SDB:Traquer les problèmes wireless

Aller à : navigation, rechercher
Language.png Cette page n'est pas encore traduite (ou pas complètement)

Cet article a besoin d'être traduit. Merci de participer au travail si vous en avez le temps et la compétence.
Si vous cherchez quelque chose à faire, regardez les autres Pages à traduire.


This page aims to be a guide on how to track down wireless issues as a lot of components are involved when setting up a wireless connection either using NetworkManager or Yast.

The main components used when setting up a wireless connection are:

  • nm-applet or KNetworkManager
  • NetworkManager and/or Yast
  • wpa_supplicant
  • the wireless driver (some in conjunction with mac80211)

Common Pitfalls

Kill Switch

Most built-in wireless cards may be activated/deactivated using a hardware switch. Make sure the wireless device is physically enabled. If the hardware switch is deactivated the driver has no chance to set the wireless network up.


Some wireless devices (e.g. iwl3945, iwlagn, b43, ...) need a so-called firmware which has to be provided by the host operating system. Some firmware files are already provided with OpenSUSE in form of rpm packages (e.g. iwl3945-ucode or ralink-firmware) but some firmware files may not be provided due to legal reasons. Hence they have to be installed manually. Some of these firmware files may be downloaded with scripts provided in /usr/sbin (e.g. install_acx100_firmware, install_bcm43xx_firmware and install_intersil_firmware).

Channels 12,13 and 14 are disabled (wrong regulatory domain)

As of OpenSUSE 11.0 most wireless drivers depend on mac80211. However the wireless stack has not implemented regulatory domain handling yet. In order to stay FCC compliant the stack enables only the minimal subset of available channels (1-11 in the bg-band). For example in Germany the channels 12 and 13 are allowed too but disabled by default. These channels can be enabled by overwriting the regulatory domain (allowed parameters are US, EU and JP):

echo "options cfg80211 ieee80211_regdom=EU" > /etc/modprobe.d/cfg80211 

Either reload all wireless modules (mac80211, cfg80211, iwl3945, etc.) or just reboot to enable the new regulatory domain.


Which logs are needed

In order to track down wireless issues with NetworkManager the following logs are needed after a failed connection attempt:

  • /var/log/NetworkManager
  • /var/log/wpa_supplicant (if possible with verbose debug output)
  • the output of dmesg

Enable wpa_supplicant debug output


To get maximum debug output from wpa_supplicant you have to modify the file /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service.

Just change the line

Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log


Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -dddt -f /var/log/wpa_supplicant.log

and run the following commands as root:

> rcnetwork stop
> killall wpa_supplicant
> rcnetwork start

Now wpa_supplicant will write very verbose debug output to /var/log/wpa_supplicant.log

Short Term

If the debug output should be enabled only for a short period of time (for example to debug one connection attempt) the debug level can be changed with

> kill -SIGUSR1 `pidof wpa_supplicant`

The supplicant log (/var/log/wpa_supplicant) will print a line indicating the new debug level:

Signal 10 received - changing debug level to MSGDUMP

How to set up a connection manually

Stop NetworkManager and wpa_supplicant

In order to set up a connection manually ensure that no instance of NetworkManager or wpa_supplicant is running at the moment.

> rcnetwork stop
> killall wpa_supplicant

If your access point does not use any security you may use plain iwconfig for setting the connection up. Even WEP secured connections can be set up this way. For all other connection types (WPA-PSK, WPA-EAP, 802.1x with dynamic WEP) wpa_supplicant is required.

Basic commands

First run iwconfig to find out which wireless interface you want to use.

> iwconfig
lo        no wireless extensions.

eth1      no wireless extensions.

eth0      unassociated  ESSID:""
          Mode:Managed  Frequency=2.412 GHz  Access Point: Not-Associated
          Bit Rate:0 kb/s   Tx-Power=20 dBm   Sensitivity=8/0
          Retry limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:3  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:53   Missed beacon:0

In this example eth0 is the wireless interface.

If you don't know the name (Essid) of your wireless network you might want to run a scan.

