Wifi connection is one of the most common issue in linux. In this article we will discuss how to handle this issue using command line. In this guide we will discuss few steps for connecting to WPA/WPA2 WiFi network. In this case you’ve only got wired connection only.

cli-commands to connect wifi

Connect WiFi network from command line

The following tools is required to connect WiFi network by using command line.

  1. wpa_supplicant
  2. iw
  3. ip
  4. ping

Linux Supplicant ( WPA/WPA2/IEEE 802.1X )

wpa_supplicant is a WPA supplicant for MAC, BSD, Linux and Windows with support for WPA and WPA2. It is suitable for both laptop/desktop and embedded systems. Supplicant is IEEE 802.1X /WPA component that is used in client station (User End). It implements key negotiation with WPA authentication and it controls the roaming and IEEE 802.11 authentication and association of the WLAN drive.

ip – ip program in Linux

ip is use to enable /disabling device and show / manipulate routing devices, policy routing and tunnels. ip was written by Alexey N.Kuznetsov, by using of man ip command you will see full help/man page.

iw – Linux Wireless Utility

iw is 802.11 based CLI configuration utility for wireless devises. It supports all new drivers that have recently added to kernel. This is an new tool, the old iwconfig tools which is uses Wireless Extensions interface ,is deprecated and it’s highly recommended to switch to iw.

ping – Linux

In simple way to explain ping to test the ability of the source computer to reach specific destination computer (communication between source to destination). The ping command is operates by sending ICMP  (Internet Control Message Protocol ) to destination computer and waiting for a response.

Setup to Connect WiFi network In Linux

Step 1: Find available WiFi adapter – Connect WiFi network from command line

In this step we need to know the WiFi device name before trying to connect to WiFi network. We use the following command that will show the list of all connected WiFi adapters in Linux System.

root@blackhat:~# iw dev
phy#0
	Interface wlan0
		ifindex 3
		wdev 0x1
		addr 76:0c:b8:05:4b:2b
		type managed
		channel 5 (2432 MHz), width: 40 MHz, center1: 2442 MHz
root@blackhat:~# 

It shows the you have 1 physical WiFi adapter attached to your System.

  1. Designated name : phy#0
  2. Device name (interface name): wlan0
  3. Interface Index: 3 (as per connected ports).
  4. addr : 76:0c:b8:05:4b:2b (Wifi Adapter mac address).
  5. type : managed (specifies the operational mode of wireless devices. managed means the device is WiFi client or station that connects to an access point).
  6.  Channel 5 ( specifices adapter Channel no, frequency, bandwidth).

Step 2: Check device status – Connect WiFi network from command line

root@blackhat:~# ip link show wlan0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000
    link/ether 76:0c:b8:05:4b:2b brd ff:ff:ff:ff:ff:ff
root@blackhat:~# 

The above command outpout show interface (wlan0) as state UP mode.

Step 3: Active your Wifi interface – Connect WiFi network from command line

if you want to down your WiFi interface, use following command.

root@blackhat:~# ip link show wlan0
3: wlan0:  mtu 1500 qdisc mq state DOWN mode DORMANT group default qlen 1000
    link/ether 76:0c:b8:05:4b:2b brd ff:ff:ff:ff:ff:ff
root@blackhat:~# 

For bringing up your Wifi Interface by using following command.

root@blackhat:~# ip link show wlan0
3: wlan0:  mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000
    link/ether 76:0c:b8:05:4b:2b brd ff:ff:ff:ff:ff:ff
root@blackhat:~# 

Step 4: Check Connection Status – Connect WiFi network from command line

You can check your WiFi interface is connection status

if your Wifi adapter is connected the command gives you output like this

root@blackhat:~# iw wlan0 link
Connected to 2c:30:33:a2:91:76 (on wlan0)
	SSID: Buffercode.in_EXT
	freq: 2432
	RX: 142979 bytes (358 packets)
	TX: 86012 bytes (360 packets)
	signal: -50 dBm
	tx bitrate: 150.0 MBit/s MCS 7 40MHz short GI

	bss flags:	short-preamble short-slot-time
	dtim period:	1
	beacon int:	100
root@blackhat:~# 

