Wi‑Fi Troubleshooting: PMF Is “On” but You’re Still Confused
PMF (802.11w / “Protected Management Frames”) protects certain management frames from trivial spoofing when properly negotiated. Confusion usually comes from mixing up optional vs required, client fallbacks, mixed WPA2/WPA3 environments, or expecting PMF to “fix” bad captures.
Permission-first: only assess networks you own or have explicit written authorization to test. See Legal & Ethics.
What to read first (blue team)
If your goal is to verify that PMF is actually enforced—not just toggled in a UI—use the step-by-step checklist:
How to verify PMF is really enforced (policy, client matrix, logs, negative tests, roaming, alerting).
Why “PMF enabled” still feels messy
- Optional PMF: clients that cannot do PMF may still associate on many networks; “enabled” is not “required.”
- Mixed clients: one device negotiates PMF while another uses a legacy profile—your dashboard can look “green” while exceptions exist.
- Capture interpretation: monitor-mode captures show frames; PMF changes what is protected and how failures present— it does not create “more data frames” by itself.
- WPA3 / transition: mixed modes increase the number of edge cases you must test deliberately.
When you’re doing wireless research (red team lab)
- Document SSID, band, WPA mode, and whether PMF is required for your test client profile.
- If handshakes or EAP traces look unexpected, revisit capture filters and adapter capabilities—not only PMF.
- For deeper capture issues, start with Wi‑Fi: handshakes and capture troubleshooting and Wi‑Fi FAQ.
Validation criteria
- You can state whether PMF is optional or required for the SSID under test.
- You’ve verified behavior with a controlled client matrix, not only an AP dashboard.
- You’ve used the PMF checklist to confirm enforcement—or documented a scoped exception.