Skip to content

Latest commit

 

History

History
289 lines (219 loc) · 7.44 KB

connect_wifi_from_terminal_kali_linux.md

File metadata and controls

289 lines (219 loc) · 7.44 KB

当前无线网络已经越来越普遍,并且802.11工作组已经推出了802.11i作为网络安全标准的最新改进,取代了古老的WEP技术。

配置

  • 首先使用以下命令查找可用的无线网络设备:
iw dev

可以看到输出

phy#0
	Interface wlan0
		ifindex 3
		wdev 0x1
		addr 94:eb:cd:8e:eb:3f
		type managed

iw是一个新型的nl80211无线网络设备命令行配置工具,支持所有最新加入到内核的设备驱动。以前使用的iwconfig工具,也就是用于配置无线扩展接口的工具,已经停止开发并且推荐切换到iwnl80211

以上命令输出可以看到,系统中只有一块无线网卡,接口命名是wlan0并且被设置成phy#0,类型是managed(也就是该设备是Wi-Fi状态或者客户端已经连接打一个访问点AP),硬件地址(Mac Address)是94:eb:cd:8e:eb:3f

当然,也可以使用旧命令iwconfig查看所有设备。

wlan0     IEEE 802.11bgn  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:on
  • 检查设备状态是UP还是DOWN
ip link show wlan0

输出显示

3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 94:eb:cd:8e:eb:3f brd ff:ff:ff:ff:ff:ff

上述ip命令用于显示路由,设备,策略路由和隧道(tunnels),也可以用于激活或禁用设备,并且可以用来查找常规的网络信息。

  • 激活wifi接口:
ip link set wlan0 up

然后再次使用ip link show wlan0可以看到如下输出

3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 94:eb:cd:8e:eb:3f brd ff:ff:ff:ff:ff:ff
  • 现在可以检查WiFi网络是否连接
iw wlan0 link

显示输出没有连接

Not connected.
  • 扫描所有附近无线网络:
iw wlan0 scan

显示输出

BSS c8:3a:35:27:0d:f0(on wlan0)
	TSF: 0 usec (0d, 00:00:00)
	freq: 2442
	beacon interval: 100 TUs
	capability: ESS Privacy ShortSlotTime (0x0411)
	signal: -31.00 dBm
	last seen: 0 ms ago
	SSID: 1702
	Supported rates: 1.0* 2.0* 5.5 11.0 18.0 24.0 36.0 54.0
	DS Parameter set: channel 7
	ERP: <no flags>
	ERP D4.0: <no flags>
	Extended supported rates: 6.0 9.0 12.0 48.0
	HT capabilities:
		Capabilities: 0x187e
			HT20/HT40
			SM Power Save disabled
			RX Greenfield
			RX HT20 SGI
			RX HT40 SGI
			No RX STBC
			Max AMSDU length: 7935 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 8 usec (0x06)
		HT RX MCS rate indexes supported: 0-7
		HT TX MCS rate indexes are undefined
	HT operation:
		 * primary channel: 7
		 * secondary channel offset: below
		 * STA channel width: any
		 * RIFS: 1
		 * HT protection: no
		 * non-GF present: 1
		 * OBSS non-GF present: 0
		 * dual beacon: 0
		 * dual CTS protection: 0
		 * STBC beacon: 0
		 * L-SIG TXOP Prot: 0
		 * PCO active: 0
		 * PCO phase: 0
	WPA:	 * Version: 1
		 * Group cipher: CCMP
		 * Pairwise ciphers: CCMP
		 * Authentication suites: PSK
		 * Capabilities: 16-PTKSA-RC 1-GTKSA-RC (0x000c)
	WMM:	 * Parameter version 1
		 * BE: CW 15-1023, AIFSN 3
		 * BK: CW 15-1023, AIFSN 7
		 * VI: CW 7-15, AIFSN 2, TXOP 3008 usec
		 * VO: CW 3-7, AIFSN 2, TXOP 1504 usec