otherwise output like this

root@blackhat:~# iw wlan0 link
Not connected.
root@blackhat:~# 

Step 5: Scan Wifi Network – Connect WiFi network from command line

This will find out what Wifi network are detected

root@blackhat:~# iw wlan0 scan
BSS 2c:30:33:a2:91:76(on wlan0) -- associated
	TSF: 7072423485 usec (0d, 01:57:52)
	freq: 2432
	beacon interval: 100 TUs
	capability: ESS Privacy ShortPreamble ShortSlotTime (0x0431)
	signal: -54.00 dBm
	last seen: 0 ms ago
	Information elements from Probe Response frame:
	SSID: Buffercode.in_EXT
	Supported rates: 1.0* 2.0* 5.5* 11.0* 9.0 18.0 36.0 54.0 
	DS Parameter set: channel 5
	ERP: 
	Extended supported rates: 6.0 12.0 24.0 48.0 
	HT capabilities:
		Capabilities: 0x11ee
			HT20/HT40
			SM Power Save disabled
			RX HT20 SGI
			RX HT40 SGI
			TX STBC
			RX STBC 1-stream
			Max AMSDU length: 3839 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 4 usec (0x05)
		HT RX MCS rate indexes supported: 0-15, 32
		HT TX MCS rate indexes are undefined
	HT operation:
		 * primary channel: 5
		 * secondary channel offset: above
		 * STA channel width: any
		 * RIFS: 0
		 * HT protection: 20 MHz
		 * non-GF present: 1
		 * OBSS non-GF present: 0
		 * dual beacon: 0
		 * dual CTS protection: 0
		 * STBC beacon: 0
		 * L-SIG TXOP Prot: 0
		 * PCO active: 0
		 * PCO phase: 0
	WPA:	 * Version: 1
		 * Group cipher: TKIP
		 * Pairwise ciphers: TKIP CCMP
		 * Authentication suites: PSK
	RSN:	 * Version: 1
		 * Group cipher: TKIP
		 * Pairwise ciphers: TKIP CCMP
		 * Authentication suites: PSK
		 * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000)
	WMM:	 * Parameter version 1
		 * BE: CW 15-1023, AIFSN 3
		 * BK: CW 15-1023, AIFSN 7
		 * VI: CW 7-15, AIFSN 2, TXOP 3008 usec
		 * VO: CW 3-7, AIFSN 2, TXOP 1504 usec
	BSS Load:
		 * station count: 2
		 * channel utilisation: 23/255
		 * available admission capacity: 31250 [*32us]
	Overlapping BSS scan params:
		 * passive dwell: 20 TUs
		 * active dwell: 10 TUs
		 * channel width trigger scan interval: 300 s
		 * scan passive total per channel: 200 TUs
		 * scan active total per channel: 20 TUs
		 * BSS width channel transition delay factor: 5
		 * OBSS Scan Activity Threshold: 0.25 %
	WPS:	 * Version: 1.0
		 * Wi-Fi Protected Setup State: 2 (Configured)
		 * Response Type: 3 (AP)
		 * UUID: 28802880-2880-1880-a880-2c3033a29176
		 * Manufacturer: NTGR
		 * Model: WN3000RP
		 * Model Number: V3
		 * Serial Number: 2c3033a29176
		 * Primary Device Type: 6-0050f204-1
		 * Device name: WN3000RPv3(Wireless AP)
		 * Config methods: Label, Display, Keypad
		 * RF Bands: 0x1
		 * Unknown TLV (0x1049, 6 bytes): 00 37 2a 00 01 20
BSS c0:4a:00:e0:53:c2(on wlan0)
	TSF: 840941822144 usec (9d, 17:35:41)
	freq: 2432
	beacon interval: 100 TUs
	capability: ESS Privacy ShortPreamble ShortSlotTime (0x0431)
	signal: -61.00 dBm
	last seen: 0 ms ago
	SSID: Buffercode.in
	Supported rates: 1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 
	DS Parameter set: channel 5
	ERP: 
	RSN:	 * Version: 1
		 * Group cipher: TKIP
		 * Pairwise ciphers: CCMP TKIP
		 * Authentication suites: PSK
		 * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000)
	Extended supported rates: 24.0 36.0 48.0 54.0 
	HT capabilities:
		Capabilities: 0x11ef
			RX LDPC
			HT20/HT40
			SM Power Save disabled
			RX HT20 SGI
			RX HT40 SGI
			TX STBC
			RX STBC 1-stream
			Max AMSDU length: 3839 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: No restriction (0x00)
		HT RX MCS rate indexes supported: 0-15
		HT TX MCS rate indexes are undefined
	HT operation:
		 * primary channel: 5
		 * secondary channel offset: above
		 * STA channel width: any
		 * RIFS: 1
		 * HT protection: 20 MHz
		 * non-GF present: 1
