1. 基本网络指令
(01) 查看网络配置情况
$ ifconfig
或
$ ifconfig -a
说明:-a会查看所有网络配置
(02) 启用/禁用以太网或wifi
$ ifconfig eth0 up
或
$ ifconfig eth0 down
或
$ ifconfig wlan0 up
或
$ ifconfig wlan0 down
说明:eth0和wlan0分别是以太网和wifi的节点。
(03) 查看无线网络配置情况
$ iwconfig
(04) 通过指令连接wifi
$ iwconfig wlan0 essid WirelessPoint key 012345678
其中,wlan0是wifi的网络节点,WirelessPoint是无线网络的SSID名称,而012345678则是无限网络的密码。
$ wpa_supplicant -d -Dwext -iwlan0 -cwpa_supplicant.conf
其中,-d是增加调试信息;-Dext是执行驱动的名称是ext;-iwlan0是指定无线网络节点名称是wlan0;-cwpa_supplicant.conf是指定配置文件是wpa_supplicant.conf。
(05) 查看有线网络的ip信息
$ ip -4 addr show dev eth0
说明:它的作用是查看eth0节点的ipv4信息;如果去掉-4,则同时查看ipv4和ipv6信息。eth0表示网络节点。
(06) 设置有线网络的ip信息
$ ifconfig eth0 192.168.4.1 netmask 255.255.255.0 up
或
$ ip -4 addr add 192.168.4.1 dev eth0
2. Wifi网络
(01) 查看网络状态
$ ifconfig -a
(02) 启动wifi
$ ifconfig wlan0 up
(03) 搜索wifi
$ iwlist wlan0 scan
2.1 通过wireless-tools连接wifi
wireless-tools连接wifi,只能连接"没有密码"或者"使用WEP加密"的wifi。对于WPA加密的wifi,是无法通过wireless-tools来连接的;但是,可以使用wpa_supplicant来连接wpa加密的wifi。
(01) 连接到SSID为skywang,且没有密码的wifi。
$ iwconfig wlan0 essid "skywang"
(02) 连接到SSID为skywang,加密类型是WEP,密码是12345678的wifi。
$ iwconfig wlan0 essid "skywang" key 12345678
2.2 通过wpa_supplicant连接wifi
wpa_supplicant几乎支持任意加密或非加密的wifi。wpa_supplicant有两种连接方式,一种是使用wpa_cli进行连接;另一种是使用配置文件。
参考链接:
https://wiki.archlinux.org/index.php/WPA_supplicant
第1种 使用wpa_cli
步骤1:新建配置文件/etc/wpa_supplicant/example.conf
ctrl_interface=/run/wpa_supplicant
update_config=1
说明:ctrl_interface表示控制套接字,这里的路径设置为/var/run/wpa_supplicant,在wpa_supplicant运行的时候,会自动建立该文件。
update_config表示是否wpa_supplicant可以更新该配置文件,这里值为1表示可以更新。
步骤2:运行wpa_supplicant,并使用"步骤1"中的配置文件
$ sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/example.conf
说明:wlan0是wifi的节点。
步骤3:通过wpa_cli连接wifi
这里假设需要连接到的网络的信息是:SSID为skywang,密码是12345678,加密类型是WPA2。
通过wpa_cli连接wifi,需要通过几步。
> scan // 进行扫描
OK // 输出
<3>CTRL-EVENT-SCAN-RESULTS // 输出
> scan_results // 查看扫描结果
bssid / frequency / signal level / flags / ssid
00:00:00:00:00:00 2462 -49 [WPA2-PSK-CCMP][ESS] MYSSID
11:11:11:11:11:11 2437 -64 [WPA2-PSK-CCMP][ESS] ANOTHERSSID
> add_network // 添加网络
0 // 输出。表示添加的网络id是0
> set_network 0 ssid "skywang" // 设置网络0的ssid为skywang
> set_network 0 psk "12345678" // 设置网络0的密码为12345678
> enable_network 0 // 启用网络0
> status // 查看网络状态,看wifi是否连上
> save_config // 最后,若wifi连上,则保存网络0的信息到配置文件example.conf中
步骤4:启用wlan0的dhcp功能
经过步骤3之后,通过ifconfig查看,wlan0可能还没有分配IP地址。此时,需要通过DHCP给wlan0分配IP。
$ sudo dhclient wlan0
或者
$ sudo dhcpcd wlan0
此时,wifi就应该连接成功了!
