Skip to main content
Assessment Services WiFi. Wired. Secure.

Find What’s Actually Wrong With Your Network

Users blame the WiFi. IT blames the ISP. Nobody has data. We bring the instruments that turn complaints into a remediation plan: calibrated heat maps, RF spectrum scans, cable certification, and vulnerability scanning. Real measurements, not guesses.

WiFi Site Survey Wired Assessment Security Overlay Deliverables

Why Measure What You Already Built

Because the network you deployed is not the network you have today.

Every SMB network starts with a plan. Then reality happens. The conference room gets repurposed as a film production space with half a dozen wireless transmitters. Someone installs a microwave in the break room twelve feet from an access point. A contractor re-terminates a patch panel and mislabels three runs. An IoT camera gets plugged into a data port that was supposed to be admin-only. Each change is small. The cumulative drift is the difference between the WiFi that works and the WiFi that does not.

A network assessment replaces speculation with measurement. We bring the same professional instruments used on large enterprise deployments, applied to an SMB footprint, priced for an SMB budget. What you get back is not a sales pitch for new hardware. It is a report that says: here is what we measured, here is what is broken, here is what it will cost to fix, in priority order.

83%

of WiFi complaints trace to a non-WiFi problem: spectrum interference, bad cable, undersized uplink, or misconfigured VLAN.

1 in 4

SMB networks we assess has at least one cable run failing link-speed certification but passing basic ping tests.

6 GHz

is increasingly the answer, but only if the existing 5 GHz channel plan and PoE budget support it. Survey first. Buy second.

Aerial view of a multi-building campus with each structure labelled for site survey scope
Multi-building survey scope from a recent SMB engagement: each structure is walked individually and characterized as a distinct RF environment.
WiFi Site Survey

Three Instruments. One Floor Plan. A Complete Picture.

A proper WiFi site survey is three tools, not one. Heat mapping shows you coverage. RF analysis shows you the radio environment. Spectrum analysis shows you the non-WiFi noise that everything else is blind to. Miss any one of the three and the report you get back is incomplete.

WiFiMan: Coverage Heat Mapping

Ubiquiti WiFiMan walk-survey with calibrated floor plan overlay.

We walk every accessible square foot of your space with WiFiMan capturing signal strength, SNR, and access point association at hundreds of sampled points. The output overlays onto your floor plan as a color-coded heat map: green where coverage is strong, red where it fails, every shade in between. You see exactly where clients will drop, exactly where an AP is wasted, and exactly where a new AP needs to go.

What it reveals

Dead zones, over-coverage, sticky-client boundaries, AP placement errors, per-band (2.4/5/6 GHz) coverage deltas.

Deliverable

Annotated floor plan with signal heat overlay per band, AP locations marked, recommendations for relocation or addition.

WiFiMan heat map of a multi-room office floor: green indicates strong signal, yellow indicates weakening coverage, red dot marks the access point placement
Sample deliverable: WiFiMan walk-survey output over a multi-room office on 6 GHz. Red dot marks the test access point location.

WiFi Explorer Pro 3: RF Environment Analysis

Per-channel utilization, co-channel interference, neighbor network impact.

Heat maps tell you whether a signal is present. WiFi Explorer Pro 3 tells you whether that signal is usable. We profile every channel across 2.4, 5, and 6 GHz: how many networks are sharing it, what signal-to-noise ratio your APs are achieving, which of your channels overlap with neighbors, and where rogue or guest access points are stealing capacity from your production network. This is where "the signal is strong but it’s slow" problems get diagnosed.

What it reveals

Channel utilization percentages, co-channel vs adjacent-channel interference, rogue APs, neighbor SSID impact, SNR floor, 6 GHz readiness of the existing plan.

Deliverable

Channel plan recommendation (static or DFS-aware), interference inventory, 6 GHz migration path if applicable, AP-by-AP tuning notes.

WiFi Explorer Pro 3 by Intuitibits: the RF analysis engine we run alongside WiFiMan walk-testing.

Wi-Spy: Non-802.11 Spectrum Analysis

MetaGeek Wi-Spy spectrum scanning for interference WiFi analyzers cannot see.

