1. Overview

In this tutorial, we’ll describe how to connect a system to a wireless network using the command line from Linux. Even though they’re command-line utilities, we’ll not consider nmcli, wpa_cli, or wifi_menu (from distributions like Arch Linux) because they may not be available in all systems.

We’ll begin with some preliminary steps before setting up the hardware and network interface. Since they’re often easier to set up, we begin with the more insecure WEP wireless networks, followed by the secure WPA/WPA2 networks. In the end, we’ll see some final steps to ensure that the process has been successful.

2. Preliminary Steps

There are three steps we need to undertake before setting up a wireless network. To start with, we have to know the name of our network interface.

2.1. Using iwconfig and ifconfig

First, let’s use the iwconfig command:

$ iwconfig
enp0s25   no wireless extensions.
wlp3s0    IEEE 802.11 ESSID:off/any 
          Mode:Managed Access Point: Not-Associated Tx-Power=off 
          Retry short limit:7 RTS thr:off Fragment thr:off
          Power Management:on

In the previous output, we see two interfaces:

  • enp0s25: corresponds to an Ethernet connection without wireless extensions
  • wlp3s0: network interface we’ll use

After getting the interface name that we want to use, we activate it. In case it’s not already activated, we can use the ifconfig command:

$ sudo ifconfig wlp3s0 up

To manage the network interfaces, we need super-user rights. Thus, similar to the previous command, many of the following are preceded by the sudo command.

2.2. Using iw and ip

Alternatively, we can also employ the iw command which is a more advanced version of the iwconfig command:

$ iw dev
phy#0
    Interface wlp3s0
        ifindex 3
        wdev 0x1
        addr 20:4e:f6:2f:18:d9
        ssid $SSID_NAME
        type managed
        channel 9 (2452 MHz), width: 40 MHz, center1: 2442 MHz
        txpower 20.00 dBm
        multicast TXQ:
            qsz-byt    qsz-pkt    flows    drops    marks    overlmt    hashcol    tx-bytes    tx-packets
            0    0    0    0    0    0    0    0        0

Consequently, we can also use the ip command to activate the network interface:

$ sudo ip link set wlp3s0 up

The ip command is a tool for showing and configuring network interfaces in Linux. It’s a more powerful version of the now deprecated ifconfig command.

Finally, we may also want to scan the surrounding wireless networks. If we already know the ESSID (Extended Service Set IDentifier), which is the network name, we can skip this step.

Otherwise, we can scan with iwlist combined with the s mode and the name of the active network interface:

$ sudo iwlist wlp3s0 s | grep 'Cell\|Quality\|ESSID\|IEEE'
   Cell 01 - Address: AA:AA:AA:AA:AA:AA
             Quality=60/70 Signal level=-50 dBm 
             ESSID:"WLAN_NAME_1"
             IE: IEEE 802.11i/WPA2 Version 1
   Cell 02 - Address: BB:BB:BB:BB:BB:BB
             Quality=54/70 Signal level=-56 dBm 
             ESSID:"WLAN_NAME_2"
             IE: IEEE 802.11i/WPA2 Version 1
   Cell ...

The use of grep is optional, but the dense output of iwlist becomes fairly easy to process after filtering. In particular, there are several fields of interest:

  • Address
  • Quality
  • Signal level
  • ESSID
  • wireless security type under the IE section

Notably, for the following sections, we’ll assume a wireless network named WLAN_NAME with a password of WLAN_PASSWORD.

3. Connection to WEP Wireless Networks

The way we connect to a network depends on the network’s security. The WEP (Wired Equivalent Privacy) is a deprecated security algorithm for wireless networks. However, we can still find this type of network around.

3.1. Using iwconfig

The connection to these networks can be done via the iwconfig command. If the network doesn’t have a password, we can use a direct approach:

$ sudo iwconfig essid WLAN_NAME

However, if the network is protected, we need to specify the password, either in hexadecimal or ASCII format. The hexadecimal-format password is entered directly after key:

$ sudo iwconfig essid WLAN_NAME key WLAN_PASSWORD

The ASCII format requires a prefix of s: before the password to indicate its format:

$ sudo iwconfig essid WLAN_NAME key s:WLAN_PASSWORD

We can test the connection by employing the iwconfig command and specifying the interface name:

$ iwconfig wlp3s0
wlp3s0    IEEE 802.11  ESSID:"WLAN_NAME"  
          Mode:Managed  Frequency:2.452 GHz  Access Point: AA:AA:AA:AA:AA:AA   
          Bit Rate=108 Mb/s   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on
[....]

