Top

A Linux User Reference

Search tips
  • search ignores words that are less than 4 characters in length
  • searches are case insensitve
  • if a search does not return anything try it in Boolean mode then Query expansion mode by checking the appropriate radio button e.g. searching for 'cron' in just the Administration category returns nothing - presumably because the 50% threshold is reached. Boolean mode ignores this threshold so a search for 'cron' returns several hits
  • in Boolean mode preceding a word with a '+' means the result must include that word, a '-' means it must not
  • in Boolean mode '+crontab -anacron' means match articles about crontab that DO NOT mention anacron
  • to match a phrase e.g. 'manage system' check the Boolean mode radio button and enclose the phrase in quotes "some phrase ..."
  • in Query expansion mode the search context is expanded beyond the keywords you entered - relevancy of hits may well be degraded

NETWORK CONFIGURATION

Wireless

  • Wireless modes and protocols
    Wireless Mode Description
    Managed Node connects to a network composed of many Access Points, with roaming
    Master The node is the synchronisation master or acts as an Access Point
    Repeater The node forwards packets between other wireless nodes
    Secondary The node acts as a backup master/repeater
    Monitor The node is not associated with any cell, passively monitor all packets on the frequency
    Auto
    Wired Equivalent Privacy (WEP)

    WEP is an 'insecure' algorithm to secure IEEE 802.11 wireless networks. Passwords can be stored either as a clear text ascii or hex string.

    Wi-Fi Protected Access (WPA)

    WPA is basically WEP but uses TKIP (Temporal Key Integrity Protocol). It is an intermediate protocol between WEP and WPA2.

    Wi-Fi Protected Access 2 (WPA2)

    Supports more robust encryption using AES (in counter mode with CBC-MAC) aka. CCMP.

  • Configure a wireless interface
    /sbin/iwconfig

    Configure generic (public) parameters of a wireless network interface.

    iwconfig [interface]
    
    Common parameters:
      interface essid {NNN|any|on|off}
      interface mode {managed|ad-hoc|master|...}
      interface freq N.NNN[k|M|G]
      interface channel N
      interface bit[rate] {N[k|M|G]|auto|fixed}
      interface nickname NNN
      interface nwid {NN|on|off}
      interface ap {N|off|auto}
    

    Configure a wireless interface manually

    # ifconfig wlan0 up
    # iwconfig wlan0 channel 2
    # iwconfig wlan0 essid "WLAN-ESSID-HERE"
    # iwconfig wlan0 mode managed
    # iwpriv wlan0 set AuthMode WPAPSK
    # iwpriv wlan0 set EncrypType TKIP
    # iwpriv wlan0 set WPAPSK "************"
    
  • Configure device driver specific parameters
    /sbin/iwpriv

    Configure optional (private) parameters of a wireless network interface.

    • You need to refer to the driver's documentation to know what commands, parameters and values are available for the driver in question.
    • It is a companion tool to 'iwconfig'.
    iwpriv [interface]
    iwpriv interface private-cmd [private-params]
    iwpriv interface private-cmd [I] [private-params]
    iwpriv interface --all
    iwpriv interface roam {on,off}
    iwpriv interface port {ad-hoc,managed,N}
    
    Parameters:
     private-cmd [private-params]          Execute the specified private-command on the interface.
     private-cmd [I] [private-params]      I=<int>. Is passed to the command as a Token Index.
                                           Only some command will use the Token Index (most will 
                                           ignore it) - see the driver documentation. 
     -a | --all                            Execute and display all the private commands that don't 
                                           take any arguments (i.e. read only). 
     roam                                  Enable or disable roaming, if supported.
     port                                  Read or configure the port type.
    

    Some examples included in the 'iwconfig' article above.

  • Get information from a wireless interface
    /sbin/iwlist

    Gets more detailed wireless information from a wireless interface.

    iwlist [interface] parameter
    
    Common parameters:
     [interface] scanning [essid NNN] [last]
     [interface] frequency
     [interface] channel
     [interface] bit[rate]/rate
     [interface] ap/accesspoints
     [interface] peers
     [interface] event
     [interface] auth
     [interface] wpakeys
    

    Get some information about a wireless interface

    $ sudo iwlist wlan0 encryption
    [sudo] password for mark:
    wlan0     2 key sizes : 40, 104bits
              4 keys available :
            [1]: off
            [2]: off
            [3]: off
            [4]: off
              Current Transmit Key: [1]
    