WiFi analyzers only see WiFi. That is a problem, because a lot of what kills WiFi performance is not WiFi. A spectrum analyzer looks at raw radio energy across the band and identifies non-802.11 emitters: microwave ovens on the 2.4 GHz band, cordless phones, baby monitors, Bluetooth devices, security cameras on legacy analog transmitters, wireless presentation systems, and industrial equipment that radiates harmonic interference. We walk the space with Wi-Spy and pinpoint these sources by their spectral signature and physical location.

What it reveals

Non-WiFi interference sources, persistent vs intermittent emitters, spectral density patterns, physical location of noise sources.

Deliverable

Interference source inventory with device identification, mitigation recommendation per source (relocate, replace, shield, or route around).

MetaGeek Wi-Spy with Chanalyzer: the spectrum analyzer hardware and waterfall-view software we use to identify non-WiFi interference sources by spectral signature.

WiFiMan heat map of a garage workspace showing strong central coverage bleeding into an adjacent zone
Second sample deliverable: a large open workspace survey showing strong central coverage (green) fading at adjacent rooms (yellow). Useful for sizing AP count and placement.
Wired Assessment

The Cable You Trust Is the Problem You Cannot See

Cables pass ping. That does not mean they pass traffic. A Cat5e run that drops to Fast Ethernet because two pairs are cross-wired will happily answer pings while silently halving throughput for every device on it. PoE that negotiates to 802.3af when the camera needs 802.3at shows up as a camera that reboots under load, not as a cable issue. The only way to know is to test, and the only testing that matters certifies the link, not just the connection.

Fluke LinkIQ: Cable Certification & Link Qualification

Professional link qualification: cable length, wiremap, Ethernet speed, PoE class, switch port ID.

LinkIQ is the industry standard for cable qualification in SMB and enterprise environments. Each drop is tested end-to-end: physical cable integrity (length, impedance, wiremap), highest negotiated link speed (1G/2.5G/10G), PoE class delivered, and the switch port it lands on along with any VLAN it sees. The output is a certified pass or fail per drop, plus a full equipment inventory of what is plugged in where.

What it reveals

Cables failing certification, mislabeled patch panels, runs negotiating below their rated speed, PoE undervoltage, undocumented switch port usage, VLAN mismatches.

Deliverable

Per-drop test report with pass/fail, cable-type evidence (Cat5e/6/6A), speed certification, PoE budget report, switch port and VLAN inventory.

Fluke Networks LinkIQ: industry-standard cable qualification up to 10GBASE-T, integrated PoE verification, and switch port / VLAN discovery.

Physical Audit

Patch panel documentation, rack sanity, cable management, labeling verification, mis-terminations. If we find undocumented drops, we document them. If we find mystery cables, we trace them.

Switch Configuration Review

VLAN layout, trunk configuration, spanning-tree posture, PoE budget utilization, port-security policy, firmware currency. Surface-level config review, not a full network redesign. That is the Network Design service.

Security Overlay

What the Network Exposes Is as Important as How Well It Works

A fast, well-covered network that leaves a server management interface reachable from the guest VLAN is still a liability. Every network assessment ships with a vulnerability-scan overlay from netvuln-tool, the open-source scanner we build and run internally. It runs from both the user network and any separated segments to show you exactly what a device on each segment can reach, and what an attacker who got onto each segment would see.

netvuln-tool: Open-Source Vulnerability Scanning

Network discovery, service fingerprinting, CVE correlation, segmentation validation.

Every open port, every exposed admin interface, every unpatched service. netvuln-tool runs from each network segment in scope and produces a reachability matrix plus a CVE-correlated finding list. You see what a compromised workstation on the user VLAN can reach, what the guest network exposes, and where segmentation is nominal but not actually enforced. Findings map to remediation steps, not just scores.

What it reveals

Exposed services on every segment, broken VLAN isolation, unpatched software, weak configurations, unauthorized devices, shadow IT.

Deliverable

Per-segment scan report, segmentation validation matrix, prioritized CVE findings with remediation actions.

netvuln-tool HTML report showing vulnerability findings, CVE references, and remediation guidance
netvuln-tool report: CVE-linked findings, per-host detail, and prioritized remediation guidance.
Learn more about netvuln-tool →

What You Receive at the End

Every engagement produces a written report. Every finding is evidence-backed. Every recommendation is costed and prioritized.

