Working with the command line often seems like the preserve of select system administrators, but managing network interfaces through the terminal is a basic skill that can save you in a critical situation. When the GUI freezes, drivers behave incorrectly, or you're managing a remote server without a monitor, it's precisely this skill that matters. CLI (Command Line Interface) becomes your only window to the world.
Connecting to a wireless network from the console not only allows you to restore internet access, but also conduct in-depth signal diagnostics, identify hidden authentication issues, and configure settings unavailable in standard menus. Unlike graphical utilities, the terminal provides complete control over the connection process, allowing you to manually enter IP addresses, gateways and DNS servers.
In this article, we'll cover the basic methods of connecting to Wi-Fi in Linux and Windows operating systems using native tools and specialized utilities. You'll learn how to scan the air, manage security profiles, and automate the connection process using scripts, which is especially useful for setting up IoT devices or server racks.
Diagnostics and preparation of the network interface
Before attempting to establish a connection, you need to ensure that your wireless adapter is physically detected by the system and that the drivers are working correctly. In Linux, the gold standard for checking interface status has long been the utility ifconfig, however, modern distributions increasingly use its more powerful analogue - ip from the package iproute2.
To begin, run the command ip linkto see a list of all network interfaces. You need to find the device, whose name usually begins with wlan, wlp or wiIf the interface is marked as DOWN, it must be activated with the command sudo ip link set dev interface_name upThe absence of a wireless interface in the list may indicate a lack of drivers or a hardware shutdown via rfkill.
⚠️ Attention: If the team
rfkill listshows that the wireless connection is blocked by software (soft block) or hardware (hard block), usesudo rfkill unblock wifito unblock. Ignoring this step will render all connection attempts useless.
In the Windows operating system, the equivalent is the utility netsh. Team netsh wlan show interfaces will display detailed information about the adapter's status, including the current SSID, signal strength, and security type. Make sure the interface status is listed as "connected" or at least "disconnected," but not "not present."
It's also important to check whether the interface is blocked globally. In Linux, this is done using the command sudo rfkill list all. Status blocked: yes requires immediate attention. Once the interface is successfully activated, you can begin searching for available networks.
Scanning available networks and signal analysis
After activating the adapter, the next logical step is to search for available access points. In Linux, the utility iwlist or more modern iw. Team sudo iwlist interface_name scanning will display a detailed list of all visible networks within range, including their frequencies, channels, and encryption levels.
However, the "raw" conclusion iwlist can be difficult to understand. For easier analysis, they often use nmcli (NetworkManager command line interface), which is the de facto standard in many distributions. The command nmcli dev wifi list will display a list of networks in the form of a neat table, where the signal level in percentage and security type are immediately visible.
nmcli dev wifi list
In Windows, scanning is performed using the command netsh wlan show networks mode=bssidIt will display not only network names (SSIDs) but also BSSIDs (MAC addresses of access points), which is useful in densely populated areas where multiple routers may have the same name. Pay attention to the "Signal" parameter, which indicates reception quality.
Why are some networks not showing up when scanning?
Some hidden networks (SSIDs) don't broadcast their names. To connect to them, you need to know the exact network name in advance and use manual connection mode, explicitly specifying the SSID in the configuration file or command.
When analyzing the list of networks, pay attention to the security standards supported. Older protocols like WEP or WPA (without the prefix 2) are considered obsolete and insecure. Modern networks use WPA2-Personal or WPA3If you only see a network with WEP, this is a sign that your router configuration needs updating.
Using NetworkManager (nmcli) on Linux
The most universal and convenient way to connect in modern Linux distributions (Ubuntu, Fedora, Debian, Mint) is to use the utility nmcli, which controls the NetworkManager daemon. This tool not only allows you to connect but also save profiles for automatic connection in the future.
The process of connecting to a network with a password (WPA/WPA2) is as follows. You need to specify the interface name, the network SSID, and the password. The command syntax is quite intuitive:
nmcli dev wifi connect "Network_Name" password "Your_Password" ifname interface_name
If the connection is successful, NetworkManager will automatically create a connection profile, assign an IP address via DHCP, and set DNS. If a static IP address is required, the command can be expanded with parameters. ipv4.addresses, ipv4.gateway And ipv4.dns.
⚠️ Attention: When entering a password on the command line, it may appear in the bash command history. For security, use environment variables or enter the password interactively if the utility allows it, although
nmcliusually hides the input.
☑️ Checklist for a successful connection via nmcli
To view saved profiles, use the command nmcli connection showThis allows you to manage network priorities, delete old profiles, or edit existing ones without re-entering the password. For example, to activate a saved connection, simply enter nmcli connection up"Network_Name".
