1. Overview
In this tutorial, we’ll describe how to connect a system to a wireless network using the command line from Linux. Even though they’re command-line utilities, we’ll not consider nmcli, wpa_cli, or wifi_menu (from distributions like Arch Linux) because they may not be available in all systems.
We’ll begin with some preliminary steps before setting up the hardware and network interface. Since they’re often easier to set up, we begin with the more insecure WEP wireless networks, followed by the secure WPA/WPA2 networks. In the end, we’ll see some final steps to ensure that the process has been successful.
2. Preliminary Steps
There are three steps we need to undertake before setting up a wireless network. To start with, we have to know the name of our network interface.
2.1. Using iwconfig and ifconfig
First, let’s use the iwconfig command:
$ iwconfig
enp0s25 no wireless extensions.
wlp3s0 IEEE 802.11 ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=off
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
In the previous output, we see two interfaces:
- enp0s25: corresponds to an Ethernet connection without wireless extensions
- wlp3s0: network interface we’ll use
After getting the interface name that we want to use, we activate it. In case it’s not already activated, we can use the ifconfig command:
$ sudo ifconfig wlp3s0 up
To manage the network interfaces, we need super-user rights. Thus, similar to the previous command, many of the following are preceded by the sudo command.
2.2. Using iw and ip
Alternatively, we can also employ the iw command which is a more advanced version of the iwconfig command:
$ iw dev
phy#0
Interface wlp3s0
ifindex 3
wdev 0x1
addr 20:4e:f6:2f:18:d9
ssid $SSID_NAME
type managed
channel 9 (2452 MHz), width: 40 MHz, center1: 2442 MHz
txpower 20.00 dBm
multicast TXQ:
qsz-byt qsz-pkt flows drops marks overlmt hashcol tx-bytes tx-packets
0 0 0 0 0 0 0 0 0
Consequently, we can also use the ip command to activate the network interface:
$ sudo ip link set wlp3s0 up
The ip command is a tool for showing and configuring network interfaces in Linux. It’s a more powerful version of the now deprecated ifconfig command.
Finally, we may also want to scan the surrounding wireless networks. If we already know the ESSID (Extended Service Set IDentifier), which is the network name, we can skip this step.
Otherwise, we can scan with iwlist combined with the s mode and the name of the active network interface:
$ sudo iwlist wlp3s0 s | grep 'Cell\|Quality\|ESSID\|IEEE'
Cell 01 - Address: AA:AA:AA:AA:AA:AA
Quality=60/70 Signal level=-50 dBm
ESSID:"WLAN_NAME_1"
IE: IEEE 802.11i/WPA2 Version 1
Cell 02 - Address: BB:BB:BB:BB:BB:BB
Quality=54/70 Signal level=-56 dBm
ESSID:"WLAN_NAME_2"
IE: IEEE 802.11i/WPA2 Version 1
Cell ...
The use of grep is optional, but the dense output of iwlist becomes fairly easy to process after filtering. In particular, there are several fields of interest:
- Address
- Quality
- Signal level
- ESSID
- wireless security type under the IE section
Notably, for the following sections, we’ll assume a wireless network named WLAN_NAME with a password of WLAN_PASSWORD.
3. Connection to WEP Wireless Networks
The way we connect to a network depends on the network’s security. The WEP (Wired Equivalent Privacy) is a deprecated security algorithm for wireless networks. However, we can still find this type of network around.
3.1. Using iwconfig
The connection to these networks can be done via the iwconfig command. If the network doesn’t have a password, we can use a direct approach:
$ sudo iwconfig essid WLAN_NAME
However, if the network is protected, we need to specify the password, either in hexadecimal or ASCII format. The hexadecimal-format password is entered directly after key:
$ sudo iwconfig essid WLAN_NAME key WLAN_PASSWORD
The ASCII format requires a prefix of s: before the password to indicate its format:
$ sudo iwconfig essid WLAN_NAME key s:WLAN_PASSWORD
We can test the connection by employing the iwconfig command and specifying the interface name:
$ iwconfig wlp3s0
wlp3s0 IEEE 802.11 ESSID:"WLAN_NAME"
Mode:Managed Frequency:2.452 GHz Access Point: AA:AA:AA:AA:AA:AA
Bit Rate=108 Mb/s Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
[....]
We should see the ESSID we specified while connecting.