> iwlist eth0 scan
          Cell 02 - Address: XX:XX:XX:XX:XX:XX
                    Protocol:IEEE 802.11bg
                    Frequency:2.417 GHz (Channel 2)
                    Encryption key:off
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
                              11 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
                              48 Mb/s; 54 Mb/s
                    Quality=37/100  Signal level=-78 dBm
                    Extra: Last beacon: 488ms ago

This command prints all access points in range. If your access point doesn't show up in the list it does most likely not broadcast its essid. Try scanning for this specific network.

> iwlist eth0 scan essid your_essid_here


Unsecured connection

If you are using a mac80211-driver (e.g. iwl3934, iwl4965, ath5k, b43, rtl8187, rt2x00, ...) the interface has to be up before the connection can be established:

> ifconfig eth0 up

Setting up an unsecured wireless connection with iwconfig is quite easy.

> iwconfig eth0 essid your_essid_here

Wait a few seconds and run iwconfig to see if a connection was established.

> iwconfig eth0
eth0      IEEE 802.11g  ESSID:"XXXXXX"
          Mode:Managed  Frequency:2.417 GHz  Access Point: XX:XX:XX:XX:XX:XX
          Bit Rate:54 Mb/s   Tx-Power=20 dBm   Sensitivity=8/0
          Retry limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=58/100  Signal level=-68 dBm  Noise level=-90 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:10

The important information is

  • Access Point: XX:XX:XX:XX:XX:XX - should contain the MAC-address of your access point
  • Link Quality=58/100 - should be something else then 0
  • Signal level=-68 dBm - should be something else then 0
  • Noise level=-90 dBm - should be something else then 0

Now the wireless connection is set up :)

But before you can actually do something useful with this connection you have to get an IP address as described later (Getting an IP address).

WEP secured connection



Setting up a connection using wpa_supplicant is a bit more complicated than connection to an unsecured wireless network. You first have to write a configuration file which contains all needed information. The configuration file first contains some basic information which is identical for every network you want to connect to.


The next step is to include the required network block into the configuration file. The network block differs for each type of wireless security.

WPA with shared keys (PSK)

For a wpa-psk-secured network, just take this one and modify the parameters ssid and psk.




Starting the connection

To start the previously configured connection using wpa_supplicant run the following command

> wpa_supplicant -Dwext -ieth0 -c/etc/your_config_file -dddt

-Dwext tells wpa_supplicant to use the wext-driver for communication with the low level driver, most current drivers should work fie with this setting (at least add mac80211-based drivers).
-ieth0 describes which interface should be used for the wireless connection
-c/etc/your_config_file simply tells wpa_supplicant which configuration to use
-dddt enables maximum debug output

After a few seconds wpa_supplicant hopefully shows something like

1213018160.349324: State: GROUP_HANDSHAKE -> COMPLETED
1213018160.349334: CTRL-EVENT-CONNECTED - Connection to XX:XX:XX:XX:XX:XX completed (auth) [id=0 id_str=]
1213018160.349341: wpa_driver_wext_set_operstate: operstate 0->1 (UP)
1213018160.349348: WEXT: Operstate: linkmode=-1, operstate=6
1213018160.349880: EAPOL: External notification - portValid=1
1213018160.349899: EAPOL: External notification - EAP success=1
1213018160.349905: EAPOL: SUPP_PAE entering state AUTHENTICATING
1213018160.349911: EAPOL: SUPP_BE entering state SUCCESS
1213018160.349917: EAP: EAP entering state DISABLED
1213018160.349924: EAPOL: SUPP_PAE entering state AUTHENTICATED
1213018160.349930: EAPOL: SUPP_BE entering state IDLE
1213018160.349954: RTM_NEWLINK: operstate=1 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
1213018160.349965: RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
1213018161.356786: RSN: processing PMKSA candidate list
1213018161.356821: RSN: not in suitable state for new pre-authentication
1213018161.852768: EAPOL: startWhen --> 0

The wireless connection is set up and you can verify it by using iwconfig on a new console as described before.


