Linux Wi-Fi Cheat Sheet: Tips and Troubleshooting

Table of contents

1. Linux Wi-Fi Problems and Errors

2. Recipes of popular Wi-Fi actions in Linux

3. Common Linux Wi-Fi Errors

4. Linux Wi-Fi FAQ

5. Drivers


Linux Wi-Fi Problems and Errors

This article is a collection of Wi-Fi issues you may encounter on Linux. The issues covered include both wireless security auditing and Wi-Fi connectivity.

If you can’t find a solution for your Wi-Fi problem, then ask in the comments. This article will be updated with a description of new Wi-Fi problems and their solutions.

Recipes of popular Wi-Fi actions in Linux

How to find out the name of the wireless interface

iw dev

The name of the interface in the “Interface” line:

If you get an error:

bash: iw: command not found

Then run this command with sudo:

sudo iw dev

How to stop programs that interfere with Wi-Fi security auditing

It is strongly recommended that before you set the Wi-Fi interface in monitor mode, run the following two commands:

sudo systemctl stop NetworkManager
sudo airmon-ng check kill

If you have strange errors when using monitor mode, be sure to run these commands.

After stopping NetworkManager, the Internet will disappear, to return it, put the wireless interface in managed mode and run the command to start NetworkManager:

sudo systemctl start NetworkManager

How to put a card in monitor mode before starting a Wi-Fi security audit on Linux

sudo ip link set <INTERFACE> down
sudo iw <INTERFACE> set monitor control
sudo ip link set <INTERFACE> up

How to return the adapter to managed mode

sudo ip link set <INTERFACE> down
sudo iw <INTERFACE> set type managed
sudo ip link set <INTERFACE> up

How to change the channel of the Wi-Fi adapter

You can set channels only when the adapter is in monitor mode:

sudo iw dev <INTERFACE> set channel <NUMBER>

How to check Wi-Fi adapter supports wireless injection

sudo aireplay-ng -9 <INTERFACE>

How to find out what frequencies the adapter supports and other specifications

iw list

How to change the region to increase TX power

To check the current value:

sudo iw reg get

To set a new region:

sudo iw reg set BZ

To increase power:

sudo ip link set <INTERFACE> down
sudo iw dev <INTERFACE> set txpower fixed 30mBm
# sudo iw <INTERFACE> set monitor control # if necessary, put it into monitor mode
sudo ip link set <INTERFACE> up

See the article “How to increase TX-Power of Wi-Fi adapters” for details.

How to scan APs on the command line

To scan access points:

sudo iw dev <INTERFACE> scan

To scan and display only APs names:

sudo iw dev <INTERFACE> scan | grep SSID

How to check wireless information at the data link layer

To display information at the Data Link Layer:

iw dev <INTERFACE> link

How to connect to a Wi-Fi Access Point on the command line

We need to create a configuration file. This is done by the command:

wpa_passphrase AP_NAME PASSWORD > CONF_FILE

Connect to the access point:

wpa_supplicant -B -i <INTERFACE> -c CONF_FILE

To obtain automatic settings via DHCP (assigned IP address, gateway IP address and IP address of DNS servers), run the command:

dhclient <INTERFACE>

How to connect to a Wi-Fi Access Point on the command line knowing the WPS pin

See the article “Reaver cracked WPS PIN but does not reveal WPA-PSK password (SOLVED)”.

How to see all APs

sudo airodump-ng <INTERFACE> --manufacturer --uptime --wps

Automated handshake capture

sudo besside-ng <INTERFACE> -W

With the -b option followed by a MAC (BSSID), you can set the program on one single target.

With the -R option, you can specify the name (ESSID) of the target. Moreover, you can use regular expressions – it is very convenient for the AP of a particular ISP.

And another option that may be useful is -c, after it you can specify the channel number, and Besside-ng will work only on this channel.

The program adds the captured handshakes to one file named wpa.cap.

Then follow the instructions “How to extract all handshakes from a capture file with several handshakes”.

