The wpasupplicat's command line interface (wpacli) is not installed as default on most, Android devices. My Galaxy S running CM10 contains it though.

1. Wpa Cli Commands

wpa_cli: WPA command line client

Command to display wpa_cli manual in Linux: $ man 8 wpa_cli

NAME

wpa_cli - WPA command line client

SYNOPSIS

wpa_cli [ -p path to ctrl sockets ] [ -g path to global ctrl_interface socket ] [ -i ifname ] [ -hvB ] [ -a action file ] [ -P pid file ] [ -G ping interval ] [ command ... ]

OVERVIEW

wpa_cli is a text-based frontend program for interactingwith wpa_supplicant. It is used to query current status, changeconfiguration, trigger events, and request interactive userinput.

wpa_cli can show the current authentication status, selectedsecurity mode, dot11 and dot1x MIBs, etc. In addition, it canconfigure some variables like EAPOL state machine parameters andtrigger events like reassociation and IEEE 802.1Xlogoff/logon. wpa_cli provides a user interface to requestauthentication information, like username and password, if theseare not included in the configuration. This can be used toimplement, e.g., one-time-passwords or generic token cardauthentication where the authentication is based on achallenge-response that uses an external device for generating theresponse.

The control interface of wpa_supplicant can be configured toallow non-root user access (ctrl_interface GROUP= parameter in theconfiguration file). This makes it possible to run wpa_cli with anormal user account.

wpa_cli supports two modes: interactive and commandline. Both modes share the same command set and the maindifference is in interactive mode providing access to unsolicitedmessages (event messages, username/password requests).

Interactive mode is started when wpa_cli is executed withoutincluding the command as a command line parameter. Commands arethen entered on the wpa_cli prompt. In command line mode, the samecommands are entered as command line arguments for wpa_cli.

INTERACTIVE AUTHENTICATION PARAMETERS REQUEST

When wpa_supplicant need authentication parameters, likeusername and password, which are not present in the configurationfile, it sends a request message to all attached frontend programs,e.g., wpa_cli in interactive mode. wpa_cli shows these requestswith 'CTRL-REQ-<type>-<id>:<text>'prefix. <type> is IDENTITY, PASSWORD, or OTP(one-time-password). <id> is a unique identifier for thecurrent network. <text> is description of the request. Incase of OTP request, it includes the challenge from theauthentication server.

The reply to these requests can be given withidentity, password, andotp commands. <id> needs to be copied fromthe matching request. password andotp commands can be used regardless of whetherthe request was for PASSWORD or OTP. The main difference between thesetwo commands is that values given with password areremembered as long as wpa_supplicant is running whereas values givenwith otp are used only once and then forgotten,i.e., wpa_supplicant will ask frontend for a new value for every use.This can be used to implement one-time-password lists and generic tokencard -based authentication.

Example request for password and a matching reply:

Example request for generic token card challenge-response:

COMMAND ARGUMENTS

-p path

Change the path where control sockets shouldbe found.

-g control socket path

Connect to the global control socket at theindicated path rather than an interface-specific controlsocket.

-i ifname

Specify the interface that is beingconfigured. By default, choose the first interface found witha control socket in the socket path.

-h

Help. Show a usage message.

-v

Show version information.

-B

Run as a daemon in the background.

-a file

Run in daemon mode executing the action filebased on events from wpa_supplicant. The specified file willbe executed with the first argument set to interface name andsecond to 'CONNECTED' or 'DISCONNECTED' depending on the event.This can be used to execute networking tools required to configurethe interface.

Additionally, three environmental variables are available tothe file: WPA_CTRL_DIR, WPA_ID, and WPA_ID_STR. WPA_CTRL_DIRcontains the absolute path to the ctrl_interface socket. WPA_IDcontains the unique network_id identifier assigned to the activenetwork, and WPA_ID_STR contains the content of the id_str option.

-P file

Set the location of the PIDfile.

-G ping interval

Set the interval (in seconds) at whichwpa_cli pings the supplicant.

command

Run a command. The available commands arelisted in the next section.

COMMANDS

The following commands are available:

LEGAL

wpa_supplicant is copyright (c) 2003-2019,Jouni Malinen <j@w1.fi> andcontributors.All Rights Reserved.

This program is licensed under the BSD license (the one withadvertisement clause removed).

SEE ALSO

wpa_supplicant(8)

Pages related to wpa_cli

• wpa_cli_selinux (8) - Security Enhanced Linux Policy for the wpa_cli processes
• wpa_action (8) - wpa_cli action script
• wpa_background (8) - Background information on Wi-Fi Protected Access and IEEE 802.11i
• wpa_gui (8) - WPA Graphical User Interface
• wpa_passphrase (8) - Generate a WPA PSK from an ASCII passphrase for a SSID
• wpa_priv (8) - wpa_supplicant privilege separation helper
• wpa_selinux (8) - Security Enhanced Linux Policy for the wpa processes
• wpa_supplicant (8) - Wi-Fi Protected Access client and IEEE 802.1X supplicant

Wpa Cli Commands

Linux man pages generated by: SysTutorials. Linux Man Pages Copyright Respective Owners. Site Copyright © SysTutorials. All Rights Reserved.