To make life somewhat easier, wpa_supplicant has two companion applications wpa_cli and wpa_gui. While wpa_cli is part of the wpa_supplicant package, you will need to install wpa_gui separately.

# zypper in wpa_supplicant-gui

For wpa_gui to be able to cooperate with wpa_supplicant, we need to edit the file /etc/wpa_supplicant/wpa_supplicant.conf with gedit or your favorite editor.

# gedit /etc/wpa_supplicant/wpa_supplicant.conf

We simply add "update_config=1" after the existing lines and save the file. For reference to wpa_supplicant configuration see /usr/share/doc/packages/wpa_supplicant/wpa_supplicant.conf

Now we start wpa_supplicant

# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf -B

followed by

# wpa_gui

The wpa_gui dialog opens, we press scan and are presented with a window listing all detected Access Points. Double clicking on any one entry opens yet another dialog which lets us enter the passphrase, by pressing Add, the network is added to wpa_gui and connection is made. This works for open, WEP and WPA encrypted networks. wpa_gui also writes the proper parameters to wpa_supplicant.conf, so if you're interested what they look like, do

# cat /etc/wpa_supplicant/wpa_supplicant.conf

Note: wpa_gui will not work with the instance of wpa_supplicant started by NetworkManager, as that is using D-Bus to communicate. It works perfectly with the instance started by ifup though, not even a configuration file is needed.

Getting an IP address


If your network uses dhcp for IP address assignment you need to first check for instances of dhcpcd or dhclient running and stop them, if any.

> ps -A | grep dhc
# kill pid

Now you can use either dhcpcd wlan0 | eth1 or dhclient wlan0 | eth1 to acquire an IP address

# dhcpcd wlan0

If dhccpcd returns to the commandline the interface should have an IP address assigned. That can be verified using ifconfig.

> ifconfig wlan0
eth0      Protokoll:Ethernet  Hardware Adresse XX:XX:XX:XX:XX:XX
          inet Adresse:  Bcast:  Maske:
          inet6 Adresse: fe80::212:f0ff:fe39:49b4/64 Gültigkeitsbereich:Verbindung
          RX packets:104 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 Sendewarteschlangenlänge:1000
          RX bytes:46360 (45.2 Kb)  TX bytes:1468 (1.4 Kb)
          Interrupt:23 Speicher:b4001000-b4001fff

The relevant part is inet Adresse:

Manual IP setup

Just set the desired IP address using ifconfig

> ifconfig eth0

Verify if the connection is working

The best way to determine if the connection is up and running is to ping an internet site

>  ping
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=242 time=156 ms
64 bytes from ( icmp_seq=2 ttl=242 time=151 ms
64 bytes from ( icmp_seq=3 ttl=242 time=151 ms
--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2008ms
rtt min/avg/max/mdev = 151.011/152.976/156.665/2.648 ms

If the output looks like the above the connection is working!

If you don't get that response, you may want to check whether at least the AP is reachable. In this example

PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=1.75 ms
64 bytes from icmp_seq=2 ttl=64 time=2.14 ms
64 bytes from icmp_seq=3 ttl=64 time=1.75 ms
64 bytes from icmp_seq=4 ttl=64 time=1.84 ms
--- ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3012ms
rtt min/avg/max/mdev = 1.754/1.874/2.145/0.160 ms

If you can ping the AP but no Internet address, there is someting wrong with name resolution. This could be caused by two NICs being enabled (i.e. wired and wireless) where each one has dhcpcd running.

Please take down both interfaces and then up the wireless NIC and retry from top.

# ifdown eth0
# ifdown wlan0 
# ifup wlan0

TODO: Explain what to do now..

Capturing packets aka monitor mode

Needed software

For capturing packets on a wireless interface you can use kismet. Afterwards Wireshark is able to read a capture file produced by kismet and show the packets in a user friendly way.

Enable monitor mode for mac80211 based drivers



Q: My connection is dropped every few minutes
A: Some access points tend to drop connections if the client is inactive for a specific amount of time. Sometimes this behavior can be changed in the access points configuration interface.



Helmut Schaa <>