How to convert handshake in Hashcat hash (.hccapx)

  • To convert to a HCCAPX format hash for password cracking (Hashcat v3.6+) using cap2hccapx (hashcat-utils package):
sudo cap2hccapx HANDSHAKE.pcap HASH.hccapx
  • To convert to a HCCAPX hash for password cracking (Hashcat v3.6 +) using aircrack-ng:
aircrack-ng -j HASH HANDSHAKE.pcap

To crack Wi-Fi password in Hashcat

  • Dictionary attack:
hashcat --force --hwmon-temp-abort=100 -D 1,2 -a 0 -m 2500 HASH.hccapx DICTIONARY.txt
  • Mask attack:
hashcat --force --hwmon-temp-abort=100 -D 1,2 -a 3 -m 2500 HASH.hccapx ?d?d?d?d?d?d?d?d

In the example above, the mask is passwords of numbers 8 characters long.

Built-in character sets:

  l | abcdefghijklmnopqrstuvwxyz
  u | ABCDEFGHIJKLMNOPQRSTUVWXYZ
  d | 0123456789
  h | 0123456789abcdef
  H | 0123456789ABCDEF
  s |  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
  a | ?l?u?d?s

See also:

Common Linux Wi-Fi Errors

Error “Operation not permitted (-1)”

Example:

command failed: Operation not permitted (-1)

It means insufficient privileges, run the iw command with sudo.

Device or resource busy (-16)

Example:

command failed: Device or resource busy (-16)

This error occurs, for example, if you try to set the Wi-Fi adapter to a specific channel, but it is not in monitor mode. Start by putting the card in monitor mode, and then set the desired channel.

Wi-Fi interface is not visible in the system

Make sure the Wi-Fi adapter is connected.

If you use Linux in a virtual machine, you have to connect USB device in the settings of the virtual machine. In a virtual machine, it is possible to use only USB adapters.

Check whether the operating system can see them:

# For USB
lsusb

# For PCI
lspci

The wireless interface is visible but cannot be used

Check if the wireless interfaces are blocked:

rfkill

If they are locked, enable them with the command:

rfkill unblock all

The device sometimes disappears or appears strange in the system

If the device driver does not display correctly (for example, like ??????), and the chipset information is not displayed correctly, approximately as in this screenshot:

Then

  • try a different cord and a different USB jack
  • do not use USB hubs
  • unplug the device from the socket and plug it again

If none of this helps, then the cause may be a hardware problem. Especially if sometimes the device shows up normally, and sometimes it disappears or is displayed incorrectly – the device itself or a bad contact are probably not working properly.

Unable to connect to Access Point

If no other problems have been identified, but you cannot connect to the AP, then try connecting to another AP. If you have only one router, then start the AP on your mobile phone and connect to it.

If the connection succeeds, then there is some problem in the incompatibility of Wi-Fi protocols. Try not to use or vice versa to force some standards (N, AC). Try forcing another channel or set automatic channel selection. Check your passwords again carefully.

I managed to connect to the AP, but there is no Internet

With the help of the command, you can see if the connection is really made (look for the line that starts with “ssid”):

iw dev

Check if the interface has an IP address:

ip a

Determine the IP address of the router:

ip route show default

And ping the router, for example, the address of my router is 192.168.0.1, then the command:

ping 192.168.0.1

If the router does not respond, then the problem is connecting to it – for example, the signal to the AP is too weak or the IP address is not configured (the DHCP service is not running).

If you have a connection to the router, then try pinging the public IP:

ping 8.8.8.8

If the ping failed (but the router itself responds), then there is a problem with connecting the router to an external (WAN) network. Go into the settings of the router and check there.

Try to trace the path – if the trace breaks outside the router, then this may mean that your Internet provider or a higher provider has problems.

traceroute 8.8.8.8

If the router ping succeeded, then try ping by host name:

ping google.com

If ping by host name failed, then there is a problem in setting up the DNS server. These settings can be both at the system level (for example, incorrect settings in NetworkManager), and in the router.

To see which DNS server is in use, run the command:

dig google.com

Find the line that begins with “;; SERVER”- this line will contain the name server address.

;; SERVER: 8.8.8.8#53(8.8.8.8)

Can't set Wi-Fi adapter into monitor mode in Windows Subsystem for Linux (WSL) / Cygwin / Docker

In Windows Subsystem for Linux (WSL), as well as in Cygwin and Docker, there is no direct access to hardware. You will not be able to use a Wi-Fi adapter (as well as a video card, etc.) in these software products.