可以看到,这里的SSID名字是 1702 也就是我们要连接的无线AP,这里的安全协议是WPA

  • 使用wpa_supplicant工具生成一个配置文件,包含无线网络的预先共享密钥(也就是密码):

wpa_passphrase [ ssid ] [ passphrase ]

wpa_passphrase 1702 PASSWORD >> /etc/wpa_supplicant.conf

工具命令 wpa_passphrase 会自动根据扫描获得的WiFi SSID对应的信息生成配置文件。

  • 现在我们具备了配置文件,包含了SSID,就可以使用wpa_supplicant命令连接无线网络了:
wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant.conf

-B 参数表示将wpa_supplicant运行在后台

-D 表示指定无线网络驱动,wext是通用驱动

-c 指定配置文件

这里有一个错误输出,可能和后续使用systemctl来运行wpa_supplicant失败相关(systemd发现返回失败)

Successfully initialized wpa_supplicant
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument
  • 此时再次使用iw命令应征连接SSID
iw wlan0 link

显示输出

Connected to c8:3a:35:27:0d:f0 (on wlan0)
	SSID: 1702
	freq: 2442
	RX: 983 bytes (9 packets)
	TX: 387 bytes (3 packets)
	signal: -35 dBm
	tx bitrate: 1.0 MBit/s

	bss flags:	short-slot-time
	dtim period:	3
	beacon int:	100

注意:此时还没有获得IP地址

  • 通过DHCP获取地址
dhclient wlan0
  • 再次检查IP地址
ip addr show wlan0

显示输出已经获得地址

3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 94:eb:cd:8e:eb:3f brd ff:ff:ff:ff:ff:ff
    inet 192.168.9.88/24 brd 192.168.9.255 scope global dynamic wlan0
       valid_lft 1775sec preferred_lft 1775sec
    inet6 fe80::96eb:cdff:fe8e:eb3f/64 scope link
       valid_lft forever preferred_lft forever
  • 检查路由:

我这里使用的是通过USB接口连接笔记本电脑的树莓派Zero,所以默认的时候路由是通过USB接口,这里需要修改 /etc/network/interfaces

auto wlan0
iface wlan0 inet dhcp
  • 注意:要激活wpa_supplicant,这样下次启动才会自动运行
systemctl enable wpa_supplicant

显示输出

Created symlink /etc/systemd/system/dbus-fi.w1.wpa_supplicant1.service → /lib/systemd/system/wpa_supplicant.service.
Created symlink /etc/systemd/system/multi-user.target.wants/wpa_supplicant.service → /lib/systemd/system/wpa_supplicant.service.

这表明需要修改 /lib/systemd/system/wpa_supplicant.service 配置文件:

[Unit]
Description=WPA supplicant
Before=network.target
After=dbus.service
Wants=network.target

[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
#ExecStart=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
ExecStart=/sbin/wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant.conf

[Install]
WantedBy=multi-user.target
Alias=dbus-fi.w1.wpa_supplicant1.service

修改配置文件后,再次执行systemctl restart wpa_supplicant

不过,我还是遇到问题显示

● wpa_supplicant.service - WPA supplicant
   Loaded: loaded (/lib/systemd/system/wpa_supplicant.service; enabled; vendor p
   Active: inactive (dead) since Wed 2019-01-23 00:13:03 CST; 1min 23s ago
  Process: 786 ExecStart=/sbin/wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant
 Main PID: 786 (code=exited, status=0/SUCCESS)

Jan 23 00:13:03 kali systemd[1]: Starting WPA supplicant...
Jan 23 00:13:03 kali wpa_supplicant[786]: Successfully initialized wpa_supplican
Jan 23 00:13:03 kali wpa_supplicant[786]: Failed to create interface p2p-dev-wla
Jan 23 00:13:03 kali wpa_supplicant[786]: nl80211: Failed to create a P2P Device
Jan 23 00:13:03 kali wpa_supplicant[786]: P2P: Failed to enable P2P Device inter
Jan 23 00:13:03 kali systemd[1]: Started WPA supplicant.

显示初始化设备失败。

当前还是通过命令脚本启动


参考