Let’s look at what information we can extract about the WLAN interface on a Linux box. Linux offers many command line utilities that can be used to gather useful information about 802.11 interfaces.
Install the wireless-tools for a WLAN interface
‘wireless-tools’ is a package that has been around since 2003 and includes a number of commands that can be used to extract different pieces of information. To install it, use:
apt-get install wireless-tools
Let’s review some of its commands:
To refresh your memory when we use commands like ifconfig or ip link show we get only layer 2 and layer 3 information as well some information about the physical layer (e.g. if the interface status is up and running).
netbeez.net $ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether b8:27:eb:90:64:9b brd ff:ff:ff:ff:ff:ff
7: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000
link/ether 40:a5:ef:d5:27:6a brd ff:ff:ff:ff:ff:ff However, we don’t see any information regarding the BSSID that it’s connected to, the signal strength, or the channel.
iwconfig
iwconfig is reminiscent of ifconfig, but it gives more layer 1 information about any WLAN interface. Here is what the output looks like:
wlan0 IEEE 802.11 ESSID:"netbeez"
Mode:Managed Frequency:5.66 GHz Access Point: 38:3B:C8:3E:D4:3A
Bit Rate=867 Mb/s Tx-Power=18 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=46/70 Signal level=-64 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
lo no wireless extensions.
eth0 no wireless extensions. It tells us which protocol it’s using (IEEE 802.11), which ESSID it’s connected to (netbeez), the frequency (5.66 GHz), BSSID (38:3B:C8:3E:D4:3A), etc. All of this information is necessary when we are looking to extract the status and quality of our WiFi connection.
iwconfig can also be used to manipulate a WLAN interface (e.g. connect it to an SSID or specific channel), but we’ll cover that in another blog post since here we are looking only at what information we can extract.
iwgetid
The output that iwgetid provides overlaps with the output from iwconfig, but it has a neat feature that lends itself to parsing its output in a script. Let’s start with the options it gives us:
netbeez.net $iwgetid --help
Usage iwgetid [OPTIONS] [ifname]
Options are:
-a,--ap Print the access point address
-c,--channel Print the current channel
-f,--freq Print the current frequency
-m,--mode Print the current mode
-p,--protocol Print the protocol name
-r,--raw Format the output as raw value for shell scripts
-s,--scheme Format the output as a PCMCIA scheme identifier
-h,--help Print this message All this information is included in the output of iwconfig, but let’s look at iwgetid’s output format. We’ll try to get the BSSID of the access point it’s connected to:
netbeez.net $iwgetid --ap wlan0 Access Point/Cell: 38:3B:C8:3E:D4:3A
And let’s run the same command by adding the “–raw” option:
netbeez.net $iwgetid --ap --raw 38:3B:C8:3E:D4:3A
iwgetid returns the output without any additional text or comments; this is very convenient when we want to parse the output. You can also parse the output of iwconfig, but it may get quite hairy in certain cases.
iwlist
iwlist gives the most detailed information and, again, its output overlaps with the previous two commands. Let’s look at some unique features it has: First of all, if you type “iwlist” without any options, you get the list of available options:
netbeez.net $iwlist
Usage: iwlist [interface] scanning [essid NNN] [last]
[interface] frequency
[interface] channel
[interface] bitrate
[interface] rate
[interface] encryption
[interface] keys
[interface] power
[interface] txpower
[interface] retry
[interface] ap
[interface] accesspoints
[interface] peers
[interface] event
[interface] auth
[interface] wpakeys
[interface] genie
[interface] modulation One feature that is unique to iwlist is that it can give us a list of all supported channels of the WLAN interface as follows:
netbeez.net $iwlist wlan0 frequency
wlan0 32 channels in total; available frequencies :
Channel 01 : 2.412 GHz
Channel 02 : 2.417 GHz
Channel 03 : 2.422 GHz
Channel 04 : 2.427 GHz
Channel 05 : 2.432 GHz
Channel 06 : 2.437 GHz
Channel 07 : 2.442 GHz
Channel 08 : 2.447 GHz
Channel 09 : 2.452 GHz
Channel 10 : 2.457 GHz
Channel 11 : 2.462 GHz
Channel 36 : 5.18 GHz
Channel 40 : 5.2 GHz
Channel 44 : 5.22 GHz
Channel 48 : 5.24 GHz
Channel 52 : 5.26 GHz
Channel 56 : 5.28 GHz
Channel 60 : 5.3 GHz
Channel 64 : 5.32 GHz
Channel 100 : 5.5 GHz
Channel 104 : 5.52 GHz
Channel 108 : 5.54 GHz
Channel 112 : 5.56 GHz
Channel 116 : 5.58 GHz
Channel 120 : 5.6 GHz
Channel 124 : 5.62 GHz
Channel 128 : 5.64 GHz
Channel 132 : 5.66 GHz
Channel 136 : 5.68 GHz
Channel 140 : 5.7 GHz
Channel 144 : 5.72 GHz
Channel 149 : 5.745 GHz
Current Frequency:5.66 GHz (Channel 132) wireless-tools is considered deprecated, however, it’s also installed by default in many popular distributions, so it’s useful to know it exists and how you can use it.