		 * OBSS non-GF present: 0
		 * dual beacon: 0
		 * dual CTS protection: 0
		 * STBC beacon: 0
		 * L-SIG TXOP Prot: 0
		 * PCO active: 0
		 * PCO phase: 0
	WPA:	 * Version: 1
		 * Group cipher: TKIP
		 * Pairwise ciphers: CCMP TKIP
		 * Authentication suites: PSK
	WMM:	 * Parameter version 1
		 * u-APSD
		 * BE: CW 15-1023, AIFSN 3
		 * BK: CW 15-1023, AIFSN 7
		 * VI: CW 7-15, AIFSN 2, TXOP 3008 usec
		 * VO: CW 3-7, AIFSN 2, TXOP 1504 usec
	WPS:	 * Version: 1.0
		 * Wi-Fi Protected Setup State: 2 (Configured)
		 * Response Type: 3 (AP)
		 * UUID: 00010203-0405-0607-0809-0a0b0c0d0e0f
		 * Manufacturer: TP-LINK
		 * Model: TL-MR3420
		 * Model Number: 1.0
		 * Serial Number: 1.0
		 * Primary Device Type: 6-0050f204-1
		 * Device name: Wireless N 3G/4G Router MR3420
		 * Config methods: Ethernet, Label, PBC
		 * RF Bands: 0x1
		 * Unknown TLV (0x1049, 20 bytes): 00 24 e2 60 02 00 01 01 60 00 00 02 00 01 60 01 00 02 00 01
BSS ec:1d:7f:7a:7a:53(on wlan0)
	TSF: 36529711 usec (0d, 00:00:36)
	freq: 2462
	beacon interval: 100 TUs
	capability: ESS Privacy ShortSlotTime (0x0411)
	signal: -77.00 dBm
	last seen: 0 ms ago
	SSID: airtel_7A7A53
	Supported rates: 1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0 
	DS Parameter set: channel 11
	ERP: Barker_Preamble_Mode
	ERP D4.0: Barker_Preamble_Mode
	RSN:	 * Version: 1
		 * Group cipher: CCMP
		 * Pairwise ciphers: CCMP
		 * Authentication suites: PSK
		 * Capabilities: 16-PTKSA-RC 1-GTKSA-RC (0x000c)
	Extended supported rates: 6.0 9.0 12.0 48.0 
	HT capabilities:
		Capabilities: 0x1bc
			HT20
			SM Power Save disabled
			RX Greenfield
			RX HT20 SGI
			TX STBC
			RX STBC 1-stream
			Max AMSDU length: 3839 bytes
			No DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 8 usec (0x06)
		HT RX MCS rate indexes supported: 0-15
		HT TX MCS rate indexes are undefined
	HT operation:
		 * primary channel: 11
		 * secondary channel offset: no secondary
		 * STA channel width: 20 MHz
		 * RIFS: 1
		 * HT protection: nonmember
		 * non-GF present: 1
		 * OBSS non-GF present: 1
		 * dual beacon: 0
		 * dual CTS protection: 0
		 * STBC beacon: 0
		 * L-SIG TXOP Prot: 0
		 * PCO active: 0
		 * PCO phase: 0
	WMM:	 * Parameter version 1
		 * u-APSD
		 * BE: CW 15-63, AIFSN 3
		 * BK: CW 15-1023, AIFSN 7
		 * VI: CW 7-15, AIFSN 1, TXOP 3008 usec
		 * VO: CW 3-7, AIFSN 1, TXOP 1504 usec
BSS c8:3a:35:35:3a:58(on wlan0)
	TSF: 1118163209 usec (0d, 00:18:38)
	freq: 2462
	beacon interval: 100 TUs
	capability: ESS Privacy ShortSlotTime (0x0411)
	signal: -81.00 dBm
	last seen: 0 ms ago
	SSID: MyWifi\x20
	Supported rates: 1.0* 2.0* 5.5 11.0 18.0 24.0 36.0 54.0 
	DS Parameter set: channel 11
	ERP: 
	ERP D4.0: 
	Extended supported rates: 6.0 9.0 12.0 48.0 
	HT capabilities:
		Capabilities: 0x187e
			HT20/HT40
			SM Power Save disabled
			RX Greenfield
			RX HT20 SGI
			RX HT40 SGI
			No RX STBC
			Max AMSDU length: 7935 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 8 usec (0x06)
		HT RX MCS rate indexes supported: 0-7
		HT TX MCS rate indexes are undefined
	HT operation:
		 * primary channel: 11
		 * secondary channel offset: below
		 * STA channel width: any
		 * RIFS: 1
		 * HT protection: no
		 * non-GF present: 1
		 * OBSS non-GF present: 0
		 * dual beacon: 0
		 * dual CTS protection: 0
		 * STBC beacon: 0
		 * L-SIG TXOP Prot: 0
		 * PCO active: 0
		 * PCO phase: 0
	WPA:	 * Version: 1
		 * Group cipher: CCMP
		 * Pairwise ciphers: CCMP
		 * Authentication suites: PSK
		 * Capabilities: 16-PTKSA-RC 1-GTKSA-RC (0x000c)
	WMM:	 * Parameter version 1
		 * BE: CW 15-1023, AIFSN 3
		 * BK: CW 15-1023, AIFSN 7
		 * VI: CW 7-15, AIFSN 2, TXOP 3008 usec
		 * VO: CW 3-7, AIFSN 2, TXOP 1504 usec
root@blackhat:~# 

