Wi-Fi on the Command Line

More people than ever are using wireless networks as their primary networking medium. Great programs are available under X11 that give users a graphical interface to their wireless cards. Both GNOME and KDE include network management utilities, and a desktop-environment-agnostic utility called wicd also offers great functionality. But, what if you aren't running X11 and want to manage your wireless card? I don't cover how to install and activate your card here (for that, take a look at projects like madwifi or ndiswrapper). I assume your card is installed and configured properly, and that it is called wlan0. Most of the utilities mentioned below need to talk directly to your wireless card (or at least the card driver), so they need to be run with root privileges (just remember to use sudo).

The first step is to see what wireless networks are available in your area. A utility called iwlist provides all sorts of information about your wireless environment. To scan your environment for available networks, do the following:

sudo iwlist wlan0 scan

You'll see output resembling:

Cell 01 - Address: 00:11:22:33:44:55
          Frequency:2.462 GHz (Channel 11)
          Quality=100/100  Signal level:-47dBm  Noise level=-100dBm
          Encryption key:off

The details (address and essid) have been changed to protect the guilty. Also, the ... represents extra output that may or may not be available, depending on your hardware. You will get a separate cell entry for each access point within your wireless card's range. For each access point, you can find the hardware address, the essid and the channel on which it's operating. Also, you can learn in what mode the access point is operating (whether master or ad hoc). Usually, you will be most interested in the essid and what encryption is being used.

Once you know what's available in your immediate environment, configure your wireless card to use one of these access points using the iwconfig utility to set the parameters for your wireless card. First, set the essid, which identifies the network access point you want:

sudo iwconfig wlan0 essid network-essid

Depending on your card and its driver, you may have the option to set the essid to the special value “any”. In this case, your card will pick the first available access point. This is called promiscuous mode.

You also may need to set the mode to be used by your wireless card. This depends on your network topology. You may have a central access point to which all of the other devices connect, or you may have an ad hoc wireless network, where all of the devices communicate as peers. You may want to have your computer act as an access point. If so, you can set the mode to master using iwconfig. Or, you simply may want to sniff what's happening around you. You can do so by setting the mode to monitor and passively monitor all packets on the frequency to which your card is set. You can set the frequency, or channel, by running:

sudo iwconfig wlan0 freq 2.422G

Or by running:

sudo iwconfig wlan0 channel 3

You can set other parameters, but you should consider doing so only if you have a really good reason. One option is the sensitivity threshold, which defines how sensitive the card is to noise and signal strength, and you can set the behavior of the retry mechanism for the wireless card. You may need to play with this in very noisy environments. Set the maximum number of retries with:

sudo iwconfig wlan0 retry 16

Or, set the maximum lifetime to keep retrying to 300 milliseconds with:

sudo iwconfig wlan0 retry lifetime 300m

In a very noisy environment, you also may need to play with packet fragmentation. If entire packets can't make it from point to point without corruption, your wireless card may have to break down packets into smaller chunks to avoid this. You can tell the card what to use as a maximum fragment size with:

sudo iwconfig wlan0 frag 512

This value can be anything less than the size of a packet. Some cards may not apply these settings changes immediately. In that case, run this command to flush all pending changes to the card and apply them:

sudo iwconfig wlan0 commit

Two other useful commands are iwspy and iwpriv. If your card supports it, you can collect wireless statistics by using:

sudo iwspy wlan0

The second command gives you access to optional parameters for your particular card. iwconfig is used for the generic options available. If you run it without any parameters (sudo iwpriv wlan0), it lists all available options for the card. If no extra options exist, you will see output like this:

wlan0      no private ioctls

To set one of these private options, run:

sudo iwpriv wlan0 private-command [private parameters]

Now that your card is configured and connected to the wireless network, you need to configure your networking options to use it. If you are using DHCP on the network, you simply can run dhclient to query the DHCP server and get your IP address and other network settings. If you want to set these options manually, use the ifconfig command (see the man page for more information).


Joey Bernard has a background in both physics and computer science. This serves him well in his day job as a computational research consultant at the University of New Brunswick. He also teaches computational physics and parallel programming.


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Maybe the author could next

Leke's picture

Maybe the author could next write an article next for configuring 3G modems on the command line? Unless your distro has the NetworkManager Applet, chances are you'll have to set it up the old fashioned way ;)

The subject grabbed me... "Where's the beef?"

