Application: MfO = Mimecast for Outlook

Application: App Launcher = MyApps Webbased portal

Method = IWA ( Intergrated Windows Authentication ) usually from the Mimecast Outlook Add In

Method =  EWS Basic ( Used by Domain Authentication to check onprem ) 

• No Comments

Finding issues in wireless networks can be hard , however there are some tools you can use before you get the Spectrum Analyser in! 

Auditing

Download and install inSSIDer Home

Great way to visualise SSID strength and channels, just to note when you run this , your Pings will go up!

Ekahau

Great Heatmapping software and paid for software for scanning

How to check to DeAuths 

Once you identify the channel, launch https://www.wireshark.org/ on that channel and listen for a minute or two.

First, apply this filter:

wlan.fc.type_subtype == 0xc

This will show you all the deauthentication frames that have been sent out.

Apply this filter next:

wlan.fc.type_subtype == 0x8 && wlan.sa == <BSSID of the SSID you are inspecting>

This will display beacon frames from your AP. Check the signal strength. In this case, we’ve got a good strong signal because we’re right next to the AP (right around -40 dBm on average).

Next, apply this filter:

wlan.fc.type_subtype == 0xc && wlan.sa == <BSSID of the SSID you are inspecting>

This shows deauthentication frames from your AP. Note the signal strength on the far right…

The deauthentication frames are coming in much weaker than the valid beacon frames. This indicates strongly that another AP is spoofing your system.

• No Comments