注意:wpa_supplicant与network-manager可能有冲突!若有异常错误,可以卸载network-manager后重试。。
wpa_cli指令表
| 指令 | 缩写 | 说明 |
|---|---|---|
| status | stat | displays the current connection status |
| disconnect | disc | prevents wpa_supplicant from connecting to any access point |
| quit | q | exits wpa_cli |
| terminate t | erm k | ills wpa_supplicant |
| reconfigure r | econ r | eloads wpa_supplicant with the configuration file supplied (-c parameter) |
| scan s | can s | cans for available access points (only scans it, doesn't display anything) |
| scan_result s | can_r d | isplays the results of the last scan |
| list_networks l | ist_n d | isplays a list of configured networks and their status (active or not, enabled or disabled) |
| select_network s | elect_n s | elect a network among those defined to initiate a connection (ie select_network 0) |
| enable_network e | nable_n m | akes a configured network available for selection (ie enable_network 0) |
| disable_network d | isable_n m | akes a configured network unavailable for selection (ie disable_network 0) |
| remove_network r | emove_n r | emoves a network and its configuration from the list (ie remove_network 0) |
| add_network a | dd_n a | dds a new network to the list. Its id will be created automatically |
| set_network s | et_n s | hows a very short list of available options to configure a network when supplied with no parameters. See next section for a list of extremely useful parameters to be used with set_network and get_network. |
| get_network g | et_n d | isplays the required parameter for the specified network. See next section for a list of parameters |
| save_config s | ave_c s | aves the configuration |
第2种 使用配置文件
步骤1:新建配置文件/etc/wpa_supplicant/wpa_supplicant.conf。
假设需要连接到的网络的信息是:SSID为skywang,密码是12345678,加密类型是WPA2。
则wpa_supplicant.conf的配置信息如下:
ctrl_interface=/run/wpa_supplicant
update_config=1
network={
ssid="skywang"
psk="12345678"
}
步骤2:通过指令去连接wifi。
# sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
或
# sudo wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
或
# sudo wpa_supplicant -d -D nl80211,wext -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
2.3 wifi网络移植
步骤1:通过wpa_supplicant的/etc/wpa_supplicant/wpa_supplicant.conf连接网络
wpa_supplicant.conf的配置信息如下:
ctrl_interface=DIR=/run/wpa_supplicant GROUP=ubuntu
update_config=1
说明:务必要加DIR和GROUP,GROUP表示ubuntu用户组的成员都可以使用wpa_supplicant。
否则,只有root才能使用!
步骤2:/etc/network/interfaces配置文件的内容
auto lo
iface lo inet lopback
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
步骤3:安装wpa_gui
$sudo apt-get install wpagui
步骤4:重启电脑,然后打开wpa_gui工具。就可以从界面去连接网络了。
wpa_supplicant.conf配置模板
# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
network={
ssid="simple"
psk="very secret passphrase"
priority=5
}
# Same as previous, but request SSID-specific scanning (for APs that reject
# broadcast SSID)
network={
ssid="second ssid"
scan_ssid=1
psk="very secret passphrase"
priority=2
}
# Only WPA-PSK is used. Any valid cipher combination is accepted.
network={
ssid="example"
proto=WPA
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
priority=2
}
# WPA-Personal(PSK) with TKIP and enforcement for frequent PTK rekeying
network={
ssid="example"
proto=WPA
key_mgmt=WPA-PSK
pairwise=TKIP
group=TKIP
psk="not so secure passphrase"
wpa_ptk_rekey=600
}
# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
# or WEP40 as the group cipher will not be accepted.
network={
ssid="example"
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TLS
identity="user@example.com"
ca_cert="/etc/cert/ca.pem"
client_cert="/etc/cert/user.pem"
private_key="/etc/cert/user.prv"
private_key_passwd="password"
priority=1
}
# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
# (e.g., Radiator)
network={
ssid="example"
key_mgmt=WPA-EAP
eap=PEAP
identity="user@example.com"
password="foobar"
ca_cert="/etc/cert/ca.pem"
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
priority=10
}
# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
# unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
identity="user@example.com"
anonymous_identity="anonymous@example.com"
password="foobar"
ca_cert="/etc/cert/ca.pem"
priority=2
}
# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted
# use. Real identity is sent only within an encrypted TLS tunnel.
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
identity="user@example.com"
anonymous_identity="anonymous@example.com"
password="foobar"
ca_cert="/etc/cert/ca.pem"
phase2="auth=MSCHAPV2"
}
# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
# authentication.
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
# Phase1 / outer authentication
anonymous_identity="anonymous@example.com"
ca_cert="/etc/cert/ca.pem"
# Phase 2 / inner authentication
phase2="autheap=TLS"
ca_cert2="/etc/cert/ca2.pem"
client_cert2="/etc/cer/user.pem"
private_key2="/etc/cer/user.prv"
private_key2_passwd="password"
priority=2
}
# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and
# group cipher.
network={
ssid="example"
bssid=00:11:22:33:44:55
proto=WPA RSN
key_mgmt=WPA-PSK WPA-EAP
pairwise=CCMP
group=CCMP
psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
}
# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP
# and all valid ciphers.
network={
ssid=00010203
psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
}
# EAP-SIM with a GSM SIM or USIM
network={
ssid="eap-sim-test"
key_mgmt=WPA-EAP
eap=SIM
pin="1234"
pcsc=""
}
# EAP-PSK
network={
ssid="eap-psk-test"
key_mgmt=WPA-EAP
eap=PSK
anonymous_identity="eap_psk_user"
password=06b4be19da289f475aa46a33cb793029
identity="eap_psk_user@example.com"