RajW's picture

Very basic article. I would really like to see information for configuring encryption, work and home networks, and radio band (2.4 GHz and 5 GHz).


help me please: # iwconfig

dmlr7's picture

help me please:
# iwconfig ra0
ra0 Ralink STA ESSID:"" Nickname:"RT2870STA"
Mode:Monitor Frequency=2.432 GHz Access Point: Not-Associated
Bit Rate:1 Mb/s
RTS thr:off Fragment thr:off
Encryption key:off
Link Quality=10/100 Signal level:0 dBm Noise level:0 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
# iwlist ra0 scan
ra0 No scan results

You Cannot Use "scan" in Monitor Mode

Joshua Wright's picture

You cannot use "iwlist ra0 scan" while your interface is in monitor mode. Try this:

ifconfig ra0 down
iwconfig ra0 mode managed
ifconfig ra0 up
iwlist ra0 scan


how can I know the packet

Anonymous's picture

how can I know the packet fragmentation setting is successful after issuing command : sudo iwconfig wlan0 frag 512 ? thanks

you can use wireshark to

Anonymous's picture

you can use wireshark to monitor your outcomming packets and see that none of them is bigger than that

iwlist depricated by iw

Leakim's picture

using iwlist, iwconfig etc is actualy the old way of doing things and has been depricated for a while. the new interface is using the 'iw' command (ubuntu: iw package)

scan using iw
iw dev wlan0 scan


Leakim's picture

I do all of my networking

Anonymous's picture

I do all of my networking from Command Line, feels good man.

ceni is another fabulous

ugh's picture

ceni is another fabulous curses based wireless tool. You can apt-get it from aptosid repos. There simply is no better tool for the job.


Frabn's picture

KNetworkManager should be a greate GUI tool?
haha, its such a shit. I'm not even able to connect to a hidden WLAN.

Change MAC address

Anonymous's picture

You can also change the MAC address with ifconfig if need be.

$ ifconfig wlan0 down
$ ifconfig wlan0 hw ether 00:11:22:33:44:55
$ ifconfig wlan0 up

Or use macchanger.

WiFi n Encryption

scribe63's picture

Got excited by the title, but this is a good article and info for basic wireless set up.
But there is more that is required if you use any encryption like WPA and the features of your wireless driver support.
This is usually done in conjunction with /etc/wpa_supplicant/wpa_supplicant.conf, and some other interesting configurations you can do in the /etc/network/interfaces file for connecting to different encrypted on not encrypted AP.
Assuming you are not going to use network-manager.


markymoo's picture

wicd-curses copes with the majority of issues that command wifi has caused me in a simple ncurses interface
It handles wep wpa wpa2 as far I have tested and once connected successfully it can 'remember' the network and connect automagically through the deamon.

from the terminal:
sudo apt-get install wicd-curses

soooo useful when setting up my home spun browser based OS on a eee pc701 netbook :)

Very nice summary, it's

Anonymous's picture

Very nice summary, it's surprisingly hard information to find in a complete, concise form.

Wicd is an option without X11, using the curses client. It works very well, I even prefer the curses client over the GTK version.

no change on mode

sreeraj's picture

i can change the essid by iwconfig wlan0 essid network-essid,
but trying to change the mode doesn't work.
anyone else having the same problem?(with ubuntu?)

Serious omission

Anonymous's picture

One of the more frequent needs for wireless setup is seetting keys for WPA1/2 encryption. That needs to be covered for this to be of much use.


zlu's picture

no wonder, this article appeared in one of the earlier issues and i've never able to get any wifi network working. maybe setting encryption key was the missing step.

re: Ahhh

Jon Gerdes's picture

Yes, almost certainly you'll need some form of encryption.

I imagine that given the sudo the article assumes *buntu. Not everyone uses that! On my Gentoo systems I don't even use iw yet I also don't use a GUI for WLAN stuff.

You will probably want to look into wpa_supplicant for all your WPA etc needs (I typed in the status command):

# wpa_cli
wpa_cli v0.7.3
Copyright (c) 2004-2010, Jouni Malinen and contributors
Selected interface 'wlan0'

Interactive mode

> status

On Gentoo, make sure driver is compiled in, emerge wpa_supplicant, add this (or similar) to /etc/conf.d/net:


Then add a stanza like the following to /etc/wpa_supplicant/wpa_supplicant.conf:


Add net.wlan0 to default runlevel, start it and forget about it!

I'm sure that shouldn't be too hard to replicate on another Linux distro.

Finally, check the output from:

#ip a
#ip r
(#ifconfig and netstat -r for the old school)
#less /var/log/messages (or syslog)

... and of course wpa_cli (type help for some command to use)



erikmack's picture

Thanks for this helpful reply from another Gentoo user.

I'm horrified that new content gets published that advises ifconfig/iwconfig for network setup. The iputils (ip addr list, etc) commands are cleaner to use and easier to understand, especially for novices who are trying to grok how networking actually works.

I recently got a wireless USB dongle working on Gentoo with only basic iputils commands (plus a vendor config file for setting ESSID). My network is unencrypted, though, so I can use the info in your comment to set up proper WPA.

salak contents

prefabrik's picture

Depending on your card and its driver, you may have the option to set the essid to the special value “any”. In this case, your card will pick the first available access point. This is called promiscuous mode.

setting up promiscuos mode

jza's picture

Can you please put the instruction for that?

Linuxer, Rapper, and part time lunatic
Living in the sandy beaches of Cancun