Connecting to a Wireless Network Through Linux CLI

Last updated: August 16, 2023

1. Overview

In this tutorial, we’ll describe how to connect a system to a wireless network using the command line from Linux. Even if they are command-line utilities, we’ll not consider nmcli, wpa_cli, or wifi_menu (from distributions like Arch Linux) because they may not be available in all systems.

We’ll begin with some preliminary steps before setting up the hardware and network interface. Then, the more insecure WEP wireless networks are presented (as they are easier to set up), followed by the more secure WPA/WPA2 networks. In the end, we’ll present some final steps to ensure that the process has been successful.

2. Preliminary Steps

There are three steps we need to undertake before setting up a wireless network. The first is that we have to know the name of our network interface. For that, let’s use the iwconfig command:

$ iwconfig
enp0s25   no wireless extensions.
wlp3s0    IEEE 802.11 ESSID:off/any 
          Mode:Managed Access Point: Not-Associated Tx-Power=off 
          Retry short limit:7 RTS thr:off Fragment thr:off
          Power Management:on

In the previous output, we see two interfaces: enp0s25 (which corresponds to an Ethernet connection without wireless extensions) and wlp3s0 (which is the network interface we’ll use).

After getting the interface name that we want to use, we need to activate it. In case it’s not already activated, we can use the ifconfig command:

$ sudo ifconfig wlp3s0 up

To manage the network interfaces, we need super-user rights. Thus, the previous command and many of the following commands will be preceded by the sudo command.

Finally, we may also want to scan the surrounding wireless networks. If we already know the ESSID (Extended Service Set IDentifier), which is the network name, we can skip this step. Otherwise, we can scan with iwlist combined with the s mode and the name of the active network interface:

$ sudo iwlist wlp3s0 s | grep 'Cell\|Quality\|ESSID\|IEEE'
   Cell 01 - Address: AA:AA:AA:AA:AA:AA
             Quality=60/70 Signal level=-50 dBm 
             ESSID:"WLAN_NAME_1"
             IE: IEEE 802.11i/WPA2 Version 1
   Cell 02 - Address: BB:BB:BB:BB:BB:BB
             Quality=54/70 Signal level=-56 dBm 
             ESSID:"WLAN_NAME_2"
             IE: IEEE 802.11i/WPA2 Version 1
   Cell ...

The use of grep is optional, but by using it, we can filter the dense output of iwlist. The more interesting content is the Address, the Quality and Signal level, the ESSID, and the wireless security type (under the IE section). For the following sections, we’ll assume a wireless network named WLAN_NAME with a password of WLAN_PASSWORD.

3. Connection to WEP Wireless Networks

The way we connect to a network depends on the network’s security. The WEP (Wired Equivalent Privacy) is a deprecated security algorithm for wireless networks. However, we can still find this type of network around.

The connection to these networks relies on the iwconfig command. If the network does not have a password, we can use:

$ sudo iwconfig essid WLAN_NAME

However, if the network is protected, we need to specify the password, either in hexadecimal or ASCII format. The hexadecimal-format password is entered as:

$ sudo iwconfig essid WLAN_NAME key WLAN_PASSWORD

The ASCII format requires to prepend the password with s: to indicate its format:

$ sudo iwconfig essid WLAN_NAME key s:WLAN_PASSWORD

4. Connection to WPA/WPA2 Wireless Networks

The newer WPA (Wi-Fi Protected Access) encryptions require a different connection process. The first step consists of storing the name of the wireless network and its password in a configuration file. To do so, let’s use the wpa_passphrase command with the WLAN_NAME and its WLAN_PASSWORD:

$ sudo wpa_passphrase WLAN_NAME WLAN_PASSWORD > /etc/wpa_supplicant.conf

Although the file /etc/wpa_supplicant.conf usually stores this information, we can choose any other path. The functionality of the wpa_passphrase command is that it stores the name and password with a hash:

$ cat /etc/wpa_supplicant.conf
  network={
           ssid="WLAN_NAME"
           #psk="WLAN_PASSWORD"
           psk=26df252bcd9b7be94233691ee676b581028e34052f13aff3c2a73122be1eea0f
          }

Once we have a file for a given wireless network, we need to know the drivers that our network interface can use. For that, we’ll run wpa_supplicant without any other arguments. This returns, among other information, the available drivers:

$ wpa_supplicant 
Successfully initialized wpa_supplicant
wpa_supplicant v2.10
  ...
usage:
  ...
drivers:
  nl80211 = Linux nl80211/cfg80211
  wext = Linux wireless extensions (generic)
  wired = Wired Ethernet driver
  macsec_linux = MACsec Ethernet driver for Linux
  none = no driver (RADIUS server/WPS ER)
options:
  ...

There are other drivers that may appear on other systems. However, the most common driver is wext, so it’s the one we’ll use. We should try different drivers if our systems don’t work with the generic ones.

Next, let’s can launch wpa_supplicant with the connection parameters to test that everything is working properly:

$ wpa_supplicant -i wlp3s0 -c /etc/wpa_supplicant.conf -D wext

The -i flag serves to specify the network interface. The -c flag is used for the path of the configuration file. Finally, the -D flag precedes the driver’s name.

If the connection is successful, we can cancel the process (Ctrl+c) and execute it again with the -B flag to keep it running in the background:

$ wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant.conf -D wext

5. Final Steps

After having connected our system to the wireless network, let’s run the dhclient command to assign a dynamic IP from the DHCP server:

$ sudo dhclient wlp3s0

Finally, let’s run the iwconfig command to check if everything has been successful:

$ iwconfig
enp0s25   no wireless extensions.
wlp3s0    IEEE 802.11  ESSID:"WLAN_NAME"  
          Mode:Managed  Frequency:5.18 GHz  Access Point: AA:AA:AA:AA:AA:AA
          Bit Rate=135 Mb/s   Tx-Power=15 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=62/70  Signal level=-48 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:1  Invalid misc:70   Missed beacon:0

In the ESSID section, the wireless network name has replaced the off/any output from the call to iwconfig when there was no network connection.

6. Conclusion

In this article, we’ve presented how to connect to a wireless network through the Linux command line. We began by learning the commands to discover the name of our network interface and then activate it. Next, we discussed how to connect to both WEP and WPA/WPA2 networks. Finally, we included some closing commands to ensure that our connection is working.

Comments are closed on this article!