The most useful feature of iwlist is its scanning option as follows:
netbeez.net $iwlist wlan0 scan
wlan0 Scan completed :
Cell 01 - Address: 38:3B:C8:3E:D4:3A
Channel:132
Frequency:5.66 GHz (Channel 132)
Quality=45/70 Signal level=-65 dBm
Encryption key:on
ESSID:"netbeez"
Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s
36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=000000c7bdaa8cd0
Extra: Last beacon: 40ms ago
IE: Unknown: 00076E65746265657A
….
IE: Unknown: 030184
Cell 02 - Address: 88:96:4E:E1:46:60
Channel:1
Frequency:2.412 GHz (Channel 1)
Quality=44/70 Signal level=-66 dBm
Encryption key:on
ESSID:"D0ntsteamywifi"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
24 Mb/s; 36 Mb/s; 54 Mb/s
Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 48 Mb/s
Mode:Master
Extra:tsf=000000c7bdaa8ce4
Extra: Last beacon: 40ms ago
IE: Unknown: 000E44306E74737465616D7977696669
…...
IE: Unknown: DD180050F2020101840003A4000027A4000042435E0062322F00
.
.
. iwlist scans the air and lists all detected SSIDs with information such as signal strength, link quality, supported bitrates etc. This is useful when you want to manually connect to a specific SSID, while finding one with a good signal strength, on a specific channel, or a specific BSSID.
iw
iw is the replacement of wireless-tools and it can give all the information we see above and then some more. It’s a tool from 2012 and is actively maintained. You can install it with:
apt-get install iw
It doesn’t contain multiple commands, but rather just one command with many different options. If you type “iw –help” you will see pages and pages of options.
The counterpart of iwconfig is the following:
netbeez.net $iw wlan0 link
Connected to 38:3b:c8:3e:d4:3a (on wlan0)
SSID: netbeez
freq: 5660
RX: 1305367378 bytes (3204985 packets)
TX: 256492127 bytes (1654676 packets)
signal: -66 dBm
tx bitrate: 867.0 MBit/s
bss flags: short-slot-time
dtim period: 0
beacon int: 100 Similar to iwlist, iw can give the capabilities of the hardware in terms of which channels it supports, what encryption methods it uses, etc, as follows:
netbeez.net $iw list
Wiphy phy4
max # scan SSIDs: 9
max scan IEs length: 2304 bytes
max # sched scan SSIDs: 0
max # match sets: 0
max # scan plans: 1
max scan plan interval: -1
max scan plan iterations: 0
Retry short limit: 7
Retry long limit: 4
Coverage class: 0 (up to 0m)
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
Available Antennas: TX 0 RX 0
Supported interface modes:
* IBSS
* managed
* AP
* monitor
* P2P-client
* P2P-GO
Band 1:
Capabilities: 0x19f2
HT20/HT40
Static SM Power Save
RX Greenfield
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 7935 bytes
DSSS/CCK HT40
.
.
. I truncated the output because it can span multiple pages. Compared to iwlist, iw gives a much more detailed and comprehensive list of the hardware capabilities all in one output.
Finally, iw can scan the air for all available SSIDS:
netbeez.net $iw wlan0 scan | more
BSS 38:3b:c8:3e:d4:3a(on wlan0) -- associated
TSF: 858900650685 usec (9d, 22:35:00)
freq: 5660
beacon interval: 100 TUs
capability: ESS Privacy SpectrumMgmt ShortSlotTime (0x0511)
signal: -64.00 dBm
last seen: 0 ms ago
SSID: netbeez
Supported rates: 6.0* 9.0 12.0* 18.0 24.0 36.0 48.0 54.0
DS Parameter set: channel 132
Country: US Environment: Indoor/Outdoor
Channels [36 - 36] @ 30 dBm
Channels [40 - 40] @ 30 dBm
Channels [44 - 44] @ 30 dBm
Channels [48 - 48] @ 30 dBm
Channels [52 - 52] @ 24 dBm
Channels [56 - 56] @ 24 dBm
Channels [60 - 60] @ 24 dBm
Channels [64 - 64] @ 24 dBm
Channels [100 - 100] @ 24 dBm
Channels [104 - 104] @ 24 dBm
Channels [108 - 108] @ 24 dBm
Channels [112 - 112] @ 24 dBm
…
BSS 88:96:4e:e1:46:60(on wlan0)
TSF: 858900650709 usec (9d, 22:35:00)
freq: 2412
beacon interval: 100 TUs
capability: ESS Privacy ShortSlotTime RadioMeasure (0x1411)
signal: -48.00 dBm
last seen: 0 ms ago
SSID: D0ntsteamywifi
Supported rates: 1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0
DS Parameter set: channel 1
ERP: <no flags>
Extended supported rates: 6.0 9.0 12.0 48.0
RSN: * Version: 1
* Group cipher: CCMP
* Pairwise ciphers: CCMP
* Authentication suites: PSK
* Capabilities: 16-PTKSA-RC 1-GTKSA-RC (0x000c)
BSS Load:
* station count: 0
* channel utilisation: 157/255
* available admission capacity: 0 [*32us]
HT capabilities:
Capabilities: 0x9ad
RX LDPC
HT20
SM Power Save disabled
RX HT20 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 7935 bytes
No DSSS/CCK HT40 Again, iw gives much more information about the available SSIDs and their access point compared to iwlist.
If you are new to using these commands, I’d suggest to start using iw which is newer and gives much more information than the wireless-tools commands. It’s also actively maintained and supports newer drivers compared to the deprecated wireless-tools.