}
# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using
# EAP-TLS for authentication and key generation; require both unicast and
# broadcast WEP keys.
network={
ssid="1x-test"
key_mgmt=IEEE8021X
eap=TLS
identity="user@example.com"
ca_cert="/etc/cert/ca.pem"
client_cert="/etc/cert/user.pem"
private_key="/etc/cert/user.prv"
private_key_passwd="password"
eapol_flags=3
}
# LEAP with dynamic WEP keys
network={
ssid="leap-example"
key_mgmt=IEEE8021X
eap=LEAP
identity="user"
password="foobar"
}
# EAP-IKEv2 using shared secrets for both server and peer authentication
network={
ssid="ikev2-example"
key_mgmt=WPA-EAP
eap=IKEV2
identity="user"
password="foobar"
}
# EAP-FAST with WPA (WPA or WPA2)
network={
ssid="eap-fast-test"
key_mgmt=WPA-EAP
eap=FAST
anonymous_identity="FAST-000102030405"
identity="username"
password="password"
phase1="fast_provisioning=1"
pac_file="/etc/wpa_supplicant.eap-fast-pac"
}
network={
ssid="eap-fast-test"
key_mgmt=WPA-EAP
eap=FAST
anonymous_identity="FAST-000102030405"
identity="username"
password="password"
phase1="fast_provisioning=1"
pac_file="blob://eap-fast-pac"
}
# Plaintext connection (no WPA, no IEEE 802.1X)
network={
ssid="plaintext-test"
key_mgmt=NONE
}
# Shared WEP key connection (no WPA, no IEEE 802.1X)
network={
ssid="static-wep-test"
key_mgmt=NONE
wep_key0="abcde"
wep_key1=0102030405
wep_key2="1234567890123"
wep_tx_keyidx=0
priority=5
}
# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
# IEEE 802.11 authentication
network={
ssid="static-wep-test2"
key_mgmt=NONE
wep_key0="abcde"
wep_key1=0102030405
wep_key2="1234567890123"
wep_tx_keyidx=0
priority=5
auth_alg=SHARED
}
# IBSS/ad-hoc network with RSN
network={
ssid="ibss-rsn"
key_mgmt=WPA-PSK
proto=RSN
psk="12345678"
mode=1
frequency=2412
pairwise=CCMP
group=CCMP
}
# IBSS/ad-hoc network with WPA-None/TKIP (deprecated)
network={
ssid="test adhoc"
mode=1
frequency=2412
proto=WPA
key_mgmt=WPA-NONE
pairwise=NONE
group=TKIP
psk="secret passphrase"
}
# open mesh network
network={
ssid="test mesh"
mode=5
frequency=2437
key_mgmt=NONE
}
# secure (SAE + AMPE) network
network={
ssid="secure mesh"
mode=5
frequency=2437
key_mgmt=SAE
psk="very secret passphrase"
}
# Catch all example that allows more or less all configuration modes
network={
ssid="example"
scan_ssid=1
key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
psk="very secret passphrase"
eap=TTLS PEAP TLS
identity="user@example.com"
password="foobar"
ca_cert="/etc/cert/ca.pem"
client_cert="/etc/cert/user.pem"
private_key="/etc/cert/user.prv"
private_key_passwd="password"
phase1="peaplabel=0"
}
# Example of EAP-TLS with smartcard (openssl engine)
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TLS
proto=RSN
pairwise=CCMP TKIP
group=CCMP TKIP
identity="user@example.com"
ca_cert="/etc/cert/ca.pem"
client_cert="/etc/cert/user.pem"
engine=1
# The engine configured here must be available. Look at
# OpenSSL engine support in the global section.
# The key available through the engine must be the private key
# matching the client certificate configured above.
# use the opensc engine
#engine_id="opensc"
#key_id="45"
# use the pkcs11 engine
engine_id="pkcs11"
key_id="id_45"
# Optional PIN configuration; this can be left out and PIN will be
# asked through the control interface
pin="1234"
}
# Example configuration showing how to use an inlined blob as a CA certificate
# data instead of using external file
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
identity="user@example.com"
anonymous_identity="anonymous@example.com"
password="foobar"
ca_cert="blob://exampleblob"
priority=20
}
blob-base64-exampleblob={
SGVsbG8gV29ybGQhCg==
}
# Wildcard match for SSID (plaintext APs only). This example select any
# open AP regardless of its SSID.
network={
key_mgmt=NONE
}
# Example configuration blacklisting two APs - these will be ignored
# for this network.
network={
ssid="example"
psk="very secret passphrase"
bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66
}
# Example configuration limiting AP selection to a specific set of APs;
# any other AP not matching the masked address will be ignored.
network={
ssid="example"
psk="very secret passphrase"
bssid_whitelist=02:55:ae:bc:00:00/ff:ff:ff:ff:00:00 00:00:77:66:55:44/00:00:ff:ff:ff:ff
}
# Example config file that will only scan on channel 36.
freq_list=5180
network={
key_mgmt=NONE
}