
• Wireless Client - Associated with Rogue Access Point: A client has associated with an unknown or untrusted access point. This event is monitored and reported for each recorded association.
• Wireless Client - Acting as DHCP Server: A wireless client is acting as a DHCP server indicating a potential rogue DHCP server and security risk.
• Wireless Client - Rogue: An unrecognized client has been detected, since it does not exist in the name table.
• Wireless Client - Using Access Point Address: A station is transmitting frames using the same source address as an access point.
• Wireless Client - Using Access Point ESSID: A wireless client in ad hoc mode has been detected using the same ESSID that is being used by valid access point(s) in the infrastructure network. This leads some clients to connect to an undesired network.
• Wireless Data Sent But Not Associated: A data frame has been received by the access point from a non-authenticated station. The access point will reject the frame and send a deauthenticate frame back to the station with the error status.
• Wireless Deauthentication Attack: There are a large number of deauthentication frames which may be from a client spoofing an access point. These frames are usually sent to the “all stations broadcast” address causing all stations associated with that access point to disassociate
• Wireless Duration Attack: The duration field in the client's data frame is set to a value higher than the above threshold. The duration field reserves the wireless medium by updating the Network Allocation Vector (NAV) for the time it will take to complete a WLAN transaction including acknowledgements.
• Wireless PSPF Violation: Public Secure Packet Forwarding (PSPF). Two clients are communicating to each other via an access point. In some hotspots this is undesirable as a possible security and/or performance risk.
• Wireless Reassociation Denied: An access point is rejecting a client's association request. A “normal insertion” by a client into a wireless network is a probe request followed by authentication, then association.
• Wireless RF Jamming: RF Jamming is a step above innocent interference. Jamming can be defined as malicious attacks on your RF domain in order to cause service disruptions. This event is triggered when noise is detected above the configured threshold in the EventFinder settings.
• Wireless Same Send & Receive Address: The source address and destination address are identical.
• Wireless Security Error: A wireless (802.11i or WPA2) security error has occurred during a wireless transaction.
• Wireless Source Address is Broadcast: A station has assigned an all stations broadcast address (all 1s or FF:FF:FF:FF:FF:FF in hex) as its source address.
• Wireless Source Address is Multicast: A station has assigned a multicast address (the lower bit of the first byte of an address is set to “1”) as its source address.