  • Wi-Fi Protected Access client
    /sbin/wpa_supplicant
    • Wi-Fi Protected Access client and IEEE 802.1X supplicant.
    • An implementation of the WPA Supplicant component, i.e., the part that runs in the client stations.
    • It implements WPA key negotiation with a WPA Authenticator and EAP authentication with Authentication Server.
    • In addition, it controls the roaming and IEEE 802.11 authentication/association of the wireless LAN driver.
    wpa_supplicant [options] 
                   [-iifname]
                   [-cconfig file]
                   [-Ddriver]
                   [-PPID_file]
    
    Options:
     -B                          Run daemon in the background.
     -i ifname                   Interface to listen on.
     -c filename                 Path to configuration file.
     -P PID_file                 Path to PID file.
     -C ctrl_interface           Path to ctrl_interface socket (only used if -c is not).
     -g global ctrl_interface    Path to global ctrl_interface socket.
     -D driver                   Driver to use.  See the available options below.
     -d                          Increase debugging verbosity (-dd even more).
     -K                          Include keys (passwords, etc.) in debug output.
     -t                          Include timestamp in debug messages.
     -e                          Use external IEEE 802.1X Supplicant (e.g., xsupplicant) 
                                 (this disables the internal Supplicant).
     -h                          Help.  Show a usage message.
     -L                          Show license (GPL and BSD).
     -q                          Decrease debugging verbosity (-qq even less).
     -v                          Show version.
     -w                          Wait for interface to be added. Normally wpa_supplicant
                                 will exit if the interface is not there yet.
     -N                          Start describing new interface
    

    Run in background, wait for interface to come up, debugging and timestamps

    # wpa_supplicant -i<interface> -D<driver> -c<config file> -C<ctrl_socket> -Bw -d[ddd] -t
    

    Usually 'wpa_supplicant' is called as part of the network initialisation during boot (assuming it is configured).

    Run wpa_supplicant (manually) on a preconfigured system

    # wpa_supplicant -iwlan0 -c /etc/wpa_supplicant.conf -Dwext
    
  • Using the command line interface
    /sbin/wpa_cli

    Manual configuration using wpa_cli

    The interface is NOT configured in /etc/network/interfaces.

    # ifconfig wlan0 down                                        (Bounce the interface if up)
    # ifconfig wlan0 up                                          
    # wpa_supplicant -iwlan0 -C /var/run/wpa_supplicant -Dwext   (Run using socket, no configuration file)
                                                                 (No output - running in foreground)
    # wpa_cli -i wlan0                                           (In another terminal - as root)
    .......
    Interactive mode
    > status
    wpa_state=INACTIVE                                           (To be expected, nothing has been configured)
    > list_networks
    network id / ssid / bssid / flags                            (As expected, nothing configured)
    > ap_scan 0                                                  (Set AP scanning mode = 0, driver takes care
    OK                                                            of scanning)
    > scan                                                       (Scan for Access Points)
    OK
    > scan_results                                               (Nothing is found, may or may not be the case)
    >ap_scan 1                                                   (Set AP scanning mode = 1, wpasupplicant does
    OK                                                           the scanning.  ap_scan=2, like = 0 use when
                                                                 APs using security policy and SSID- not BSSID
                                                                 - can use for NDISWRAPPER and NDIS driver with
                                                                 hidden SSIDs)
    > scan
    OK
    > scan_results
    bssid / frequency / signal level / flags / ssid              (AP found)
    00:0e:2e:fb:7b:63  2462  220  [WPA2-PSK-CCMP]  MINE-KEEP-OUT
    > list_networks
    network id / ssid / bssid / flags                            (Still nothing, yet to configure)
    > status
    wpa_state=INACTIVE
    > get_capability proto                                       (See what the AP supports - output tidied up)
    RSN WPA
    > get_capability key_mgmt
    NONE IEEE8021X WPA-EAP WPA-PSK
    > get_capability pairwise
    CCMP TKIP
    > get_capability group
    CCMP TKIP WEP104 WEP40
    > add_network                                                (Configure the network)
    0
    > list_networks
    network id / ssid / bssid / flags
    0    any    [DISABLED]                                       (One network found - currently disabled)
    > set_network 0 ssid "MINE-KEEP-OUT"
    OK
    > set_network 0 key_mgmt WPA-PSK                             (Set the key management policy to use)
    OK
    > set_network 0 psk cde9xx.....xxxxxx34                      (Set the encrypted passkey with code generated
    OK                                                           by 'wpa_passphrase')
    > set_network 0 proto WPA2                                   (Set the protocol to use for this network)
    OK                                                           (WPA2 is an alias for RSN)
    > list_networks
    network id / ssid / bssid / flags
    0   MINE-KEEP-OUT   any [DISABLED]
    > enable_network 0                                           (Enable the network)
    OK
    Trying to associate with 00:0e:2e:fb:7b:63 (SSID='MINE-KEEP-OUT' freq=2462 MHz)
    Associated with 00:0e:2e:fb:7b:63
    WPA: Key negotiation completed with 00:0e:2e:fb:7b:63 [PTK=CCMP GTK=CCMP]
    CTRL-EVENT-CONNECTED - Connection to 00:0e:2e:fb:7b:63 completed (auth) [id=0 id_str=]
    >                                                            (Successful association)
    > list_networks
    network id / ssid / bssid / flags
    0   MINE-KEEP-OUT   any [CURRENT]
    > status
    bssid=00:0e:2e:fb:7b:63
    ssid=MINE-KEEP-OUT
    id=0
    pairwise_cipher=CCMP
    group_cipher=CCMP
    key_mgmt=WPA2-PSK
    wpa_state=COMPLETED
    > quit
    