3.2. Using iw
We can connect to an open wireless network using the iw command by specifying the network ESSID after the connect subcommand:
$ sudo iw dev wlp3s0 connect '$ESSID'
For encrypted WEP networks, we can also specify the password in hexadecimal or ASCII format.
$ iw dev wlp3s0 connect '$ESSID' key 0:your_password
Similar to the iwconfig command, we can prepend the password with s: to specify the ASCII format:
$ iw dev wlp3s0 connect '$ESSID' key 0:s:your_password
We can use the iw command to check whether the connection was successful:
$ sudo iw dev wlp3s0 link
Connected to aa:aa:aa:aa:aa:aa (on wlp3s0)
SSID: $ESSID
freq: 2452
RX: 147774476 bytes (172658 packets)
TX: 16598376 bytes (80745 packets)
signal: -49 dBm
rx bitrate: 130.0 MBit/s MCS 15
tx bitrate: 81.0 MBit/s MCS 4 40MHz
bss flags: short-slot-time
dtim period: 1
beacon int: 100
If the connection is successful, it should show the ESSID that we specified.
4. Connection to WPA/WPA2 Wireless Networks
The newer WPA (Wi-Fi Protected Access) encryptions require a different connection process. The first step consists of storing the name of the wireless network and its password in a configuration file. To do so, let’s use the wpa_passphrase command with the WLAN_NAME and its WLAN_PASSWORD:
$ sudo wpa_passphrase WLAN_NAME WLAN_PASSWORD > /etc/wpa_supplicant.conf
Although the file /etc/wpa_supplicant.conf usually stores this information, we can choose any other path. The functionality of the wpa_passphrase command is that it stores the name and password with a hash:
$ cat /etc/wpa_supplicant.conf
network={
ssid="WLAN_NAME"
#psk="WLAN_PASSWORD"
psk=26df252bcd9b7be94233691ee676b581028e34052f13aff3c2a73122be1eea0f
}
Once we have a file for a given wireless network, we need to know the drivers that our network interface can use. For that, we’ll run wpa_supplicant without any other arguments. This returns, among other information, the available drivers:
$ wpa_supplicant
Successfully initialized wpa_supplicant
wpa_supplicant v2.10
...
usage:
...
drivers:
nl80211 = Linux nl80211/cfg80211
wext = Linux wireless extensions (generic)
wired = Wired Ethernet driver
macsec_linux = MACsec Ethernet driver for Linux
none = no driver (RADIUS server/WPS ER)
options:
...
Other drivers may appear on other systems. However, one of the most common drivers is wext, so it’s the one we’ll use. We may have to try different drivers if our systems don’t work with the generic ones.
Next, let’s launch wpa_supplicant with the connection parameters to test that everything is working properly:
$ wpa_supplicant -i wlp3s0 -c /etc/wpa_supplicant.conf -D wext
The -i flag serves to specify the network interface. The -c flag is used for the path of the configuration file. Finally, the -D flag precedes the driver’s name.
If the connection is successful, we can cancel the process (Ctrl+C) and execute it again with the -B flag to keep it running in the background:
$ wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant.conf -D wext
This way, we can resume our work in the same session.
5. Final Steps
After having connected the system to the wireless network, let’s run the dhclient command to assign a dynamic IP from the DHCP server:
$ sudo dhclient wlp3s0
Finally, let’s run the iwconfig command to check whether everything has been successful:
$ iwconfig
enp0s25 no wireless extensions.
wlp3s0 IEEE 802.11 ESSID:"WLAN_NAME"
Mode:Managed Frequency:5.18 GHz Access Point: AA:AA:AA:AA:AA:AA
Bit Rate=135 Mb/s Tx-Power=15 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:off
Link Quality=62/70 Signal level=-48 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:1 Invalid misc:70 Missed beacon:0
In the ESSID section, the wireless network name has now replaced the off/any output from the previous call to iwconfig when there was no network connection. Similarly, we can employ the iw command like we did earlier.
6. Conclusion
In this article, we saw how to connect to a wireless network through the Linux command line.
We began by learning the commands to discover the name of our network interface and then activate it. Next, we discussed how to connect to both WEP and WPA/WPA2 networks. Further, we used the iw and ip commands which are modern versions of the deprecated iwconfig and ifconfig commands respectively.
Finally, we included some closing commands to ensure that our connection is working.