We should see the ESSID we specified while connecting.

3.2. Using iw

We can connect to an open wireless network using the iw command by specifying the network ESSID after the connect subcommand:

$ sudo iw dev wlp3s0 connect '$ESSID'

For encrypted WEP networks, we can also specify the password in hexadecimal or ASCII format.

$ iw dev wlp3s0 connect '$ESSID' key 0:your_password

Similar to the iwconfig command, we can prepend the password with s: to specify the ASCII format:

$ iw dev wlp3s0 connect '$ESSID' key 0:s:your_password

We can use the iw command to check whether the connection was successful:

$ sudo iw dev wlp3s0 link
Connected to aa:aa:aa:aa:aa:aa (on wlp3s0)
    SSID: $ESSID
    freq: 2452
    RX: 147774476 bytes (172658 packets)
    TX: 16598376 bytes (80745 packets)
    signal: -49 dBm
    rx bitrate: 130.0 MBit/s MCS 15
    tx bitrate: 81.0 MBit/s MCS 4 40MHz

    bss flags:    short-slot-time
    dtim period:    1
    beacon int:    100

If the connection is successful, it should show the ESSID that we specified.

4. Connection to WPA/WPA2 Wireless Networks

The newer WPA (Wi-Fi Protected Access) encryptions require a different connection process. The first step consists of storing the name of the wireless network and its password in a configuration file. To do so, let’s use the wpa_passphrase command with the WLAN_NAME and its WLAN_PASSWORD:

$ sudo wpa_passphrase WLAN_NAME WLAN_PASSWORD > /etc/wpa_supplicant.conf

Although the file /etc/wpa_supplicant.conf usually stores this information, we can choose any other path. The functionality of the wpa_passphrase command is that it stores the name and password with a hash:

$ cat /etc/wpa_supplicant.conf
  network={
           ssid="WLAN_NAME"
           #psk="WLAN_PASSWORD"
           psk=26df252bcd9b7be94233691ee676b581028e34052f13aff3c2a73122be1eea0f
          }

Once we have a file for a given wireless network, we need to know the drivers that our network interface can use. For that, we’ll run wpa_supplicant without any other arguments. This returns, among other information, the available drivers:

$ wpa_supplicant 
Successfully initialized wpa_supplicant
wpa_supplicant v2.10
  ...
usage:
  ...
drivers:
  nl80211 = Linux nl80211/cfg80211
  wext = Linux wireless extensions (generic)
  wired = Wired Ethernet driver
  macsec_linux = MACsec Ethernet driver for Linux
  none = no driver (RADIUS server/WPS ER)
options:
  ...

Other drivers may appear on other systems. However, one of the most common drivers is wext, so it’s the one we’ll use. We may have to try different drivers if our systems don’t work with the generic ones.

Next, let’s launch wpa_supplicant with the connection parameters to test that everything is working properly:

$ wpa_supplicant -i wlp3s0 -c /etc/wpa_supplicant.conf -D wext

The -i flag serves to specify the network interface. The -c flag is used for the path of the configuration file. Finally, the -D flag precedes the driver’s name.

If the connection is successful, we can cancel the process (Ctrl+C) and execute it again with the -B flag to keep it running in the background:

$ wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant.conf -D wext

This way, we can resume our work in the same session.

5. Final Steps

After having connected the system to the wireless network, let’s run the dhclient command to assign a dynamic IP from the DHCP server:

$ sudo dhclient wlp3s0

Finally, let’s run the iwconfig command to check whether everything has been successful:

$ iwconfig
enp0s25   no wireless extensions.
wlp3s0    IEEE 802.11  ESSID:"WLAN_NAME"  
          Mode:Managed  Frequency:5.18 GHz  Access Point: AA:AA:AA:AA:AA:AA
          Bit Rate=135 Mb/s   Tx-Power=15 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=62/70  Signal level=-48 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:1  Invalid misc:70   Missed beacon:0

In the ESSID section, the wireless network name has now replaced the off/any output from the previous call to iwconfig when there was no network connection. Similarly, we can employ the iw command like we did earlier.

6. Conclusion

In this article, we saw how to connect to a wireless network through the Linux command line.

We began by learning the commands to discover the name of our network interface and then activate it. Next, we discussed how to connect to both WEP and WPA/WPA2 networks. Further, we used the iw and ip commands which are modern versions of the deprecated iwconfig and ifconfig commands respectively.

Finally, we included some closing commands to ensure that our connection is working.