Thursday, April 3, 2025

How to Check if PMF (Protected Management Frames) is Enabled on a Wi-Fi Network

How to Check if PMF (Protected Management Frames) is Enabled on a Wi-Fi Network

Protected Management Frames (PMF) is a security feature defined in IEEE 802.11w that protects Wi-Fi management frames (e.g., deauthentication, disassociation) from forgery and eavesdropping. This prevents attacks like deauthentication attacks (e.g., using aireplay-ng).

Methods to Check PMF Status

1. Using Wireshark (Packet Capture Analysis)

  • Capture Wi-Fi traffic in monitor mode (e.g., using airodump-ng or Wireshark).
  • Look for Beacon frames or Association Response frames:
    • PMF Capable (802.11w): Indicates support.
    • PMF Required: Forces clients to use PMF (stronger security).

Steps:

  1. Start capturing on the target Wi-Fi channel: 
    airodump-ng -c <channel> --bssid <AP_MAC> -w pmf_check wlan0mon
  2. Open the .pcap file in Wireshark.
  3. Filter for wlan.fc.type_subtype == 0x08 (Beacon frames).
  4. Check the RSN (Robust Security Network) Information Element:
    • If "Management Frame Protection Capable" is present → PMF is supported.
    • If "Management Frame Protection Required" is present → PMF is enforced.

2. Using iw Command (Linux)

If you are connected to the network (or have access to a Linux machine with Wi-Fi): 

iw dev wlan0 scan | grep -A 10 "SSID Name" | grep "RSN" -A 5
  • Look for Management Frame Protection: Yes or MFPC (Capable) / MFPR (Required).

Example Output: 

RSN:     * Version: 1
     * Group cipher: CCMP
     * Pairwise ciphers: CCMP
     * Authentication suites: PSK
     * Capabilities: MFPC (PMF capable), MFPR (PMF required)
  • MFPC (Capable) → PMF is optional (clients can connect without it).
  • MFPR (Required) → PMF is mandatory (more secure).

3. Using Windows (netsh Command)

If connected to the network:

  1. Open Command Prompt as Administrator.
  2. Run: 
    netsh wlan show networks mode=bssid
  3. Look for your target SSID and check the "Security settings" section.
    • If "Management Frame Protection Supported" appears → PMF is enabled.

4. Using Android (Wi-Fi Analyzer Apps)

  • Apps like Wi-Fi Analyzer or NetX may show 802.11w or PMF status in AP details.

Interpretation of Results

Status Security Implication
PMF Disabled Vulnerable to deauth attacks (aireplay-ng -0).
PMF Capable (MFPC) Optional (some clients may not use it).
PMF Required (MFPR) Best security (blocks deauth attacks).

5. Use wpa_cli (Linux)

For WPA2-Personal:

  1. Run: 
    wpa_cli -i wlan0
  2. In the CLI, type scan_results and note the BSSID.
  3. Type bssid <BSSID> and check the RSN flags:
    • [MFPC] → PMF Capable.
    • [MFPR] → PMF Required.

6. Check RADIUS Server Settings (White-Box)

  • If you have insider access, verify if the RADIUS server (e.g., FreeRADIUS, NPS) enforces PMF:
    • Look for ieee80211w = 1 (PMF optional) or ieee80211w = 2 (PMF required) in the RADIUS client configuration.

7. Checking Access Point Configuration (White Box):

If you have been provided with access to the configuration interface of the wireless access point (as part of the white box testing), you can directly check the PMF settings.

  • Steps:

    1. Log in to the access point's web interface or command-line interface.
    2. Navigate to the wireless settings for the specific SSID you are testing.
    3. Look for options related to security, WPA2/WPA3, and advanced settings.
    4. You should find a setting labeled something like:
      • Protected Management Frames (PMF)
      • Management Frame Protection (MFP)
      • 802.11w
      • Secure Management Frames
    5. The setting will likely have options like "Enabled," "Disabled," "Optional," or "Required."

  • Interpreting the Results:

    • Enabled/Required: PMF is actively enforced. Clients that don't support PMF might not be able to connect.
    • Optional: PMF is supported, and clients that support it will use it, but clients that don't can still connect without it. This is less secure than "Enabled/Required."
    • Disabled: PMF is not enabled on the network

Key Notes for Both Networks

  • WPA2 + PMF: PMF is optional in WPA2 (defined in 802.11w) but mandatory in WPA3.
  • WPA3 Networks: PMF is always required, so this check is irrelevant for WPA3.

Example Scenarios

Scenario 1: PMF Disabled (Vulnerable)

  • Attackers can use aireplay-ng to deauth clients: 
    aireplay-ng -0 10 -a <AP_MAC> -c <Client_MAC> wlan0mon
  • Clients will disconnect and may reveal handshakes for cracking (WPA2-Personal).

Scenario 2: PMF Enabled (Secure)

  • Deauth attacks fail. You’ll see errors like: 
    aireplay-ng: Got a deauth/disassoc packet. Is PMF enabled on the AP?

Recommendations

  1. Enable PMF in "Required" mode for both WPA2-Enterprise and WPA2-Personal.
  2. Migrate to WPA3 (PMF is enforced by default).
Posted by at No comments:
Labels: , ,

Thursday, September 7, 2023

Issue of Outlook for Mac on copy/paste meeting

 

Environment:

1.     MacBook Pro 2021 M1

2.     MacOS: Ventura 13.5.1

3.     Microsoft Outlook for Mac, version 16.76.2

 

Symptoms:

 

Currently there is no way to copy/paste Outlook Calendar items (schedules and meetings) on Microsoft Outlook for Mac.

 

Solution (Workaround):

1.     Use outlook web instead.

2.     Login to outlook.office.com

3.     Click “Calendar” icon on the left panel.

4.     Right click on the meeting that you want to copy.

5.     Select “Duplicate event”

6.     Change Date and Time.

 



Posted by at No comments:
Labels: , , ,

Wednesday, April 19, 2023

Fix Activity Monitor column issue on MacOS

 

(Just for my references)

Environment:

1.     MacBook Pro 2019 Intel

2.     MacOS: Ventura 13.0

3.     Activity Monitor

 

Symptoms

When opening the Activity Monitor, the “Process name” column was too width, and it is very hard to see other columns.





Solution

1.     Open terminal

2.     Run command: rm -f ~/Library/Preferences/com.apple.ActivityMonitor.plist

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)