Connecting via wpa_supplicant and wpa_cli
In server or minimalist Linux builds where the heavyweight NetworkManager is not running, the main tool remains the bundle wpa_supplicant And wpa_cliThis method requires a deeper understanding of the authentication process, but provides maximum control.
The first step is to generate a hashed password, as storing it in plaintext in the configuration file is not recommended. For this, use the utility wpa_passphrase:
wpa_passphrase"Network_Name""Password" >> /etc/wpa_supplicant/wpa_supplicant.conf
After adding the configuration, you need to start the daemon wpa_supplicant, specifying the interface and path to the configuration file. A DHCP client is usually started in parallel (for example, dhcpcd or dhclient) to obtain an IP address. The entire process is often automated via systemd services.
| Parameter | Description | Example of meaning |
|---|---|---|
| ctrl_interface | Path for control socket | /var/run/wpa_supplicant |
| update_config | Permission to update config | 1 |
| ssid | Wireless network name | "HomeWiFi" |
| psk | Password hash or plaintext | "hash_value" |
| key_mgmt | Key management type | WPA-PSK |
Usage wpa_cli Allows you to interact with a running daemon interactively. You can scan networks, select them, and enter passwords on the fly without overwriting configuration files. This is especially useful for debugging connection issues.
Managing Wi-Fi in Windows via netsh
Windows users can also manage Wi-Fi exclusively from the command line, which is useful for writing automation scripts or remote administration. The main tool is netsh wlanBefore connecting, it is useful to check whether the Wi-Fi adapter is enabled using the command netsh wlan show interfaces.
To connect to a known network whose profile is already saved in the system, use the command:
netsh wlan connect name="Profile_Name" ssid="Network_Name"
If the profile hasn't yet been created, you can import it from an XML file. First, you'll need to export an existing profile from another computer or create a template manually, adding the SSID and security key. The import command looks like this: netsh wlan add profile filename="path\to\profile.xml".
In corporate environments, connecting to hidden networks or networks with specific security settings is often required. In this case, when creating a profile via XML, you can explicitly specify the setting. hidden and encryption type. Also through netsh You can control the priority of networks by moving profiles up or down in the preference list.
Automation and troubleshooting
Manually connecting via the terminal is a great way to understand networking principles, but in production, automation is key. In Linux, init scripts or systemd units can run nmcli or wpa_supplicant at boot, ensuring a connection before the user logs on.
A common problem is an unstable connection or the inability to obtain an IP address. In such cases, resetting the network settings can help. In Linux, this can be done with the command nmcli networking off followed by enabling or restarting the NetworkManager service. In Windows, resetting the TCP/IP stack with the command netsh int ip reset.
⚠️ Attention: Command line interfaces and utility parameters may vary depending on your Linux distribution or Windows edition. Always check the syntax using
--helporman, if the command does not work as expected.
To diagnose problems, ping the default gateway. If packets fail, check the routing table with the command ip route (Linux) or route print (Windows) No default route (0.0.0.0) indicates a problem with DHCP or manual gateway configuration.
Questions and Answers (FAQ)
How to connect to a hidden network (Hidden SSID) via terminal?
To connect to a hidden network in nmcli use the parameter hidden yes in the connection command: nmcli dev wifi connect"SSID" password"PASS" hidden yes. IN wpa_supplicant a line needs to be added scan_ssid=1 in the network configuration block.
What should I do if the terminal says "Device not managed"?
This error in Linux means that the network interface is being managed by another service (for example, networkd or ifupdown), not NetworkManager. You need to either switch control to NetworkManager via the configuration file /etc/NetworkManager/NetworkManager.conf, or use the tools of the service that is active.
Is it possible to connect to Wi-Fi without a password via a terminal?
Yes, if the network is open, just don't specify the password parameter. nmcli the command will look like this nmcli dev wifi connect"OpenNetwork"However, please remember that data transmission over open networks is not encrypted and is subject to interception.
How to save a password in plain text in wpa_supplicant?
Although it is less secure, you can replace the hash in the configuration file wpa_supplicant.conf per line psk="your_password"The next time the daemon is launched, it will hash it automatically, but while it's stored in the file, the password will be visible to anyone with read access to the file.
Why isn't 5GHz Wi-Fi working in the terminal?
This may be due to the driver's regional settings. Check your country code via sudo iw reg getIf it is set incorrectly (for example, CN instead of US or EU), some channels may be blocked. You can change the region using the command sudo iw reg set US (replace with your code).