Step 6 : Generate WPA/WPA2 Config. File – Connect WiFi network from command line

Now in this step we will generate a configuration file for wpa_supplicant that contains the passphrase (pre-shared-key) to wifi network.

root@blackhat:~# wpa_passphrase Buffercode.in >> /etc/wpa_supplicant.conf
etc@1234
( here 'etc@1234' is Network password you want to connect )
root@blackhat:~# 
root@blackhat:~# cat /etc/wpa_supplicant.conf 
# reading passphrase from stdin
network={
	ssid="Buffercode.in"
	#psk="etc@1234"
	psk=7e1a25c7b5c16c29a2e6a18a3c469640a9d4439c77e46386339db3ae4579e8ac
}
root@blackhat:~# 

wpa_supplicant uses SSID as string, you just type Buffercode.in (network name) after wpa_passphrase command. The wpa_passphrase will automatically creates a configuration file based on your entries. Each network has own new new configuration file placed on /etc/wpa_suppicant.conf. By using of any text geditor like gedit, vi, nano or other you can see this file. I will use cat command that will show the file on terminal.

Step 7: Connect to WPA/WPA2 WiFi network – Connect WiFi network from command line

Now we have an configuration file, by using of this file we will connect to network by using wpa_supplicant command.

root@blackhat:~# wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant.conf
Successfully initialized wpa_supplicant
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument
root@blackhat:~# 
wpa_supplicant option :

-B run wp_supplicant in the background.
-D specifies wireless driver, wext is generic deriver.
-i speifices WiFi interface (wlan0).
-c specifies the path of configuration file.

now

root@blackhat:~# iw wlan0 link
Connected to 2c:30:33:a2:91:76 (on wlan0)
	SSID: Buffercode.in
	freq: 2432
	RX: 1708166 bytes (2817 packets)
	TX: 448128 bytes (2605 packets)
	signal: -48 dBm
	tx bitrate: 150.0 MBit/s MCS 7 40MHz short GI

	bss flags:	short-preamble short-slot-time
	dtim period:	1
	beacon int:	100
root@blackhat:~# 

Step 8: Get an IP using DHClient – Connect WiFi network from command line

After connect to an network, we can use DHClient to get an IP address by DHCP.

root@blackhat:~# dhclient wlan0
Reloading /etc/samba/smb.conf: smbd only.
root@blackhat:~# 

Use ip or ifconfig command to verify the IP address assigned by DHCP

root@blackhat:~# ip addr show wlan0
3: wlan0:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 78:0c:b8:04:4a:2a brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.109/24 brd 192.168.0.255 scope global dynamic wlan0
       valid_lft 6786sec preferred_lft 6786sec
    inet6 fe80::7a0c:b8ff:fe04:4a2a/64 scope link 
       valid_lft forever preferred_lft forever
root@blackhat:~# 

or

root@blackhat:~# ifconfig wlan0
wlan0: flags=4163  mtu 1500
        inet 192.168.0.109  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::7a0c:b8ff:fe04:4a2a  prefixlen 64  scopeid 0x20
        ether 78:0c:b8:04:4a:2a  txqueuelen 1000  (Ethernet)
        RX packets 3190  bytes 1657414 (1.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3079  bytes 626839 (612.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@blackhat:~# 

In this step we ensure that having the proper routing rules.

root@blackhat:~# ip route show 
default via 192.168.0.1 dev wlan0 
default via 192.168.0.1 dev wlan0  proto static  metric 600 
192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.109  metric 600 
root@blackhat:~# 

Step 9: Testing Connectivity – Connect WiFi network from command line

By using of ping command we ensure that we are properly connect to network.

root@blackhat:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=3 ttl=42 time=265 ms
64 bytes from 8.8.8.8: icmp_req=4 ttl=42 time=176 ms
64 bytes from 8.8.8.8: icmp_req=5 ttl=42 time=174 ms
64 bytes from 8.8.8.8: icmp_req=6 ttl=42 time=174 ms
--- 8.8.8.8 ping statistics ---
8 packets transmitted, 4 received, 33% packet loss, time 5020ms
rtt min/avg/max/mdev = 174.353/197.683/265.456/39.134 ms
root@blackhat:~#

Congratulation you have successfully configure your WiFi with your network.

Have something to add in this article?? Please share in comments.

Follow us for more reviews,tutorials and tech news on Facebook, Google Plus and Twitter.