Wi-Fi Protected Access client and IEEE 802.1X supplicant

wpa_supplicant [ -BddfhKLqqsTtuvW ] [ -i ifname ] [ -c config file ] [ -D driver ] [ -P PID_file ] [ -f output file ]

Some options have global scope.
Option groups for different interfaces must be separated by -N
filenames should be full ie not relative.

-W Wait for a control interface monitor before starting.
-B background.
-P PID_file
-d debugging messages(-dd even more).
-q quite debugging verbosity (-qq even less).
-t timestamp included in debug messages.
-K keys (passwords, etc.)Included in debug output.
-s Log output to syslog instead of stdout. (if built with the CONFIG_DEBUG_SYSLOG
-T Log output to tracing in addition . (if built with the CONFIG_DEBUG_LINUX_TRACING
-f output file Log output to instead of stdout. (if built with the CONFIG_DEBUG_FILE .)
-e entropy file to maintain its internal entropy store in over restarts.
-g global ctrl_interface Path to global ctrl_interface socket. If specified, interface definitions may be omitted.
-u Enable DBus control interface. If enabled, interface definitions may be omitted. (if built with CONFIG_DBUS
-N new interface description follows
-i ifname Interface.
-c filename configuration file.
-C ctrl_interface Path to ctrl_interface socket Not with -c
-O override ctrl_interface Override the ctrl_interface parameter for new interfaces.
-b br_ifname bridge interface name.
-D driver can be multiple drivers: (example: nl80211,wext). See the available options.
-p parameters for driver.
-o override driver Override the driver parameter for new interfaces.
-L Show license (BSD).
-v Show version.
wpa_supplicant v2.4
Copyright (c) 2003-2015, Jouni Malinen  and contributors
-h Help. Show a usage message.

Driver backends that may be used with -D (driver) see wpa_supplicant -h.

       wext       Linux wireless extensions (generic).  
       wired      wpa_supplicant wired Ethernet driver 
       roboswitch wpa_supplicant Broadcom switch driver 
       bsd        BSD 802.11 support (Atheros, etc.).  
       ndis       Windows NDIS driver.


In most common cases, start with:
wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0 # fork into background.
Start on foreground with debugging :
wpa_supplicant -d -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0
If the specific driver wrapper is not known beforehand, it is possible to specify multiple comma separated driver wrappers on the the first driver wrapper that is able to initialize the interface.
wpa_supplicant -Dnl80211,wext -c/etc/wpa_supplicant.conf -iwlan0
Control multiple interfaces (radios) either by running one process for each interface separately or by running just one process and list of options.
Each interface is separated with -N. Example:
wpa_supplicant \
-c wpa1.conf -i wlan0 -D nl80211 \
-N \
-c wpa2.conf -i ath0 -D wext




  1. Make configuration file, wpa_supplicant.conf
    # ANY error here will prevent the wifi network from starting

    ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev


  2. Test by running with in foreground with debugging :
    wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
    example output
    example -dd output
    wpa_supplicant -iwlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf -d
  3. start in background without debugging:
    wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
With more than one driver interface in the build time configuration (.config), specify which interface to use by including -Ddriver name.


Changes to pcmcia-cs scripts can be used to enable WPA support:
  1. Add MODE="Managed" and WPA="y" to the network scheme in /etc/pcmcia/wireless.opts.
  2. Add this block to the end of start action handler in /etc/pcmcia/wireless:
    if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
                      /usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf -i$DEVICE
  3. Add the following block to the end of stop action handler (may need to be separated from other actions)
    in /etc/pcmcia/wireless:
    if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
                      killall wpa_supplicant
This will make cardmgr start wpa_supplicant when the card is plugged in.


wpa_background(8) http://w1.fi wpa_supplicant.conf , wpa_cli(8) wpa_passphrase(8)

Unauthorized use of the network is much easier.
Unauthorized users can passively monitor a wireless network and capture all transmitted frames.