52
edits
Incidents: Difference between revisions
Add new wifi handshake trigger and attributes
(→Available attributes: GOOSE control block reference attribute) |
(Add new wifi handshake trigger and attributes) |
||
| Line 277: | Line 277: | ||
|This trigger is checked during version negotiation at handshake of each SSL connection. | |This trigger is checked during version negotiation at handshake of each SSL connection. | ||
|used_tls_version | |used_tls_version | ||
|mandatory | |||
|- | |||
|WiFi: Handshake failure | |||
(wifi_handshake_failure) | |||
|This trigger is checked during certain parts of a WiFi handshake when a client tries to join a network. | |||
|handshake_failure_type | |||
|mandatory | |mandatory | ||
|} | |} | ||
| Line 322: | Line 328: | ||
* '''gps_sync_status''': 0 means that the GPS clock in not synchronized, 1 means that the GPS clock is synchronized. | * '''gps_sync_status''': 0 means that the GPS clock in not synchronized, 1 means that the GPS clock is synchronized. | ||
* '''handshake_failed''': Whether TCP handshake failed, i.e. one packet of SYN, SYN-ACK, ACK sequence is missing. If no handshake is seen at all but data (e.g. Allegro was started in the middle of a connection), no incident is generated. | * '''handshake_failed''': Whether TCP handshake failed, i.e. one packet of SYN, SYN-ACK, ACK sequence is missing. If no handshake is seen at all but data (e.g. Allegro was started in the middle of a connection), no incident is generated. | ||
* '''handshake_failure_type''': The type of failure that occured during a WiFi handshake | |||
** '''Erroneous handshake''': The handshake violated the protocol laid out by IEEE802.11. This is not an authentication failure, this is a technical issue with a network device, or an issue with signal strength at the multimeter. | |||
** '''Failure to authenticate''' '''(WPA)''': A client attempted to join a network but failed to authenticate via WPA2 or WPA3. This indicates a problem during the EAPOL key derivation (most likely invalid credentials). | |||
** '''Failure to authenticate (WEP)''': A client attempted to join a network but failed to authenticate via WEP. This indicates a general authentication failure in an authentication frame. More information can be found in the details panel of the offending authentication frame on the handshake details page. | |||
** '''Failure to (re)associate''': A client attempted to join a network, succeeded authentication but ultimately failed to associate with the network. More information can be found in the details panel of the offending (re)association response frame on the handshake details page. Note that association happens ''after'' successful WEP authentication, but ''before'' WPA authentication. | |||
* '''handshake_time''': The TCP handshake time between the first SYN packet and the ACK packet for the SYN/ACK packet of the server. | * '''handshake_time''': The TCP handshake time between the first SYN packet and the ACK packet for the SYN/ACK packet of the server. | ||
** '''client_handshake_time''': The TCP handshake time between the SYN/ACK packet of the server and the ACK packet of the client. | ** '''client_handshake_time''': The TCP handshake time between the SYN/ACK packet of the server and the ACK packet of the client. | ||