  • Control utility for linux-wlan-ng 802.11 devices
    wlanctl-ng
    Files Description
    /etc/wlan/ Default location for configuration files
    /etc/wlan.conf Main configuration file, a script to set some environment variables:
    /etc/wlan/wlancfg-stayout Additional settings e.g. WEP settings, including which key to use and the key itself
    /etc/wlan/wlancfg-DEFAULT Used if wlancfg-stayout does not exist or cannot be found
    /etc/wlan/shared Shell script containing functions to enable, start, and stop the network interface

    Sample entries - /etc/wlan.conf

    WLAN_DEVICES="wlan0"
    SSID_wlan0="stayout"
    ENABLE_wlan0="y"
    

    Command usage

    wlanctl-ng interface|version|commands|mibs [cmd cmdarg [cmdarg ...]]
    
    Options:
     commands              Output a list of all available commands.
     mibs                  Outputs a list of available mibs.
     version               Outputs the version of the program.
     interface             The name of a wireless network interface e.g. wlan0
    

    Example manual configuration

    # wlanctl-ng wlan0 lnxreq_ifstate ifstate=enable                                     (Enable wlan0)
    # wlanctl-ng wlan0 lnxreq_autojoin ssid=stayout authtype=opensystem                  (Set ssid and authtype)
    # wlanctl-ng wlan0 lnxreq_hostwep encrypt=true decrypt=true                          (Use WEP)
    # wlanctl-ng wlan0 dot11req_mibset mibattribute=dot11PrivacyInvoked=true
    # wlanctl-ng wlan0 dot11req_mibset mibattribute=dot11WEPDefaultKeyID=3               (Set key id and key)
    # wlanctl-ng wlan0 dot11req_mibset mibattribute=dot11WEPDefaultKey3=12:34:56:78:9A
    

    Configure the interface for networking

    # ifconfig wlan0 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255
    # route add default gw 192.168.1.11
    
  • Ubuntu WPA DHCP configuration

    /etc/network/interfaces

    iface wlan0 inet dhcp
      wpa-driver wext
      wpa-key-mgmt WPA
      wpa-proto WPA
      wpa-pairwise TKIP
      wpa-psk de23................................879a
      wpa-ssid MINE-KEEP-OUT
    auto wlan0
    
  • Ubuntu WPA2 DHCP configuration

    /etc/network/interfaces

    iface wlan0 inet dhcp
      wpa-driver wext
      wpa-key-mgmt WPA-PSK
      wpa-proto WPA2                                      # WPA2 is an alias for RSN
      wpa-pairwise CCMP TKIP
      wpa-psk de23................................879a
      wpa-ssid MINE-KEEP-OUT
    auto wlan0 
    
  • Ubuntu WPA2 DHCP configuration with wpa_supplicant

    /etc/network/interfaces

    iface wlan0 inet dhcp
      wpa-conf /etc/wpa_supplicant.conf
      wpa-driver wext
    auto wlan0
    

    /etc/wpa_supplicant.conf

    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=wheel
    network={
     ssid="MINE-KEEP-OUT"
     key_mgmt=WPA-PSK
     proto=WPA2
     scan_ssid=1                               # If BSSID broadcast disabled (hidden BSSID)
     pairwise=TKIP CCMP                        # tries CCMP after TKIP fails
     group=TKIP CCMP                           # tries CCMP after TKIP fails
     psk=cd.....92ac77341........d004....34
    }