If you are a Windows user, then the best option is for you: install Kali Linux or Arch Linux (BlackArch) in VirtualBox and connect a USB Wi-Fi adapter to this virtual machine.

If you only have a PCI (built-in) Wi-Fi adapter, install Linux on an external USB drive or on a USB flash drive and boot from it.

There are bugs and offers to send reports in Ubuntu when setting a wireless card in monitor mode

Choose any other distribution – Kali Linux, Debian, Arch Linux, BlackArch or even Linux Mint – everything works fine there.

Linux Wi-Fi FAQ

Why does the MAC address change even if the program is not used for this?

Many modern distributions are configured to constantly change the MAC address. It is normal now, but you can disable (or enable) it if you wish.

How to find out if a Wi-Fi card will be supported for auditing Wi-Fi networks

The easiest option is to choose an adapter from this list: “USB Wi-Fi Adapters with monitor mode and wireless injection”.

Modern Wi-Fi cards for wireless auditing

Dual-band wireless adapters with support for monitor mode and wireless injection, as well as supporting the AC standard:

Any of these adapters will be relevant for many more years.

How to see what happens with wireless interfaces

The following commands will help you see absolutely everything that happens behind the scenes during, for example, failed connections.

You can use the output of the following commands to solve any problems with Wi-Fi.

The following command in real time will show everything that is happening on your system – for example, when you connect a wireless adapter, it will show which driver is loaded or what problems have occurred. Messages from applications will also be displayed:

journalctl -f

The output of the program is very extensive, but its study may suggest the causes of the problem.

The following command will tell about everything that happens at the level of the Internet protocol – how IP addresses are assigned to interfaces and what routes are set in the system:

ip monitor

And this command will show all events related to wireless network interfaces:

iw event

These three commands are the most important source of information for resolving unobvious problems. Delve into their output or provide the output of these commands if you are trying to jointly resolve your Wi-Fi problem.

How to find out how much traffic was transferred

ip -s -h a show <INTERFACE>

Drivers

Wi-Fi drivers in Linux. Support for Wi-Fi adapters in Linux

Linux currently supports most Wi-Fi cards and drivers for them are already pre-installed on the system (they are part of the kernel). That is, when you buy a new Wi-Fi adapter or install Linux on a laptop in the vast majority of cases, no action is required – the Wi-Fi adapter will just work.

In rare cases, you need to install a driver and/or firmware from standard repositories.

In exceptional cases, you need to compile the driver from the source code.

If you are familiar with the “Linux kernel modules” article, then you know that many devices need two things to work properly: a driver and firmware. The driver requests firmware from the file system in /lib/firmware. This is a special file necessary for hardware, it is not a binary file. Then the diver does what it takes to download the firmware to the device. The firmware performs programming of the equipment inside the device.

You will find a list of installed drivers in the folder

echo /usr/lib/modules/`uname -r`/kernel/drivers/net/wireless

Output drivers by manufacturer:

tree /usr/lib/modules/`uname -r`/kernel/drivers/net/wireless

If for some reason the driver has not yet included in the kernel, then it can be present in standard repositories as separate packages, for example, in Kali Linux, the following are additionally available:

  • realtek-rtl8188eus-dkms (driver for RTL8188EUS)
  • realtek-rtl88xxau-dkms (driver for RTL8812AU/21AU and RTL8814AU)

You will also find firmware-* packages in standard repositories (for example, firmware-realtek, firmware-atheros, firmware-iwlwifi, and so on). If the firmware for your device is not installed, install it.

In Arch Linux (BlackArch), all firmwares are collected in one linux-firmware package. Some devices have separate driver packages (for example, r8168 and broadcom-wl).

So, the drivers for most Wi-Fi adapters are built into the kernel and, therefore, are already installed on any Linux. Start by connecting your wireless card and trying to connect.

If you have problems, look in the repositories for the driver and/or firmware for your device.

How to check which driver is used

# To list only USB devices and their drivers
usb-devices

# To list only PCI devices and their drivers
lspci -k

# To list both USB and PCI devices and their drivers
sudo lshw

Last Updated on

Recommended for you:

Leave a Reply

Your email address will not be published.