Executive Summary

2 to 3 pages. Non-technical. What we found, what it is costing the business, what it will take to fix, in priority order with price ranges.

Annotated Floor Plan

Signal heat map per band (2.4 / 5 / 6 GHz), AP locations, recommended new AP locations, interference source markers, wired drop inventory.

Channel Plan & RF Report

Per-AP channel and power recommendation, utilization and SNR data, interference inventory, 6 GHz migration readiness.

Cable Certification Report

Per-drop Fluke LinkIQ test result, cable-type evidence, speed certification, PoE delivered, switch port and VLAN mapping.

Vulnerability Scan Summary

netvuln-tool findings by segment, CVE references, segmentation validation, prioritized remediation actions.

Remediation Roadmap

Every finding mapped to a specific action, with price range, labor estimate, and priority tier. Fix the critical things first, everything else in sequence.

How an Engagement Works

Each tier is independently purchasable. Start with an Assessment, or go straight to Remediation if you already know what is broken.

Assessment

One to two days onsite with the full toolkit. Three to five days of analysis. A complete written report and a 60-minute findings walkthrough.

Deliverable

Complete assessment report: executive summary, annotated floor plan, RF & channel report, cable certification, vulnerability scan, remediation roadmap.

Most Popular

Assessment + Remediation

The assessment, plus we execute the fixes. New APs installed and tuned, bad cables replaced, switch configs corrected, security gaps closed.

Deliverable

Assessment report, executed remediation work, post-remediation validation survey to confirm issues are resolved, updated documentation.

Ongoing Network Health

Quarterly re-survey of the RF environment and wired infrastructure. Plus continuous netvuln-tool scanning via the managed portal.

Deliverable

Quarterly health report, drift tracking against baseline, rapid response for new issues, ongoing vulnerability scanning with trend dashboards.

The Tools We Bring

Professional instruments used on enterprise deployments, applied to SMB networks at SMB pricing.

WiFiMan

Heat mapping

WiFi Explorer Pro 3

RF analysis

Wi-Spy

Spectrum analysis

Fluke LinkIQ

Cable certification

netvuln-tool

Vulnerability scan

Common Questions

How long does a WiFi site survey take?

A typical single-location survey takes one to two days onsite for walk-testing with WiFiMan and Wi-Spy, followed by three to five days of analysis and report writing. Multi-building or multi-floor sites scale accordingly. We give you a firm quote after reviewing your floor plan.

Do you need access to our network during the survey?

For the WiFi passive walk-test and spectrum analysis, no network access is required. For active throughput testing, RF environment analysis of your own SSIDs, switch port inventory, and the netvuln-tool vulnerability scan, we need standard guest or admin network access depending on scope.

Can a WiFi site survey be done remotely?

No. Heat mapping and spectrum analysis require physically walking the floor with calibrated instruments. RF behavior depends on walls, materials, and interference sources that only show up in person. Anyone offering a remote WiFi site survey is selling you a desk report, not a site survey.

Is netvuln-tool disruptive to the network?

Our standard scan profile is rate-limited and uses service fingerprinting rather than active exploitation. We run it during business hours without issue on typical SMB networks. For high-availability environments or industrial control systems, we use a tuned profile scheduled for low-traffic windows.

Do you sell the access points and switches you recommend?

We have distributor relationships with Pax8 and TD Synnex and can procure hardware if you want us to. We also support bring-your-own-hardware. Our survey recommendations are vendor-neutral; the report gives you the requirements, not a sales quote.

What happens if we do not act on the findings?

The assessment is independently valuable. You own the report, the test data, and the remediation roadmap. Some clients act immediately. Some phase work over twelve months. Some hand the report to a different vendor. All acceptable outcomes. The goal of the engagement is to give you ground truth, not lock you into follow-on work.

Stop Guessing About Your Network

Book a scoping call. We will review your floor plan, talk through the symptoms, and give you a firm quote before any work begins.

Schedule a Scoping Call →

Not ready for a call? See the full security services or read about netvuln-tool.